logo
Free PDF Check

PDF Tamper Detection — Find Out If Your Document Was Altered

Built for fraud ops at lending, insurance & compliance teams

HTPBE? is a PDF modification detection tool that identifies whether a document was altered after creation — free in the browser, with an API for automated workflows. Used to detect altered invoices, forged contracts, and tampered certificates. Receiving a PDF and have no original to compare against? See the no-original-file workflow.

~3 sec
per document
61 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

What PDF Tamper Detection Looks For

Three real fraud mechanics we catch at the structural PDF layer.

01

Timestamp anomalies — the most common tampering signal

A PDF carries internal creation and modification dates. When the modification date follows the creation date by days or months on a document that should never have changed, this is the first and most common sign of tampering.

02

Known editing tool in the producer field

The PDF records which software last processed it. When the producer field shows a tool designed exclusively for editing existing PDFs — such as iLovePDF, PDF24, or Smallpdf — rather than the original document application, this is a strong indicator the file was modified after creation.

03

Incremental revision layers

PDF editors often append changes to a file rather than rewriting it. This leaves multiple revision layers that are invisible in a PDF viewer but detectable through structural analysis. Each additional layer represents a post-creation edit.

04

Removed or invalidated digital signature

A digital signature cryptographically locks a document’s contents. If a signed document is later modified, the signature becomes invalid. If the signature was removed entirely after tampering, that absence is itself evidence of forgery.

05

Producer mismatch across document generations

Genuine documents come from a single known producer — a bank portal, accounting system, payroll service, or IRS e-file. When the producer field in the PDF does not match the claimed source, the file was re-saved through an editing tool after its original issuance.

06

Font subset drift across pages

When a PDF is edited in multiple sessions — or pages are assembled from different source files — the font subset prefixes diverge between pages. This is invisible to a reader but a clean structural signal of composite or multi-session editing.

61 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

The PDF claims to come from one tool but the binary structure points to another. The first signal of post-export editing.

Incremental update trail

Every save after the original creates an incremental update. Long chains mean multiple editing sessions on the same file.

Multiple xref tables

Each editing session adds a new cross-reference table. Genuine institutional PDFs have one. Tampered PDFs have several.

Modification timestamp gap

A real PDF has matching CreationDate and ModDate. Months between them is a high-confidence forgery signal.

Digital signature validation

When a digital signature exists, we verify the coverage map. Modifications after signing return certain-confidence verdicts.

Font and object consistency

Edited text introduces new font subsets or objects with origin patterns inconsistent with the rest of the document.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

What is PDF tamper detection?

PDF tamper detection is the process of analyzing a PDF document’s internal data to determine whether it was modified after its original creation. It examines metadata timestamps, file structure revision history, digital signature integrity, and application fingerprints to identify signs of tampering.

Can I just check if this PDF was edited?

Yes. Upload the PDF using the checker above and the tool returns INTACT or MODIFIED in under 3 seconds, with a plain-language list of every finding. No account, no software, no cost — just the verdict on whether the document was edited after it was created.

How do I know if a PDF has been tampered with?

Upload it to HTPBE?. The tool analyzes the PDF’s internal metadata, file structure, revision history, and digital signatures — all in under 3 seconds. If the file was modified after creation, the analysis returns a “modified” status with a plain-language list of specific findings.

Can PDF tamper detection catch all types of tampering?

No automated tool catches everything. HTPBE? reliably detects the most common tampering methods — metadata editing, incremental updates, signature removal — but sophisticated forgeries that rewrite the entire file from scratch may not leave detectable traces.

Is PDF tamper detection free?

Yes. The web tool is completely free with no upload limits. No account required. API access for automated tamper detection workflows starts at $15/month.

How do teams use PDF tamper detection in production?

The most common integration is a pre-fraud detection step at document intake. When an applicant, vendor, or claimant uploads a PDF, the API returns a structured verdict before the document reaches a human reviewer. Lenders use it on bank statements and payslips. AP teams use it on vendor invoices. Claims ops use it on repair invoices and medical bills. Every verdict is deterministic with named structural markers suitable for an audit trail.

Does tamper detection work alongside existing KYC, OCR, or AP platforms?

Yes — it is designed to be additive. Identity-fraud-detection platforms (Persona, Onfido, Alloy) check the person. OCR platforms extract data. AP automation routes invoices. None of them analyze the structural integrity of the PDF itself. HTPBE? adds that layer at the document level without replacing any existing workflow.

How can I tell if a PDF has been edited?

Upload the file to the checker above. HTPBE? reads the document’s internal metadata, file structure, revision layers, and digital signatures and returns INTACT or MODIFIED in under 3 seconds, with a plain-language list of every finding. You don’t need the original file to compare against — the analysis is one-sided, using only evidence inside the PDF itself.

How do I check if a PDF was edited for free?

The web checker on this page is completely free, with no account and no upload limit. Drop any PDF up to 10 MB onto it and you get a clear verdict on whether the file was edited after it was created. Nothing is stored.

Can I check if a PDF was edited online?

