logo
Sponsor licence compliance

Home Office auditors open the file you kept — not the file you meant to keep

A sponsor licence depends on the evidence the Home Office finds in your records: sponsored worker payslips, contracts, qualification certificates, RTW evidence. When any of those PDFs were tampered before they reached your file, your B-rating, suspension, or revocation risk rises sharply. Read every PDF before it gets filed.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. Sponsor Management System (SMS) submissions and the Home Office sponsor portal remain primary; htpbe? catches tampering on the supporting PDF evidence you retain on file.

When htpbe? returns INCONCLUSIVE on sponsor-licence evidence, that’s itself a fraud signal in this context — real payslips, qualification certificates, and gov.uk-issued letters always come from institutional systems, never from a desktop tool.

How it looks

One REST call, one deterministic verdict

Upload the PDF. The API returns INTACT, MODIFIED, or INCONCLUSIVE with named markers — in about three seconds.

What this looks like

How fake and tampered sponsor-evidence PDFs actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Sponsored worker payslips backdated to fill a gap

Periods where the worker was paid below the salary on the Certificate of Sponsorship — or where there are no payslips at all — get filled with backdated PDFs. Payroll system producer signature, incremental update markers, and modification timestamps reveal the edits.

02

Qualification certificate fabricated

A sponsored worker’s claimed degree or professional qualification is fabricated using Word and a logo lifted from the institution’s site. The PDF is added to the personnel file. Producer field shows Microsoft Word; structural metadata of an institutional issuer is missing.

03

Right-to-Work supporting documents edited before retention

Share-code letters and supporting evidence are edited to align with the conditions you should have checked. The IDVT or gov.uk live check is intact — the retained PDF in your file is not. Annotation-layer changes and incremental updates expose the post-issuance edit.

The scale

B-rating
or revocation is the cost of unfit evidence at audit
~3 sec
per evidence PDF via API
Audit trail
every verdict produces named structural markers for the file

Why your existing checks miss this

SMS submissions verify what you reported. They do not verify the file.

On audit, the Home Office reviews your retained evidence — that file is what defends you.

The Sponsor Management System captures what you submitted to the Home Office. Real-time checks (gov.uk RTW, IDVT) handle the live identity step. But the audit is the auditor opening your retained PDFs — and if those PDFs were tampered before retention, the defence collapses regardless of what your live checks said. htpbe? runs at the moment of intake on every PDF that lands in your evidence file — standalone, no SMS API, no Home Office lookup.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo
How it works

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown
Document types

Sponsor-licence evidence PDFs we check

Every type listed below is analyzed at the structural file layer — not the rendered image.

Sponsored worker payslip PDFSponsored worker contract PDFQualification certificate PDFCoS supporting evidence PDFRight-to-Work share-code letter PDFIDVT result PDF (TrustID, Yoti, Onfido)P60 / P45 PDFHR records / training certificate PDF
What htpbe? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the evidence PDF

Authentic sponsored-worker payslips come from a UK payroll engine; qualification certificates from institutional issuers; share-code letters from gov.uk. When the producer is Microsoft Word, Excel, LibreOffice, or a generic PDF library, the document was authored or edited on a desktop.

Incremental update trail

Edits to dates, salaries, conditions, or signatures all leave incremental updates in the xref chain. Single-session legitimate exports have one xref; tampered files have two or more.

Modification date vs. claimed evidence period

When a payslip dated June 2023 has a ModDate of January 2024, the file was touched after the period it claims to cover — a high-confidence flag for backdated evidence.

Image-stream artefacts

Lifted logos and pasted signatures show JPEG/PNG compression mismatches with the surrounding document. Structural fingerprint of fabrication.

Annotation and form-field tampering

Annotation layer changes and form-field edits are tracked separately. Edited expiry dates or conditions on RTW evidence show structural traces.

Font subset divergence across pages

Multi-session edits or page reassembly leave font subset prefix shifts. Single-session legitimate exports have consistent subsets.

Integrate in minutes

Two HTTP calls to verify any sponsor-evidence PDF

Buyers can skip this section — developers, the integration is two HTTP calls.

Step 1 — submit the PDF

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer $HTPBE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage/sponsored-worker-payslip-jun2023.pdf"}'

Step 2 — read the verdict

{
  "id": "s1l2m3n4-5o6p-7q8r-9s0t-u1v2w3x4y5z6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Microsoft Excel producer detected",
    "Modification date 7 months after creation date",
    "Two cross-reference tables — incremental update"
  ],
  "producer": "Microsoft Excel",
  "creator": "BrightPay (original)",
  "creation_date": 1685577600,
  "modification_date": 1704067200,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

A payslip dated June 2023 was edited in Microsoft Excel seven months later — January 2024. Original came from BrightPay; the post-period edit shows in the xref chain. Verdict: modified at high confidence. Treat it as backdated evidence and pull the case.

Get your API key — free test keys includedFull API documentation

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

htpbe? produces a deterministic verdict (intact / modified / inconclusive) with named structural markers — suitable as an internal audit trail and supporting documentation. Whether a specific verdict carries weight in a Home Office compliance visit is a separate legal/compliance judgement; most sponsor-licence holders use htpbe? upstream to ensure no tampered PDFs ever reach their evidence file.
No. The statutory excuse for non-British/Irish citizens still requires the gov.uk share-code online check or an IDVT-vendor result for live identity verification. htpbe? inspects the supporting PDFs you retain — payslips, contracts, qualification certificates, RTW evidence — to confirm none were tampered between issuance and retention. Use both.
Yes. The API is stack-agnostic — any platform that accepts PDFs and can make an outbound HTTPS call can integrate. Most sponsor-licence holders run htpbe? as a pre-retention check at the moment a PDF lands in the evidence file.
A verdict of inconclusive means the file lacks the institutional metadata needed to determine integrity (typically a scan of a printed document, or an export through consumer software). For sponsor-licence evidence this is itself a signal — most legitimate sources produce clean institutional exports. Treat inconclusive as a prompt for manual review or a request for the original PDF.
htpbe? returns INCONCLUSIVE when an evidence PDF lacks the institutional metadata that genuine sponsor-licence documents carry — a payslip from a UK payroll engine, a qualification certificate from an RTO or university system, a share-code letter from gov.uk. The file was instead authored on a desktop with consumer software. In the sponsor-licence context, INCONCLUSIVE is itself a high-confidence fraud signal: legitimate evidence sources always produce institutional exports. Treat INCONCLUSIVE on any sponsor-licence evidence PDF as fraud-positive and do not file it — request the original document from the issuing source before the Home Office audit review.
Related

Related solutions and guides

Technical guide

Right to Work Document Fraud Detection

Sister page — RTW supporting documents that form part of the sponsor evidence file.

Read more
Technical guide

Fake P60 Detection

P60 / annual earnings PDFs — common evidence for salary-threshold compliance.

Read more
Technical guide

Fake P45 Detection

P45 leaver PDFs — termination evidence submitted in sponsor-licence files.

Read more
Solution

HR & Hiring

Pre-employment document fraud detection for HR teams operating under sponsor-licence regimes.

Read more

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs