Fake NDIS Document Detection — Catch Tampered Worker PDFs
NDIS providers are accountable for the workers they engage — and accountable for the documents they kept on file. NDIS Quality and Safeguards Commission audits look at evidence: worker screening clearances, qualifications, training certificates. When any of those PDFs were tampered before they reached your file — backdated screening expiry, fabricated qualifications, edited training completion dates — your registration and the safety of participants are both at risk. Read the file before it gets filed.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. The official NDIS Worker Screening Database remains the primary registration check for screening clearances; HTPBE? catches tampering on the supporting PDFs you keep on file.
When HTPBE? returns INCONCLUSIVE on an NDIS supporting document, that’s itself a fraud signal in this context — real clearances and qualification certificates always come from institutional systems (government portals, RTOs), never from a desktop tool.
The problem
Modern document fraud is invisible to visual review
A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.
Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.
Common tampering patterns
- Modified balances or totals after export
- Swapped IBAN or beneficiary on invoices
- Post-signature edits on contracts
- Backdated issue and modification dates
- Fabricated documents from consumer PDF tools
What this looks like
How fake and tampered NDIS supporting PDFs actually look
Three real fraud mechanics we catch at the structural PDF layer.
NDIS Worker Screening clearance with edited expiry
A worker’s genuine screening clearance is approaching expiry. They open the PDF in Adobe Acrobat and edit the expiry date forward by twelve months before submitting. The visual layout is unchanged; the underlying text or annotation layer changes. Incremental update markers in the xref chain expose the edit.
Qualification certificate fabricated in Word
A required qualification (Certificate III in Individual Support, mental health first aid, NDIS-specific training) the worker does not actually hold gets built in Word using a template lifted from the institution’s site. Producer field shows Microsoft Word; structured institutional metadata is missing.
Training completion date backdated
Training that was completed late (or not at all) gets a backdated completion certificate. The PDF dates align with the participant-facing claim; the modification timestamp does not. ModDate after the claimed completion is a high-confidence flag.
The scale
Why your existing checks miss this
The Worker Screening Database checks the clearance status. It does not check the file you kept.
On audit, the Commission opens your retained PDFs — that file is what defends you.
The NDIS Worker Screening Database lets you check whether a worker has a current clearance — the live status. But your registration depends on retaining evidence of the clearance, the qualifications, the training. If the supporting PDFs were tampered before they reached your file, the audit reads tampered files. HTPBE? inspects every supporting PDF at the moment it lands in your evidence file — standalone, no Worker Screening Database integration, no government-portal call required.
What HTPBE? checks
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature on the supporting PDF
Authentic NDIS Worker Screening clearances and state-issued WWCC certificates carry recognisable government-portal producer signatures. Qualification certificates from RTOs (Registered Training Organisations) come from learning-management systems with their own producer signatures. When the producer is Microsoft Word, Excel, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored or edited on a desktop.
Annotation and form-field tampering
Edited expiry dates and conditions on screening clearances often live in the annotation or form-field layer. Tracked separately in PDF structure — annotation-layer changes show structural traces.
Incremental update trail
A clean clearance or certificate has one cross-reference table. Re-saves through Adobe Acrobat or PDF editors append a second xref — visible structural evidence of post-issuance editing.
Modification date vs. claimed issue date
When a clearance dated June 2023 has a ModDate of January 2024, the file was touched after issuance — a high-confidence flag for backdated or extended clearances.
Image-stream artefacts in fabricated headers
Fabricated qualification certificates often paste institutional logos lifted from public sites. The pasted image stream carries different compression characteristics than the surrounding document — a structural fingerprint of fabrication.
Font subset divergence across pages
Multi-session edits or page reassembly leave font subset prefix shifts. Single-session legitimate exports have consistent subsets across all pages.
Share with engineering
Wire this into your intake pipeline in under a day
Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.
Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does this replace the NDIS Worker Screening Database check?
What about state-issued Working With Children Checks?
Can it catch fabricated RTO qualification certificates?
modified or inconclusive with producer-mismatch and missing-metadata flags.Is this suitable for NDIS provider audit preparation?
What does an INCONCLUSIVE verdict mean for an NDIS supporting document?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.