Modifications after signature look the same on paper.The PDF structure doesn’t lie
An executed contract returned by the counterparty should match what was signed. Structural forensics verifies the signature chain and flags any edit applied after signing — with deterministic certainty.
HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.
One REST call, one deterministic verdict
Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.
Legal Contracts document fraud in 2026
Three real fraud mechanics we catch at the structural PDF layer.
Silent post-signature edits
A counterparty signs, then modifies a clause or figure before the final PDF returns to you. Our signature-chain analysis detects the post-sign modification.
Removed digital signatures
A signed document with the signature stripped, presented as if re-signed. The signature-removal marker is deterministic.
Altered notarized or court-filed PDFs
Edits applied to notarized documents or filed PDFs after the notarization or filing timestamp.
The scale of the problem
The verification gap
KYC platforms verify the document. HTPBE verifies the file.
Two different checks — both matter.
E-signature platforms produce a signed PDF; they don’t re-verify that PDF later when it returns after a round trip. CLM systems track workflow state, not file integrity. Visual review cannot detect a modification applied between signing and return. HTPBE verifies the file itself, with deterministic markers for the three most decisive signals.
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
PDF document types we verify for legal contracts
Every type listed below is analyzed at the structural file layer — not the rendered image.
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Signature chain analysis
The PDF signature chain is validated end-to-end. Modifications after signing produce the certainty-level marker MODIFICATIONS_AFTER_SIGNATURE.
Signature-removal detection
Stripped or replaced signatures produce the certainty-level marker SIGNATURE_REMOVED.
Incremental update trail
Every edit after the signed state is recorded in the xref and trailer chain.
Producer signature validation
E-sign platforms (DocuSign, Adobe Sign, HelloSign) produce recognizable producer signatures. Alterations change them.
Date consistency
Creation and modification timestamps are cross-checked — differing dates produce the certainty-level marker DIFFERENT_DATES.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Frequently asked questions
Yes. E-sign platforms produce PDFs with recognizable signature chains. HTPBE verifies the chain and flags any modification applied after the signature event.
Any post-signature save produces an incremental update in the structure. For signed documents, this is treated as a modification after signing — the signature chain detects the change regardless of whether the visible content changed.
The response includes named structural markers suitable for an audit trail. Whether it qualifies as evidence in a specific jurisdiction is a legal question — most teams use it to support a forensic workflow rather than stand alone as evidence.
Yes. Even for unsigned PDFs, the incremental update trail records every save. Producer signature analysis also identifies re-saves through different tools. Signature-specific markers apply only to signed documents.
Related solutions and guides
HR & Hiring
Offer-letter and employment-contract integrity at onboarding.
KYC & Onboarding
Structural forensics for corporate and KYC-supporting documents.
Detect PDF Tampering
Technical walk-through of signature-chain and incremental-update detection.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.