logo
Asset & gift letter fraud

Fake Asset Letter Detection — Catch Tampered Mortgage PDFs

Built for fraud ops at lending, insurance & compliance teams

A gift letter is a one-page PDF that decides whether the down payment counts — and one borrowers know how to fake. Mortgage processors clear asset letters and gift letters as evidence of down-payment funds. The borrower needs the donor to confirm the money is a gift, not a loan; or the bank to confirm the balance. When the donor is reluctant — or when the balance does not actually exist — the temptation is the same: edit the letter or build one in Word with a lifted signature.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated asset / gift letter, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on an asset or gift letter, that’s the expected baseline (these documents legitimately come from desktop tools — a donor’s Word document or a small bank’s letter template); combine with other markers before flagging.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered asset / gift letters actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Real letter edited after issuance

A genuine asset letter was issued by the bank or signed by the donor. Borrower opens it in any PDF editor, edits the balance figure or the relationship-to-borrower line, exports as PDF. The xref chain shows an incremental update — visible structural evidence of post-issuance editing.

02

Letter authored from scratch with lifted signature

No real letter exists. Borrower builds one in Word using bank letterhead lifted from a public source, pastes a signature image lifted from another document or social media, exports as PDF. The pasted signature image carries different JPEG/PNG compression than the surrounding document — a clean structural fingerprint of fabrication.

03

Same signature reused across "different" donor letters

Multiple gift letters from supposedly different donors carry visually identical signatures with identical image-stream metadata — the signature image was recycled. Cross-document image hash comparison surfaces the reuse.

The scale

$11B+
in annual mortgage application fraud exposure (US)
~3 sec
per asset / gift letter via API
No bank API
no bank-side or donor consent required — works on the file

Why your existing checks miss this

VOD calls the bank. The donor letter has no bank to call.

Both layers matter. The PDF the borrower uploaded is what your underwriter signs off.

Fraud detection of Deposit services call the bank to confirm the balance — useful for asset letters but not for gift letters from individual donors. Day 1 Certainty asset fraud detection (Account Aggregation) requires the borrower to connect the account; borrowers who fabricated the balance rarely consent. Manual donor fraud detection is rare and slow. HTPBE? catches the asset / gift letter PDF the borrower uploaded at the moment of intake — standalone, no bank-side or donor consent required.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Image-stream artefact detection

Lifted-and-pasted signatures and bank logos carry different JPEG/PNG compression characteristics than the surrounding document. Image-stream metadata mismatches are a structural fingerprint of fabrication or post-issuance signature swapping.

Incremental update trail

A clean letter has one cross-reference table. Edits to balance figures, dates, or signatures append a second xref — visible structural evidence of post-issuance editing.

Cross-document signature reuse

When multiple gift letters from "different" donors arrive in the same file, the API surfaces image hashes for each signature. Identical hashes across donors flag signature recycling.

Modification timestamp gap

A real letter dated last week has CreationDate ≈ ModDate within days. A months-later modification on a "freshly signed" letter is a high-confidence flag for post-issuance editing.

Producer signature analysis

Asset letters legitimately come from bank document systems or from desktop tools (small-bank letters often originate in Word). The signal is not Word-versus-bank-system; it is Word + lifted signature image + no incremental update versus Word + clean content. Combined producer + image + update markers produce the verdict.

Font subset divergence across pages

Multi-session edits leave font subset prefix shifts. Single-session legitimate letters have consistent subsets across all pages.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Won’t a real Word-authored asset letter from a small bank look "fake" too?

A genuine letter authored in Word and exported once will return intact or inconclusive — it has a Word producer signature but no incremental update trail and no signature image-stream artefacts. The verdict combines multiple markers; a Word producer alone is not a flag. The combination of Word producer + lifted-signature artefacts + post-creation modification is what triggers modified.

Does this work for Fraud detection of Deposit (VOD) PDFs?

Yes. VOD PDFs from bank document systems carry recognisable producer signatures. Re-saves change those signatures and append xref tables. Word-fabricated VODs trigger producer-mismatch flags. The same forensics applies.

Can it detect a recycled donor signature across multiple gift letters?

Yes. When multiple gift letters arrive in the same file, the API surfaces image hashes for each signature region. Identical image hashes across "different" donors signal signature recycling — a high-confidence fraud flag.

Does this replace manual donor fraud detection?

No. Manual donor fraud detection — calling the donor to confirm the gift — remains the gold standard. HTPBE? inspects the file at intake, before manual review, to flag obvious tampering and prioritise which letters need the slower manual call.

What does an INCONCLUSIVE verdict mean for an asset or gift letter?

HTPBE? returns INCONCLUSIVE when an asset or gift letter PDF was authored on a desktop and lacks edit-trail evidence (no incremental update, no certainty markers fired). For asset and gift letters, INCONCLUSIVE is the expected baseline rather than an automatic fraud signal — a donor writing a gift letter in Word, or a small bank or credit union drafting an asset letter in Word, is entirely normal. Combine INCONCLUSIVE with the other markers HTPBE? returns (signature image-stream artefacts, cross-document signature reuse, modification timestamp gap) before flagging. INCONCLUSIVE alone on an asset or gift letter is a prompt for manual review, not a red flag.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →