logo
For mortgage underwriting

Income documents are the last unverified layer in your file

Two digits changed on a W-2 can survive every downstream check you run today. Credit bureaus report, VOEs confirm employment, appraisers value the property — no one opens the PDF and checks whether it was edited after download.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered PDF, we’re the most specific tool for it.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

Mortgage Underwriting document fraud in 2026

Three real fraud mechanics we catch at the structural PDF layer.

01

Edited W-2s and 1099s

Wage and income boxes altered to meet qualification thresholds. The PDF prints identically — the structural layer records the edit.

02

Manipulated tax returns

Schedule C or Schedule E figures adjusted to show higher self-employment income. Table arithmetic and form-field metadata expose the modification.

03

Fabricated asset and gift letters

Bank letters showing inflated balances or fake gift sources. Producer signatures and letterhead structure expose tools used to create them.

The scale of the problem

$11B+
in annual mortgage application fraud exposure (U.S.)
Top 3
fraud categories involve income or asset document tampering
~3 sec
per document verification via API

The verification gap

KYC platforms verify the document. HTPBE verifies the file.

Two different checks — both matter.

Credit bureaus verify reported balances, not the PDF on the applicant’s desk. Verification-of-Employment services call the employer — they don’t examine the pay stub uploaded to the loan file. AUS engines (DU, LP) evaluate the data; they don’t evaluate document integrity. HTPBE closes the structural-PDF gap that sits between intake and downstream verification.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo
How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 5-layer breakdown
Document types

PDF document types we verify for mortgage underwriting

Every type listed below is analyzed at the structural file layer — not the rendered image.

Bank statement PDFW-2 PDF1099 PDFTax return PDFEmployment verification letter PDFAsset statement PDFGift letter PDFHUD-1 / closing disclosure PDF
What HTPBE checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Form-field and table arithmetic

IRS forms and payroll reports have internal consistency requirements. Edits break the arithmetic.

Incremental update trail

Any post-export save produces a structural signature in the xref and trailer chain.

Producer signature match

IRS e-file, ADP, Workday, and bank portals produce recognizable signatures. Edits or re-saves change them.

Font subset prefix divergence

Documents rendered in multiple sessions show font subset drift across pages — a fingerprint of multi-session editing.

Text layer consistency

Replaced text in images causes text/raster layers to stop agreeing.

Signature verification

Digitally signed forms are checked for post-signature modifications.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

No. D1C and asset-verification services validate data against the source. HTPBE validates the document the borrower submitted. When D1C is available, use it. For the documents D1C doesn’t cover — or when verifying documents before submission — HTPBE tells you whether the file was edited after creation.

Yes. The API is stack-agnostic. Most mortgage platforms expose a webhook or custom action point where an outbound HTTPS call can run on document upload. The verdict flows back into the file as a note or field.

Scanned paper documents are raster images; structural analysis has less to work with. Best results come from digitally generated or digitally signed PDFs. For scan-heavy files, use HTPBE alongside tools that specialize in image-layer forensics.

Document fraud is a leading driver of repurchase demands from GSEs and investors. An audit trail showing that every income and asset document was structurally verified at origination strengthens your defense against buyback claims.

Related

Related solutions and guides

Solution

Alternative Lending

Same income-document forensics, applied to alt-lending, MCA, and BNPL pipelines.

Read more
Solution

Tenant Screening

Pay stub and bank statement verification for rental applications.

Read more
Technical guide

Bank Statement Fraud Detection

Technical walk-through of structural markers in edited bank statements.

Read more

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs