Document fraud detection for customer onboarding — the structural layer your KYC stack misses
Plaid confirms the bank connection. Persona confirms the face. Onfido confirms the ID. Alloy orchestrates the policy. None of them open the PDF the customer uploaded — the proof-of-address utility bill, the bank reference letter, the certificate of incorporation, the source-of-funds declaration. HTPBE? is the structural-PDF layer that sits alongside the rest of your onboarding stack and closes that gap.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We are complementary to KYC and identity-proofing platforms (Persona, Onfido, Alloy, Jumio, Sumsub), not a replacement. They confirm the person and the ID. We confirm the integrity of the PDFs the same applicant uploaded alongside.
The problem
What Plaid, Persona, and Onfido confirm, and what they cannot see
Plaid, Tink, and Bridge connect to a bank and confirm account ownership — when the customer agrees to connect. Persona, Onfido, Jumio, and Sumsub run the face match, the ID liveness, and the document-template check on the ID itself. Alloy stitches the policy decisions together. Each of them is the right tool for the layer it owns. None of them inspects the binary structure of the supporting PDFs the same customer uploaded a step earlier in the flow.
One in five fraudulent supporting documents passes initial manual review. A name or address field replaced on a real utility bill establishes false residency. A PDF mimicking a bank statement or corporate certificate, produced through an editor, passes visual screening. The structural layer records every edit regardless of how the rendered document looks — that is what HTPBE? checks.
Hours of manual compliance review per application become seconds of structural analysis per document. KYC remains your identity layer. HTPBE? becomes your paperwork layer.
Onboarding supporting-document fraud patterns
- Proof of address: name or address replaced on a real utility bill PDF
- Bank reference letter: fabricated PDF mimicking institutional formatting
- Certificate of incorporation: altered to hide UBO or change company name
- Source-of-funds letter: edited to inflate declared wealth
- Shareholder register: modified to conceal beneficial ownership
- Audited financials: figures changed before re-export to PDF
What this looks like
Document fraud in 2026 — three concrete patterns
Three real fraud mechanics we catch at the structural PDF layer.
Proof of address: name or address replaced on a real utility bill PDF
Bank reference letter: fabricated PDF mimicking institutional formatting
Certificate of incorporation: altered to hide UBO or change company name
Source-of-funds letter: edited to inflate declared wealth
Shareholder register: modified to conceal beneficial ownership
Audited financials: figures changed before re-export to PDF
The detection gap
KYC platforms check the document. HTPBE? checks the file.
Two different checks — both matter.
KYC & identity platforms
Plaid · Persona · Alloy · Jumio
- Is this a real bank statement template?
- Does the account number match the identity?
- Is the document format consistent with the issuing bank?
Detects fake documents. Does not detect edited real documents.
HTPBE? tamper detection API
Structural PDF integrity
- Was this specific PDF file modified after it was generated?
- Do metadata timestamps match the file structure?
- Were digital signatures valid at the time of signing?
What HTPBE? checks
Why structural PDF analysis is the layer that closes onboarding fraud
Six structural layers across every supporting PDF, complementary to identity and bank-data layers.
Incremental update detection
Any post-issuance edit leaves a fingerprint in the xref and trailer chain. A utility bill or bank letter edited after original generation carries this trace regardless of how it looks.
Producer signature validation
Real bank and government exports produce recognizable signatures. A bank reference letter with a consumer-tool producer field was never exported from a banking system.
Font subset prefix consistency
Multi-session edits create detectable font subset shifts across pages. Altered corporate documents often show this pattern when individual pages were modified separately.
Text layer vs. raster mismatch
Replaced text in rendered images breaks agreement between the text and visual layers — the clearest signal for name or address field substitutions on utility bills.
Digital signature integrity
Officially issued documents (certificates, notarized letters) that carry digital signatures are checked for post-signature modifications at certainty-level confidence.
Modification date after issuance
The PDF ModDate field updates automatically when edited. A utility bill ModDate weeks after its stated billing date is a direct signal of post-issuance tampering.
Integrate in minutes
Integrate onboarding document fraud detection in any stack
Two API calls — submit the supporting document PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.
# curl is preinstalled on macOS and most Linux distributions
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer htpbe_live_..." \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}
# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
-H "Authorization: Bearer htpbe_live_..." \
| jq '.status'Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does HTPBE? replace Persona, Onfido, or Alloy?
Can this help with enhanced due diligence (EDD) for high-risk customers?
Is it compliant with GDPR and financial-services data rules?
What about scanned or photographed documents?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.