logo
Free PDF Check

Bank Statement Fraud Detection API

Built for fraud ops at lending, insurance & compliance teams

Bank statements are the most-faked document in alternative lending. Your KYC platform checked who the borrower is. It did not check the document they submitted. A single API call reveals whether a PDF was modified after export from the bank — catching balance changes, altered transactions, and fabricated statements that bypass visual review.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics, and we don’t replace KYC platforms or income-fraud detection APIs. If your fraud problem is a digitally tampered or fabricated bank statement PDF, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on a bank statement, that’s itself a high-confidence fraud signal — real statements always come from bank issuance systems and online-banking export engines, never from a desktop tool.

The problem

Why KYC template checks miss edited bank statements

According to Inscribe’s 2025 fraud report, 59% of all fraudulent documents detected across lending and fintech platforms are bank statements. The most common attack: a borrower downloads their real bank statement, opens it in Microsoft Excel, changes the account balance from $2,400 to $24,000, and uploads the PDF to your portal.

KYC platforms answer the question “Does this look like a real bank statement?” They check template, logo, layout, and field positions. They do not answer “Was this specific PDF file modified after the bank generated it?” Both questions need answers. Most teams only ask the first.

HTPBE? answers the second question. It analyzes the PDF’s binary structure for forensic evidence of post-export modification — regardless of how convincing the document looks visually. Read the full technical breakdown in our KYC PDF blind spot article.

Common bank statement fraud techniques

  1. 1Download real PDF statement from online banking
  2. 2Open in Microsoft Excel via “Open with” or import
  3. 3Change account balance, transaction amounts, or running totals
  4. 4Export to PDF — the result looks identical to the original
  5. 5Upload to loan application portal
  6. 6KYC template check passes — but binary structure changed

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Download real PDF statement from online banking

02

Open in Microsoft Excel via “Open with” or import

03

Change account balance, transaction amounts, or running totals

04

Export to PDF — the result looks identical to the original

05

Upload to loan application portal

06

KYC template check passes — but binary structure changed

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects in bank statement PDFs

Five forensic layers analyzed on every request

Spreadsheet producer fingerprint

Bank-generated PDFs are produced by core banking systems (Temenos, Finacle, FIS). A producer field showing “Microsoft Excel” or “LibreOffice Calc” means the PDF was exported from a spreadsheet — a primary indicator of fabrication.

Multiple xref tables

An authentic bank statement export has one cross-reference table. Additional tables mean the file was opened and re-saved in an editor after the original export — the most common structural sign of tampering.

Incremental update chain

PDF editors append changes as incremental updates rather than rewriting the file. HTPBE? counts the update chain — a bank statement with two or more incremental updates was almost certainly processed by an editing tool.

Creation and modification date gap

The ModDate metadata field updates automatically when a PDF is edited. If ModDate is hours or days after CreationDate on a statement that should have been generated in a single batch export, the file was modified after creation.

Font inconsistency from conversion

Converting a spreadsheet to PDF and then editing the result often introduces font subsets that are inconsistent with the document’s claimed origin. HTPBE?’s content layer detects mixed font provenance.

Missing institutional metadata

Authentic bank PDF exports contain structured metadata embedded by core banking software. Statements created from scratch in Excel and exported to PDF lack this metadata structure, which is itself a signal.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

How is this different from KYC template fraud detection?

KYC platforms check whether a document looks like a real bank statement — correct layout, logos, fonts, field positions. HTPBE? detects whether this specific PDF file was modified after it was generated. Both checks address different attack vectors. Template fraud detection catches documents that were never real. HTPBE? catches real documents that were altered. You need both.

Can it detect Excel-edited bank statements?

Yes. When a fraudster exports a real statement to Excel, edits balances or transactions, and re-saves as PDF, the resulting file carries a Microsoft Excel producer fingerprint, typically has multiple xref tables, and shows a modification date shortly after creation. HTPBE? surfaces all of these markers in the response, usually returning status: “modified” with modification_confidence: “high”.

What does “inconclusive” mean for a bank statement?

A bank statement returns inconclusive when it was exported from consumer software — Microsoft Word, Google Docs, or similar — rather than from a core banking system. The file structure does not contain enough institutional metadata to determine whether the document was tampered with. This verdict is itself a risk signal: legitimate bank statements are not generated by Word. Treat inconclusive on a bank statement as a prompt for manual review.

What is the integration point in a loan application workflow?

The recommended integration point is immediately after document upload, before the underwriter review step. When an applicant uploads a bank statement, send the file URL to POST /v1/analyze, then poll GET /v1/result/{id}. If the verdict is modified or inconclusive, flag the application for manual review before it reaches the underwriter queue. This adds under 3 seconds to the processing time and eliminates a manual fraud check step.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →