Employees don’t forge receipts anymore.They regenerate them
A modified PDF looks identical to the original. Employees use receipt generators and edited hotel folios to inflate expense claims. The file structure records every edit — even when the rendered page looks perfect.
HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
Expense Reimbursement document fraud in 2026
Three real fraud mechanics we catch at the structural PDF layer.
Regenerated restaurant receipts
A template or generator produces a plausible receipt for a meal that never happened — or with inflated totals. Producer signatures expose the generator.
Altered hotel folios
Real hotel folios with room rates, dates, or extras modified. Structural edits are recorded even when the content looks unchanged.
Fabricated mileage logs and per-diem claims
Self-produced PDFs with inflated distances or days. Font consistency and object layout betray the production tool.
The scale of the problem
The verification gap
KYC platforms verify the document. HTPBE verifies the file.
Two different checks — both matter.
T&E platforms (Concur, Expensify, Ramp, Brex) use OCR to extract amounts and categories. They don’t check whether the PDF was edited after creation. Policy rules catch category violations and duplicates, not document tampering. HTPBE adds structural verification at the document layer.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
PDF document types we verify for expense reimbursement
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature match
Real merchant and platform exports have recognizable producer signatures. Generator tools and editors leave different ones.
Incremental update detection
Any post-export edit produces a structural fingerprint in the xref chain.
Arithmetic consistency
Line items, taxes, and totals are checked for internal reconciliation.
Font subset prefix divergence
Multi-session edits leave page-to-page font subset shifts.
Text vs. raster layer agreement
Text edits on rasterized documents break agreement between the text and image layers.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
Forwarding an email attachment doesn’t edit the PDF. The PDF’s file structure only changes when the file is re-saved through a tool. Forwarded originals return INTACT.
AI-generated receipts carry distinct structural fingerprints — producer signatures, font subsets, object layouts — that differ from authentic merchant exports. HTPBE flags them as non-authentic.
Yes. The API is stack-agnostic — any T&E platform that accepts PDF uploads and can make an outbound HTTPS call can integrate via webhook or pre-processing.
Raster photos have no PDF structure to analyze. PDFs produced by a scanner or mobile scanning app still work if the app generates an authentic digital export. Pair with image-forensics tooling for pure photo flows.
Related solutions and guides
Invoice Fraud
B2B invoice tampering — same structural forensics, different document set.
Accounts Payable Fraud
Vendor-side fraud: bank-detail swaps, forged W-9s, supplier onboarding.
Fake Document Detection
Technical overview of structural fake-document detection.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.