The invoice came from a vendor you’ve paid for three years. One field was changed before it reached you
Invoice fraud rarely looks like fraud. A familiar vendor, a familiar layout, one edited bank account line. By the time the wire clears, the payment is gone.
HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
Invoice Fraud document fraud in 2026
Three real fraud mechanics we catch at the structural PDF layer.
Swapped payment details
An intercepted or copied invoice is re-saved with a new bank account, IBAN, or routing number. The layout is identical — the file structure now carries an edit trail.
Inflated amounts
Line items or totals modified to skim additional funds. Arithmetic across subtotal, tax, and total lines stops reconciling when one figure is changed.
Fabricated supplier brand
A PDF that mimics a real vendor’s branding but was never issued by them. Producer metadata, font subsets, and layout consistency expose the forgery.
The scale of the problem
The verification gap
KYC platforms verify the document. HTPBE verifies the file.
Two different checks — both matter.
OCR-based AP automation reads what the PDF shows. It doesn’t know whether the PDF was edited. Vendor-verification databases flag unknown suppliers; they say nothing about a known supplier’s invoice being tampered with in transit. HTPBE reads the file structure itself — the layer that records every modification regardless of how the content looks.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
PDF document types we verify for invoice fraud
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Arithmetic reconciliation
Line-item totals, tax, and grand totals are checked for internal consistency — one altered figure breaks the chain.
Incremental update detection
Any save after the original export creates a detectable update section in the PDF structure, even when the edit was one character.
Producer field mismatch
Authentic accounting software (QuickBooks, Xero, SAP, NetSuite) leaves a known producer signature. Re-saves through editors change it.
Object and font consistency
Edited objects and injected text reveal themselves through font subset prefix shifts and object-number anomalies.
Signature and timestamp checks
If the invoice was digitally signed, we verify the signature state and flag modifications applied after signing.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
We detect structural modifications. Benign re-saves (for example, a vendor re-exporting after a typo fix) will be flagged as MODIFIED, not INTACT. The verdict is deterministic and paired with named markers, so your review team can decide what to do with each case.
OCR reads what’s visible. It cannot tell whether the PDF was edited after creation. HTPBE ignores the content and analyzes the file structure. Both are useful — OCR extracts, HTPBE verifies integrity.
It closes the last-mile attack. Most BEC fraud ends with a swapped payment detail on an otherwise legitimate invoice. HTPBE detects the swap at the structural layer, where the edit is recorded regardless of visible appearance.
That’s still fine. An original export from a known accounting tool produces a recognizable producer signature and no incremental update trail. Fresh authentic exports return INTACT.
Related solutions and guides
Accounts Payable Fraud
Same vector, AP-team angle: vendor onboarding, bank-detail change requests, W-9 forgeries.
Expense Reimbursement
Employee-facing receipt fraud — regenerated restaurant receipts, inflated hotel folios.
Invoice Tampering Detection
Technical walk-through of the structural markers that expose invoice edits.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.