Yes. HTPBE? runs entirely in the browser flow — there is no software to install. Upload the PDF here, wait a few seconds, and read whether the document was modified after creation, along with the specific signals that fired.

Can you tell if a PDF has been edited without the original?

Yes. HTPBE? does not compare your file to a reference copy. It examines internal evidence — metadata timestamps, structural revision layers, application fingerprints, and signature state — that lives inside the single PDF you upload. That is why it works even when you only have the file someone sent you.

How do I know if a PDF was modified after it was created?

A PDF carries internal creation and modification timestamps and a record of which software last processed it. When those signals disagree with each other — or with the document’s claimed source — the file was changed after it was first produced. Upload it above and HTPBE? surfaces exactly which signals diverged.

How do I check when a PDF was last modified?

Every PDF stores a modification date in its metadata. The free metadata viewer and the tamper checker both read it for you. Be careful, though: the modification date is itself easy to rewrite, so a clean date alone does not prove a file is untouched — that is why HTPBE? cross-checks it against structural evidence rather than trusting the timestamp on its own.

Can a PDF be edited without leaving a trace?

Most everyday edits — made with consumer PDF editors, spreadsheet round-trips, or online tools — leave structural traces that HTPBE? detects. A determined forger who rebuilds the entire file from scratch can sometimes produce a document with no editing trace, but that requires real technical effort; the overwhelming majority of real-world tampering uses the common methods this checker is built to catch.

How do I tell if a PDF was changed after it was signed?

A digital signature cryptographically locks the document’s contents at the moment of signing. If the file is altered afterwards, the signature breaks — and if it was stripped out entirely after tampering, that absence is itself evidence. HTPBE? checks both: modifications after signing and signature removal are among the highest-confidence verdicts it returns.

Does a PDF keep an edit history?

Not a human-readable one, but PDF editors often append each change as a new revision layer rather than rewriting the file. Those layers are invisible in a normal PDF viewer yet detectable through structural analysis. HTPBE? counts them and reports when a document carries more revision layers than a genuine original should.

How can I tell if someone edited a PDF I received?

Upload the file you received to the checker above — you don’t need anything from the sender. HTPBE? returns whether the document was modified after its original creation and lists the named structural markers behind the verdict, so you have something concrete to act on.

How do I check if a scanned PDF was edited?

Scanned and print-to-PDF documents are analyzed at the structural layer like any other file. HTPBE? flags signs that a scan was re-processed through an editing tool after it was produced. Note that a pure scan can only ever reach an INTACT-or-inconclusive ceiling at the content level — the structural check tells you whether the file itself was touched after scanning.

How do I tell if a PDF was edited in Photoshop or Illustrator?

Design tools leave their own fingerprint in the PDF’s producer and creator fields. When an institutional-looking document carries a graphics-editor fingerprint instead of the application that should have produced it, HTPBE? flags the mismatch. Upload the file above to see whether that signal is present.

How do I check if a bank statement PDF was edited?

Bank statements are the most-faked document type, so this is one of the most common uses of the checker. Upload the statement and HTPBE? reports whether it still carries the fingerprint of a bank’s core system or whether it was rebuilt in a spreadsheet or re-saved through an editing tool after issuance.

How do I tell if a PDF invoice was edited?

Upload the invoice above. HTPBE? checks whether a single field — an amount, a date, or a payment line — was altered after the invoice was first generated, the pattern behind most invoice and business-email-compromise fraud. The verdict comes with named markers suitable for an audit trail.

What does it mean when a PDF says it was modified?

A MODIFIED verdict means HTPBE? found structural evidence that the file was changed after its original creation — for example a post-signing edit, a removed signature, disagreeing internal dates, or an editing-tool fingerprint. It does not by itself say the document is fraudulent; it tells you the file is not the untouched original, which is your signal to review it more closely.

Can I check if a PDF was edited on a Mac, iPhone, or Android?

Yes. The checker is browser-based and works on any device — desktop or mobile. Open this page, upload the PDF, and read the verdict. There is nothing to download.

Can I detect edited PDFs automatically, in bulk?

Yes. The same analysis behind this free checker is available as a REST API: send a PDF URL, get back a structured verdict with named modification markers. Teams wire it into document-intake pipelines so every uploaded file is checked before a human sees it. API access starts at $15/month.

Will the result tell me which part of the PDF was edited?

HTPBE? tells you that the file was modified and which structural markers fired — for instance a post-signing edit or a producer mismatch. It does not highlight the exact pixel or word that changed; structural forensics establishes that tampering occurred, which is what a reviewer needs before deciding to reject or escalate a document.

Can I trust the modification date shown in a PDF?

Not on its own. The modification date is part of the metadata, and metadata is one of the easiest things to rewrite — a clean date proves nothing by itself. HTPBE? treats the date as one signal among many and cross-checks it against structural evidence that is far harder to forge.

Is checking whether a PDF was edited really free?

Yes. The web checker is free with no upload limit and no account required, and nothing you upload is stored. Paid plans exist only for the automated API, starting at $15/month — the manual, one-file-at-a-time check on this page stays free.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →