logo
Free PDF Check

PDF Tamper Detection — Find Out If Your Document Was Altered

Built for fraud ops at lending, insurance & compliance teams

HTPBE? is a PDF modification detection tool that identifies whether a document was altered after creation — free in the browser, with an API for automated workflows. Used to detect altered invoices, forged contracts, and tampered certificates. Receiving a PDF and have no original to compare against? See the no-original-file workflow.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

What PDF Tamper Detection Looks For

Three real fraud mechanics we catch at the structural PDF layer.

01

Timestamp anomalies — the most common tampering signal

A PDF carries internal creation and modification dates. When the modification date follows the creation date by days or months on a document that should never have changed, this is the first and most common sign of tampering.

02

Known editing tool in the producer field

The PDF records which software last processed it. When the producer field shows a tool designed exclusively for editing existing PDFs — such as iLovePDF, PDF24, or Smallpdf — rather than the original document application, this is a strong indicator the file was modified after creation.

03

Incremental revision layers

PDF editors often append changes to a file rather than rewriting it. This leaves multiple revision layers that are invisible in a PDF viewer but detectable through structural analysis. Each additional layer represents a post-creation edit.

04

Removed or invalidated digital signature

A digital signature cryptographically locks a document’s contents. If a signed document is later modified, the signature becomes invalid. If the signature was removed entirely after tampering, that absence is itself evidence of forgery.

05

Producer mismatch across document generations

Genuine documents come from a single known producer — a bank portal, accounting system, payroll service, or IRS e-file. When the producer field in the PDF does not match the claimed source, the file was re-saved through an editing tool after its original issuance.

06

Font subset drift across pages

When a PDF is edited in multiple sessions — or pages are assembled from different source files — the font subset prefixes diverge between pages. This is invisible to a reader but a clean structural signal of composite or multi-session editing.

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

The PDF claims to come from one tool but the binary structure points to another. The first signal of post-export editing.

Incremental update trail

Every save after the original creates an incremental update. Long chains mean multiple editing sessions on the same file.

Multiple xref tables

Each editing session adds a new cross-reference table. Genuine institutional PDFs have one. Tampered PDFs have several.

Modification timestamp gap

A real PDF has matching CreationDate and ModDate. Months between them is a high-confidence forgery signal.

Digital signature validation

When a digital signature exists, we verify the coverage map. Modifications after signing return certain-confidence verdicts.

Font and object consistency

Edited text introduces new font subsets or objects with origin patterns inconsistent with the rest of the document.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

What is PDF tamper detection?

PDF tamper detection is the process of analyzing a PDF document’s internal data to determine whether it was modified after its original creation. It examines metadata timestamps, file structure revision history, digital signature integrity, and application fingerprints to identify signs of tampering.

Can I just check if this PDF was edited?

Yes. Upload the PDF using the checker above and the tool returns INTACT or MODIFIED in under 3 seconds, with a plain-language list of every finding. No account, no software, no cost — just the verdict on whether the document was edited after it was created.

How do I know if a PDF has been tampered with?

Upload it to HTPBE?. The tool analyzes the PDF’s internal metadata, file structure, revision history, and digital signatures — all in under 3 seconds. If the file was modified after creation, the analysis returns a “modified” status with a plain-language list of specific findings.

Can PDF tamper detection catch all types of tampering?

No automated tool catches everything. HTPBE? reliably detects the most common tampering methods — metadata editing, incremental updates, signature removal — but sophisticated forgeries that rewrite the entire file from scratch may not leave detectable traces.

Is PDF tamper detection free?

Yes. The web tool is completely free with no upload limits. No account required. API access for automated tamper detection workflows starts at $15/month.

How do teams use PDF tamper detection in production?

The most common integration is a pre-fraud detection step at document intake. When an applicant, vendor, or claimant uploads a PDF, the API returns a structured verdict before the document reaches a human reviewer. Lenders use it on bank statements and payslips. AP teams use it on vendor invoices. Claims ops use it on repair invoices and medical bills. Every verdict is deterministic with named structural markers suitable for an audit trail.

Does tamper detection work alongside existing KYC, OCR, or AP platforms?

Yes — it is designed to be additive. Identity-fraud-detection platforms (Persona, Onfido, Alloy) check the person. OCR platforms extract data. AP automation routes invoices. None of them analyze the structural integrity of the PDF itself. HTPBE? adds that layer at the document level without replacing any existing workflow.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →