MYOB Payslip Fraud Detection — Catch Fake AU Payroll PDFs
A real MYOB payslip can be edited and re-saved with a higher gross — and we catch the edit. Property managers in Sydney and Melbourne, lenders, and pre-employment screeners see MYOB payslips treated as the trusted standard. Most pass visual review without question. Applicants who know that fact edit the original and bump the gross — and we catch the re-save trail regardless of which editor was used. We also catch the batch-creation pattern when "January through June" payslips arrive timestamped within minutes of each other.
htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We catch tampering, re-saves, and Word/Excel-fabricated payslips that mimic MYOB’s layout. We do NOT detect a genuine fresh MYOB export — even if the trial-account "employer" behind it does not exist. For that case, pair htpbe? with Open Banking income verification or ABN lookups.
When htpbe? returns INCONCLUSIVE on a MYOB payslip, that’s itself a fraud signal in this context — real MYOB exports always carry the MYOB producer signature; INCONCLUSIVE means the file does not look like a genuine MYOB export.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
How tampered and fabricated MYOB-style payslips actually look
Three real fraud mechanics we catch at the structural PDF layer.
Real MYOB export edited after download
Genuine MYOB payslip downloaded by an actual employee, opened in any PDF editor or spreadsheet, gross bumped or deductions reduced, exported as PDF. The producer field changes from MYOB to whichever tool was used, and the xref chain shows an incremental update. Visible structural evidence the file was edited after MYOB issued it.
Word/Excel-fabricated payslip mimicking MYOB layout
A payslip authored in Microsoft Word or Excel using a MYOB-style template lifted from screenshots — never actually exported from MYOB. The producer field is Word or Excel rather than MYOB AccountRight or Essentials, and the structural metadata real MYOB exports carry is missing. A clean producer-mismatch flag.
Batch of "monthly" payslips created in one session
Six monthly payslips for January through June, all carrying creation timestamps within minutes of each other and identical font subset prefixes. Real monthly issuance produces dates a month apart. Cross-document timestamp clustering exposes the batch.
The scale
Why your existing checks miss this
STP shows real employers. Property managers cannot query STP.
And applicants who fabricated the employer would not pass an STP check anyway.
ATO Single Touch Payroll captures every legitimate Australian payroll submission — but private property managers, lettings agents, and lenders cannot query it on behalf of an applicant. Open Banking-style income verification (Basiq, Frollo) works only when the applicant agrees to connect — fabricated-employer applicants rarely do. htpbe? catches the MYOB payslip the applicant uploaded, regardless of whether STP or banking access is available — standalone, no MYOB API, no ATO lookup.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
MYOB payslips and adjacent income-proof PDFs we check
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature mismatch
Authentic MYOB payslips carry MYOB AccountRight or MYOB Essentials producer signatures. When the producer is Microsoft Excel, LibreOffice, Microsoft Word, Chrome Headless, or a generic PDF library, the document was not exported by MYOB — it was edited or fabricated on a desktop using a layout that resembles MYOB.
Incremental update trail
A clean MYOB export has one cross-reference table. Re-saves through Excel or PDF editors append a second xref — visible structural evidence of post-export editing.
Gross-to-net arithmetic
Line arithmetic across the payslip (Gross → tax → super → net) is verified row by row. Edited gross figures break the chain unless every dependent field is also adjusted — which fraudsters routinely miss.
Cross-payslip timestamp clustering
When multiple "monthly" payslips arrive together, the API surfaces creation timestamps for each. Real monthly issuance produces dates a month apart; batch-generated sets cluster within minutes. Combined with identical font subset prefixes, the batch pattern is unambiguous.
Modification timestamp gap
A real payslip from March has CreationDate ≈ ModDate in March. A six-month gap on a "freshly issued" payslip is a high-confidence flag for post-export editing.
Font subset divergence
Multi-session edits leave font subset prefix shifts across pages. Single-session legitimate exports have consistent subsets.
Two HTTP calls to verify any MYOB payslip
Buyers can skip this section — developers, the integration is two HTTP calls.
Step 1 — submit the PDF
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer $HTPBE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-storage/applicant-payslip-myob.pdf"}'Step 2 — read the verdict
{
"id": "m1y2o3b4-5p6q-7r8s-9t0u-v1w2x3y4z5a6",
"status": "modified",
"modification_confidence": "high",
"modification_markers": [
"Spreadsheet producer detected (Microsoft Excel)",
"Two cross-reference tables — incremental update",
"Modification date 4 months after creation date"
],
"producer": "Microsoft Excel",
"creator": "MYOB AccountRight (original)",
"creation_date": 1696464000,
"modification_date": 1707350400,
"has_digital_signature": false,
"xref_count": 2,
"has_incremental_updates": true
}Original came from MYOB AccountRight in October. Then four months later it was opened in Microsoft Excel and re-saved — adding a second xref table. Verdict: modified at high confidence. The applicant edited the payslip after the genuine export.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
intact for that file. A fresh PDF really exported by MYOB — even from a trial account spun up to fabricate an employer — carries the legitimate MYOB producer signature and no edit trail. We can only detect edits to PDFs and fabrications without payroll producer signatures. For trial-account fraud, pair htpbe? with Open Banking (Basiq, Frollo) to verify income against the applicant’s actual bank account, or with ABN Lookup to verify the employer entity. htpbe? handles the file; those tools handle the entity.modified with a producer-mismatch flag. The Word-authored fake payslip lacks the MYOB producer signature and the structural metadata real MYOB exports carry, so the verdict is unambiguous.Related solutions and guides
Tenant Screening
Payslip + bank statement forensics for AU property managers and tenant-referencing platforms.
Xero Payslip Fraud Detection
Sister page — same forensics for the Xero free-trial fake-payslip pattern.
Fake Super Statement Detection
Australian superannuation statements, the second proof of income most letting agents ask for.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.