A fabricated offer letter is cheap. A fraudulent hire is not
Reference letters, prior offer letters, and employment verification PDFs pass visual background checks every day. Structural forensics catches the edits that are invisible to the eye — before the candidate is onboarded.
HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
HR & Hiring document fraud in 2026
Three real fraud mechanics we catch at the structural PDF layer.
Fabricated offer letters from prior employers
Self-produced PDFs mimicking an old employer’s letterhead to claim inflated compensation or tenure. Producer signatures and layout consistency expose the forgery.
Altered reference and employment letters
Real letters with titles, dates, or compensation figures modified. Incremental update detection catches the change.
Edited salary certificates and employment verification
Income or employment figures adjusted to pass HR screening thresholds. Font subsets and object layout betray the edit.
The scale of the problem
The verification gap
KYC platforms verify the document. HTPBE verifies the file.
Two different checks — both matter.
Background-check platforms verify employment history against employer databases — when the employer exists and responds. Document uploads are typically reviewed visually, and a well-made edit passes. HTPBE adds a structural-integrity check for every PDF submitted during hiring, independent of employer verification.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
PDF document types we verify for hr & hiring
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature validation
Authentic corporate exports carry recognizable producer signatures. Self-produced or re-saved PDFs don’t match.
Incremental update detection
Any post-creation edit leaves a structural fingerprint.
Font and object consistency
Edited fields produce detectable font subset prefix shifts and object-layout anomalies.
Signature verification
Digitally signed letters are checked for post-signature modifications.
Text layer vs. raster agreement
Replaced text in rendered documents breaks agreement between text and visual layers.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
Background-check services verify employment, education, and criminal history against databases and employer responses. HTPBE verifies the PDFs a candidate uploads at the structural layer. They complement each other — background check handles the facts, HTPBE handles the documents.
For digital PDFs, yes — the structural layer reveals edits and non-authentic exports. For scanned or photographed diplomas, results depend on the source material; structural analysis is weaker on pure rasters.
Yes. The API is stack-agnostic. Any ATS that accepts uploaded PDFs and can make an outbound HTTPS call can integrate via webhook or custom action.
A scan-to-PDF workflow typically produces a clean scanner export with no incremental update trail — that returns INTACT. Edits applied after scanning are what get flagged.
Related solutions and guides
KYC & Onboarding
Compliance-adjacent onboarding — proof of address, bank letters, corporate docs.
Legal Contracts
Post-signing contract integrity — modifications after signature.
Fake Document Detection
Technical overview of fake-document detection at the structural layer.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.