logo
Free PDF Check

Contract Tamper Detection API

Built for fraud ops at lending, insurance & compliance teams

Detect altered contract terms, changed clauses, and post-signing modifications — whether the buyer calls the result a tampered contract or a fake one. Add forensic tamper detection to your contract management or e-signature platform: a single API call flags edited PDFs before execution.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones, including modifications applied after a signature. We don’t inspect holograms, phone photos, or ID biometrics, and we don’t replace e-signature platforms or notarisation services. If your fraud problem is a contract PDF altered after signing or fabricated alongside lifted signature images, we’re the most specific tool for it.

A properly e-signed contract should yield INTACT or MODIFIED-with-signature-broken — never INCONCLUSIVE. INCONCLUSIVE on a "signed" contract is itself a flag.

The problem

Contract fraud survives e-signature workflows

E-signature platforms check that a document was signed, not that it has not been modified since. A common attack: one party signs a contract, the other side opens the PDF in Adobe Acrobat, modifies a clause or payment term, and submits the altered version as the “executed” agreement.

In disputes, the altered contract is presented as legitimate. Without forensic analysis, it is difficult to prove which version was the original and which was modified. Digital signature bypass — where the signature page is preserved but content around it is changed — is especially hard to detect visually.

HTPBE? analyzes the binary structure of the PDF, not its visual content. It detects post-signature modifications with “certain” confidence — the highest verdict level in the system — making it suitable for pre-execution tamper checks and dispute investigation.

Common contract fraud patterns

  • Payment terms changed after signature (amount, due date, account)
  • Liability clause modified to shift risk
  • Signature page preserved, contract body replaced
  • Governing law or jurisdiction clause altered
  • Delivery obligations or SLA terms changed
  • Contract date back-dated to claim priority

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Payment terms changed after signature (amount, due date, account)

02

Liability clause modified to shift risk

03

Signature page preserved, contract body replaced

04

Governing law or jurisdiction clause altered

05

Delivery obligations or SLA terms changed

06

Contract date back-dated to claim priority

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Forensic signals analyzed in every contract

Five layers of analysis run on every request — results in under 3 seconds

Modifications after signature

The highest-confidence signal: content added to a digitally signed contract. HTPBE? returns “certain” confidence when it detects changes that were appended after a valid signature was applied.

Signature removal detection

A signature page can be stripped from a contract and the document re-circulated. HTPBE? detects structural evidence of removed signature blocks, also flagged at “certain” confidence.

Incremental update chain

PDF editors append changes to the file rather than rewriting it. Each editing session creates an incremental update record. A contract with multiple incremental updates was modified after original generation.

Execution date inconsistency

The ModDate metadata field updates automatically when a PDF is edited. If the ModDate is later than the contract’s stated execution date or signature date, the document was modified after signing.

Producer tool mismatch

Contracts generated by DocuSign, Adobe Sign, or contract management platforms have consistent producer fields. A producer showing an online PDF editor indicates post-signature processing.

Cross-reference table analysis

Each time a PDF is saved after modification, a new xref table is appended. An authentic, unmodified contract has exactly one xref table. Multiple tables confirm post-generation editing.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

What's the difference between "modified" and "inconclusive" for a contract?

A modified verdict means the PDF structure contains forensic evidence of post-creation editing — extra xref tables, incremental updates, or post-signature changes. An inconclusive verdict means the contract was generated with consumer software (Microsoft Word, Google Docs) rather than a contract management or e-signature platform. For contracts, inconclusive is also a risk signal — enterprise agreements should not be generated by Word and shared without an institutional signature.

Can it detect clause changes if no digital signature was used?

Yes. Digital signature bypass is the highest-confidence signal (certain), but HTPBE? detects post-creation modifications on unsigned contracts too. It looks for multiple xref tables, incremental update chains, producer field inconsistencies, and modification dates that post-date the stated execution date. Most contract fraud involves unsigned PDFs or PDFs where the signature page is kept intact while the body is changed.

Does it check the identity of signatories?

No. HTPBE? detects document tampering, not signatory identity. It can confirm that a digital signature exists and that no content was modified after signing — but it does not check whether the signatory is who they claim to be. For identity proofing, use an identity platform (Onfido, Jumio) alongside HTPBE? for document tamper detection.

How does it handle contracts with multiple revision versions?

HTPBE? analyzes the final submitted PDF — not revision history. If a contract went through multiple drafts and the final version was properly generated from a clean save, it will typically return intact. If the final version was produced by editing a previous PDF version (rather than generating fresh from a contract system), the editing traces will be visible in the structure. For version-controlled contracts, the key question is whether the final file was generated cleanly or assembled by editing.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →