Your AP pipeline processes thousands of invoices monthly. One altered bank detail routes a wire to a criminal
AP teams are the last line of defense against invoice fraud and business email compromise. By the time finance notices, the money is gone. HTPBE verifies every inbound PDF before it hits the approval queue.
HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
Accounts Payable document fraud in 2026
Three real fraud mechanics we catch at the structural PDF layer.
Bank-detail swap on a legitimate invoice
A vendor’s real invoice is intercepted and re-saved with a new IBAN or account number. The PDF prints identically; the file structure records the edit.
Forged W-9 or supplier onboarding form
A fraudster submits a W-9 or onboarding form impersonating a real vendor. Producer signatures and object layouts reveal the document was never issued by the claimed source.
Fabricated bank account change request
A change-of-details PDF claiming to come from a known vendor. Structural forensics catches the forgery before the master data update.
The scale of the problem
The verification gap
KYC platforms verify the document. HTPBE verifies the file.
Two different checks — both matter.
AP automation and OCR read what’s on the page. Email-security filters catch malicious attachments and spoofed senders — they don’t inspect PDF structure. Three-way match ensures the amount matches the PO and receipt; it doesn’t catch a swapped bank account. HTPBE adds the structural-integrity layer at document intake.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
PDF document types we verify for accounts payable
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Incremental update trail
Detects post-creation edits — the signature of most BEC and invoice tampering attacks.
Producer signature validation
Authentic accounting and banking exports carry recognizable producer signatures. Re-saves and editors change them.
Arithmetic reconciliation
Line items, tax, and totals are checked for internal consistency.
Font and object layout consistency
Edited fields and injected objects produce detectable font subset prefix shifts and object-number anomalies.
Signature verification
Digitally signed onboarding forms are checked for post-signature modifications.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
OCR extracts data; it doesn’t verify the document wasn’t edited. The two are complementary — OCR feeds your AP workflow, HTPBE confirms each PDF hasn’t been tampered with before the payment is approved.
Legitimate re-exports from known accounting systems (QuickBooks, Xero, SAP, NetSuite) produce a clean producer signature with no incremental update trail — these return INTACT. Modifications after export are what get flagged.
It closes the last-mile document attack. Most BEC fraud hinges on a swapped payment detail on an otherwise familiar invoice. HTPBE detects the swap at the structural layer where visible appearance can’t hide it.
Yes. The API is stack-agnostic — any platform that accepts PDFs and can make an outbound HTTPS call can integrate via a pre-verification hook.
Related solutions and guides
Invoice Fraud
Same vector from a fraud-ops angle — vendor invoices, BEC, payment fraud.
Expense Reimbursement
Employee-side fraud: regenerated receipts, altered hotel folios.
Invoice Tampering Detection
Technical deep-dive on structural markers in altered invoices.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.