Bank Statement Verification API
Detect fake and edited bank statements before they reach your underwriters. A single API call reveals whether a PDF was modified after export from the bank — catching balance changes, altered transactions, and fabricated statements that bypass visual review.
Why KYC template checks miss edited bank statements
According to Inscribe’s 2025 fraud report, 59% of all fraudulent documents detected across lending and fintech platforms are bank statements. The most common attack: a borrower downloads their real bank statement, opens it in Microsoft Excel, changes the account balance from $2,400 to $24,000, and uploads the PDF to your portal.
KYC platforms answer the question “Does this look like a real bank statement?” They verify template, logo, layout, and field positions. They do not answer “Was this specific PDF file modified after the bank generated it?” Both questions need answers. Most teams only ask the first.
HTPBE answers the second question. It analyzes the PDF’s binary structure for forensic evidence of post-export modification — regardless of how convincing the document looks visually. Read the full technical breakdown in our KYC PDF blind spot article.
Common bank statement fraud techniques
- 1Download real PDF statement from online banking
- 2Open in Microsoft Excel via “Open with” or import
- 3Change account balance, transaction amounts, or running totals
- 4Export to PDF — the result looks identical to the original
- 5Upload to loan application portal
- 6KYC template check passes — but binary structure changed
What the API detects in bank statement PDFs
Five forensic layers analyzed on every request
Spreadsheet producer fingerprint
Bank-generated PDFs are produced by core banking systems (Temenos, Finacle, FIS). A producer field showing “Microsoft Excel” or “LibreOffice Calc” means the PDF was exported from a spreadsheet — a primary indicator of fabrication.
Multiple xref tables
An authentic bank statement export has one cross-reference table. Additional tables mean the file was opened and re-saved in an editor after the original export — the most common structural sign of tampering.
Incremental update chain
PDF editors append changes as incremental updates rather than rewriting the file. HTPBE counts the update chain — a bank statement with two or more incremental updates was almost certainly processed by an editing tool.
Creation and modification date gap
The ModDate metadata field updates automatically when a PDF is edited. If ModDate is hours or days after CreationDate on a statement that should have been generated in a single batch export, the file was modified after creation.
Font inconsistency from conversion
Converting a spreadsheet to PDF and then editing the result often introduces font subsets that are inconsistent with the document’s claimed origin. HTPBE’s content layer detects mixed font provenance.
Missing institutional metadata
Authentic bank PDF exports contain structured metadata embedded by core banking software. Statements created from scratch in Excel and exported to PDF lack this metadata structure, which is itself a signal.
Built for KYC, lending, and fintech teams
Integrate into your loan origination or onboarding workflow
Detect balance amounts changed in Excel before re-export to PDF — for example, $2,400 inflated to $24,000
Flag bank statements where the producer field reveals a spreadsheet tool, not bank software
Catch incremental updates that indicate the file was edited after export from the bank
Identify gaps between the creation date and modification date that indicate post-export editing
Integrate into your loan origination or KYC pipeline via a single REST call
Free web tool lets compliance teams verify suspicious statements manually without writing code
Integrate in minutes
Two calls: POST to analyze, GET to retrieve the result.
Step 1 — POST /v1/analyze
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-storage.com/bank-statement-march-2024.pdf"}'Step 2 — GET /v1/result/{id} — Excel-edited statement detected
{
"id": "a1b2c3d4-5e6f-7a8b-9c0d-e1f2a3b4c5d6",
"status": "modified",
"modification_confidence": "high",
"modification_markers": [
"Known PDF editing tool detected",
"Multiple cross-reference tables (incremental updates)"
],
"producer": "Microsoft Excel",
"creator": "Microsoft Excel",
"creation_date": 1709280000,
"modification_date": 1709366400,
"has_digital_signature": false,
"xref_count": 3,
"has_incremental_updates": true
}The producer: “Microsoft Excel” in the response is the key signal: this PDF was generated by a spreadsheet, not a core banking system. Combined with xref_count: 3 and has_incremental_updates: true, the verdict is modified at high confidence.
Pricing
Self-serve plans. No sales call, no procurement process.
Starter
$15/mo
30 checks/mo
Manual spot-checks for low-volume lending teams
Growth
$149/mo
350 checks/mo
Active loan origination pipelines
Pro
$499/mo
1,500 checks/mo
High-volume KYC automation and fintech platforms
Enterprise (unlimited, on-premise available) — see full pricing and docs
Frequently Asked Questions
How is this different from KYC template verification?
KYC platforms verify whether a document looks like a real bank statement — correct layout, logos, fonts, field positions. HTPBE verifies whether this specific PDF file was modified after it was generated. Both checks address different attack vectors. Template verification catches documents that were never real. HTPBE catches real documents that were altered. You need both.
Can it detect Excel-edited bank statements?
Yes. When a fraudster exports a real statement to Excel, edits balances or transactions, and re-saves as PDF, the resulting file carries a Microsoft Excel producer fingerprint, typically has multiple xref tables, and shows a modification date shortly after creation. HTPBE surfaces all of these markers in the response, usually returning status: "modified" with modification_confidence: "high".
What does "inconclusive" mean for a bank statement?
A bank statement returns inconclusive when it was exported from consumer software — Microsoft Word, Google Docs, or similar — rather than from a core banking system. The file structure cannot verify integrity because these tools do not embed institutional metadata. This verdict is itself a risk signal: legitimate bank statements are not generated by Word. Treat inconclusive on a bank statement as a prompt for manual review.
What is the integration point in a loan application workflow?
The recommended integration point is immediately after document upload, before the underwriter review step. When an applicant uploads a bank statement, send the file URL to POST /v1/analyze, then poll GET /v1/result/{id}. If the verdict is modified or inconclusive, flag the application for manual review before it reaches the underwriter queue. This adds under 3 seconds to the processing time and eliminates a manual fraud check step.
Automate PDF Verification in Your Workflow
REST API with transparent pricing from $15/mo. Self-serve — no sales call required.
Free web tool available for manual checks. Test keys on all plans.