Bank Statement Fraud Detection API

Q: How is this different from KYC template verification?

KYC platforms verify whether a document looks like a real bank statement — correct layout, logos, fonts, field positions. htpbe? detects whether this specific PDF file was modified after it was generated. Both checks address different attack vectors. Template verification catches documents that were never real. htpbe? catches real documents that were altered. You need both.

Q: What does "inconclusive" mean for a bank statement?

A bank statement returns inconclusive when it was exported from consumer software — Microsoft Word, Google Docs, or similar — rather than from a core banking system. The file structure does not contain enough institutional metadata to determine whether the document was tampered with. This verdict is itself a risk signal: legitimate bank statements are not generated by Word. Treat inconclusive on a bank statement as a prompt for manual review.

Detect fake and edited bank statements before they reach your underwriters. A single API call reveals whether a PDF was modified after export from the bank — catching balance changes, altered transactions, and fabricated statements that bypass visual review.

~3 sec

per document

35 checks

forensic layers

From $15

per month

1,500+

docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics, and we don’t replace KYC platforms or income-verification APIs. If your fraud problem is a digitally tampered or fabricated bank statement PDF, we’re the most specific tool for it.

When htpbe? returns INCONCLUSIVE on a bank statement, that’s itself a high-confidence fraud signal — real statements always come from bank issuance systems and online-banking export engines, never from a desktop tool.

Why KYC template checks miss edited bank statements

According to Inscribe’s 2025 fraud report, 59% of all fraudulent documents detected across lending and fintech platforms are bank statements. The most common attack: a borrower downloads their real bank statement, opens it in Microsoft Excel, changes the account balance from $2,400 to $24,000, and uploads the PDF to your portal.

KYC platforms answer the question “Does this look like a real bank statement?” They verify template, logo, layout, and field positions. They do not answer “Was this specific PDF file modified after the bank generated it?” Both questions need answers. Most teams only ask the first.

htpbe? answers the second question. It analyzes the PDF’s binary structure for forensic evidence of post-export modification — regardless of how convincing the document looks visually. Read the full technical breakdown in our KYC PDF blind spot article.

Common bank statement fraud techniques

1Download real PDF statement from online banking
2Open in Microsoft Excel via “Open with” or import
3Change account balance, transaction amounts, or running totals
4Export to PDF — the result looks identical to the original
5Upload to loan application portal
6KYC template check passes — but binary structure changed

What the API detects in bank statement PDFs

Five forensic layers analyzed on every request

Spreadsheet producer fingerprint

Bank-generated PDFs are produced by core banking systems (Temenos, Finacle, FIS). A producer field showing “Microsoft Excel” or “LibreOffice Calc” means the PDF was exported from a spreadsheet — a primary indicator of fabrication.

Multiple xref tables

An authentic bank statement export has one cross-reference table. Additional tables mean the file was opened and re-saved in an editor after the original export — the most common structural sign of tampering.

Incremental update chain

PDF editors append changes as incremental updates rather than rewriting the file. htpbe? counts the update chain — a bank statement with two or more incremental updates was almost certainly processed by an editing tool.

Creation and modification date gap

The ModDate metadata field updates automatically when a PDF is edited. If ModDate is hours or days after CreationDate on a statement that should have been generated in a single batch export, the file was modified after creation.

Font inconsistency from conversion

Converting a spreadsheet to PDF and then editing the result often introduces font subsets that are inconsistent with the document’s claimed origin. htpbe?’s content layer detects mixed font provenance.

Missing institutional metadata

Authentic bank PDF exports contain structured metadata embedded by core banking software. Statements created from scratch in Excel and exported to PDF lack this metadata structure, which is itself a signal.

Built for KYC, lending, and fintech teams

Integrate into your loan origination or onboarding workflow

Detect balance amounts changed in Excel before re-export to PDF — for example, $2,400 inflated to $24,000

Flag bank statements where the producer field reveals a spreadsheet tool, not bank software

Catch incremental updates that indicate the file was edited after export from the bank

Identify gaps between the creation date and modification date that indicate post-export editing

Integrate into your loan origination or KYC pipeline via a single REST call

Free web tool lets compliance teams check suspicious statements manually without writing code

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

Integrate in minutes

Two calls: POST to analyze, GET to retrieve the result.

Step 1 — POST /v1/analyze

bash

curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/bank-statement-march-2024.pdf"}'

Step 2 — GET /v1/result/{id} — Excel-edited statement detected

json

{
  "id": "a1b2c3d4-5e6f-7a8b-9c0d-e1f2a3b4c5d6",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Known PDF editing tool detected",
    "Multiple cross-reference tables (incremental updates)"
  ],
  "producer": "Microsoft Excel",
  "creator": "Microsoft Excel",
  "creation_date": 1709280000,
  "modification_date": 1709366400,
  "has_digital_signature": false,
  "xref_count": 3,
  "has_incremental_updates": true
}

The producer: “Microsoft Excel” in the response is the key signal: this PDF was generated by a spreadsheet, not a core banking system. Combined with xref_count: 3 and has_incremental_updates: true, the verdict is modified at high confidence.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual spot-checks for low-volume lending teams

Growth

$149/mo

350 checks/mo

Active loan origination pipelines

Pro

$499/mo

1,500 checks/mo

High-volume KYC automation and fintech platforms

Enterprise (unlimited, on-premise available) — see full pricing and docs

Secure your workflow View API docs

API key on signup. Free test environment on every plan. No card required.

Frequently Asked Questions

How is this different from KYC template verification?

KYC platforms verify whether a document looks like a real bank statement — correct layout, logos, fonts, field positions. htpbe? detects whether this specific PDF file was modified after it was generated. Both checks address different attack vectors. Template verification catches documents that were never real. htpbe? catches real documents that were altered. You need both.

Can it detect Excel-edited bank statements?

Yes. When a fraudster exports a real statement to Excel, edits balances or transactions, and re-saves as PDF, the resulting file carries a Microsoft Excel producer fingerprint, typically has multiple xref tables, and shows a modification date shortly after creation. htpbe? surfaces all of these markers in the response, usually returning status: "modified" with modification_confidence: "high".

What does "inconclusive" mean for a bank statement?

A bank statement returns inconclusive when it was exported from consumer software — Microsoft Word, Google Docs, or similar — rather than from a core banking system. The file structure does not contain enough institutional metadata to determine whether the document was tampered with. This verdict is itself a risk signal: legitimate bank statements are not generated by Word. Treat inconclusive on a bank statement as a prompt for manual review.

What is the integration point in a loan application workflow?

The recommended integration point is immediately after document upload, before the underwriter review step. When an applicant uploads a bank statement, send the file URL to POST /v1/analyze, then poll GET /v1/result/{id}. If the verdict is modified or inconclusive, flag the application for manual review before it reaches the underwriter queue. This adds under 3 seconds to the processing time and eliminates a manual fraud check step.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflow View API docs

Integrate bank statement fraud detection in any stack

Two API calls — submit the bank statement PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.

bash

# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer htpbe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}

# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
  -H "Authorization: Bearer htpbe_live_..." \
  | jq '.status'