logo
Relieving letter fraud

A relieving letter is the easiest document to forge — and the one HR trusts most

Built for fraud ops at lending, insurance & compliance teams

Onboarding teams use it to confirm the candidate left the previous employer cleanly. The candidate knows it. So when an exit was messy or a notice period was skipped, a quick edit in Word can rewrite history. Visual review passes. Structural analysis does not.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally fabricated or tampered relieving letter, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on a relieving letter, that’s the expected baseline (these documents legitimately come from desktop tools at many employers); combine with other markers before flagging.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered relieving letters actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Reason for separation rewritten

Candidate was terminated for cause but writes the letter as a voluntary resignation. Original document opened in Adobe Acrobat or an online editor; one paragraph replaced; re-export. Incremental update markers in the xref chain expose the edit.

02

Last working day backdated to skip the notice-period gap

There is a six-month gap between the real last working day and the next employer’s start date — the candidate was either out of work or working somewhere they can’t mention. The date on the relieving letter gets pushed forward. The visual page still looks signed and stamped; the modification timestamp tells a different story.

03

Letter authored from scratch when no real one exists

No relieving letter was issued — the candidate left badly or the previous employer refuses to issue one. The candidate writes one in Word, lifts the company logo from LinkedIn, signs HR Manager’s name, exports. Producer field shows Microsoft Word; image-stream metadata exposes the lifted logo.

The scale

~1 in 8
job applicants misrepresent prior employment terms on background checks
$17K+
average cost to replace a fraudulent hire
~3 sec
per relieving letter via API

Why your existing checks miss this

BGV calls the employer. The employer does not always answer.

When BGV cannot complete, the candidate fills the gap with a letter. Read the file.

BGV platforms (AuthBridge, IDfy, OnGrid, Springworks) call the previous employer to confirm separation. Indian BGV employer-response rates routinely run 70–85% — meaning 15–30% of cases get filled with the candidate’s submitted documents alone. HTPBE? catches the file the candidate sent, regardless of whether the previous employer responds. Use both: BGV when reachable, HTPBE? always.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the letter

Authentic relieving letters come from the previous employer’s HRMS, payroll, or document-management system — recognisable producer signatures. When the producer is Microsoft Word, LibreOffice, Google Docs, or Chrome Headless, the letter was authored on a desktop.

Incremental update trail

Date edits, paragraph replacements, and signature swaps all leave incremental updates in the PDF’s xref chain. Authentic single-session exports have one xref; tampered files have two or more.

Letterhead and logo image consistency

Real corporate letterheads ship as part of the document template. Lifted-and-pasted logos appear as redundant image streams with mismatched compression — a structural fingerprint of fabrication.

Digital signature presence and chain validity

Many large employers digitally sign relieving letters. Authentic letters carry a valid signature chain; tampered letters either lack signatures or have invalidated chains.

Modification date vs. claimed last working day

The PDF’s ModDate is the moment the document was last touched. When ModDate is months after the claimed last working day, the file was edited after issuance — a high-confidence flag for backdated separations.

Font subset divergence across pages

Multi-session edits or page reassembly leave font subset prefix shifts. Single-session legitimate exports have consistent subsets across all pages.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

How is this different from BGV employer fraud detection?

BGV calls the previous employer to confirm separation terms. HTPBE? inspects the relieving letter PDF the candidate uploaded. They are complementary — and HTPBE? works even when BGV cannot reach the previous employer (which fails 15–30% of the time in Indian BGV operations).

Can it catch backdated relieving letters?

Yes. Date edits leave incremental update markers in the PDF’s xref chain, regardless of how clean the visual layout looks. The verdict will be modified with the incremental-update flag and modification timestamp gap.

What if the previous employer used Microsoft Word for the original letter?

A Word producer alone is not a verdict — HTPBE? combines it with other markers (signature presence, image-stream metadata, incremental updates, modification timestamp). Small employers using Word legitimately typically return inconclusive, prompting manual employer fraud detection rather than an automatic reject.

Does the API need a reference original to compare against?

No. HTPBE? performs standalone forensic analysis on the PDF the candidate uploaded — the structural signals of editing live inside the file itself. No reference copy required, no third-party database.

What does an INCONCLUSIVE verdict mean for a relieving letter?

HTPBE? returns INCONCLUSIVE when a relieving letter PDF was authored on a desktop and lacks edit-trail evidence (no incremental update, no signature chain, no certainty markers fired). For a relieving letter, INCONCLUSIVE is the expected baseline rather than an automatic fraud signal — many employers, especially smaller ones, author these letters in Word and export them as a single-session PDF. Combine INCONCLUSIVE with the other markers HTPBE? returns (image-stream artefacts from lifted logos or pasted signatures, modification timestamp, cross-document signature reuse) before flagging. INCONCLUSIVE alone is a prompt for manual employer fraud detection, not an automatic reject.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →