logo
Free PDF Check

Invoice Tamper Detection API

Built for fraud ops at lending, insurance & compliance teams

Detect tampered or fake invoices before payment. A single API call reveals whether a PDF invoice was modified after generation or fabricated from scratch — catching altered amounts, swapped payee details, changed account numbers, and supplier-impersonation invoices that eyes miss.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your AP fraud problem is a digitally tampered or fabricated invoice PDF, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on an invoice, that’s itself a fraud signal in this context — real vendor invoices come from accounting software (QuickBooks, Xero, SAP, NetSuite, Zoho), e-invoicing platforms, or ERP systems, never from a desktop tool.

The problem

Why altered invoices pass manual review

A fraudster intercepts a legitimate invoice PDF, opens it in a free online editor, changes the bank account number or payment amount, and sends the modified file. The wire goes out to the attacker. Visually, the invoice looks identical — same logo, same layout, same font.

The modification is invisible to the human eye but not to a forensic analyzer. PDF editors leave structural traces: extra xref tables, incremental update records, and metadata timestamps that do not match. HTPBE? surfaces these traces automatically.

According to the Association of Certified Fraud Examiners, billing fraud accounts for 43% of all occupational fraud cases. A single prevented fraudulent payment typically covers months of API subscription costs.

Typical invoice fraud scenario

  1. 1Vendor sends a legitimate invoice PDF via email
  2. 2Attacker intercepts or spoofs the vendor’s email account
  3. 3PDF opened in iLovePDF, SmallPDF, or Adobe Acrobat
  4. 4Bank account number or amount edited
  5. 5Modified file forwarded to AP team
  6. 6Payment sent to fraudster’s account

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Vendor sends a legitimate invoice PDF via email

02

Attacker intercepts or spoofs the vendor’s email account

03

PDF opened in iLovePDF, SmallPDF, or Adobe Acrobat

04

Bank account number or amount edited

05

Modified file forwarded to AP team

06

Payment sent to fraudster’s account

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects in invoice PDFs

Five forensic layers analyzed on every request

Multiple xref tables

An unmodified invoice has one xref table. A second table means content was added after the original save — the most common marker of invoice tampering.

Incremental update chain

PDF editors append changes without rewriting the original bytes. HTPBE? counts the update chain length — one update is unusual, two or more is highly suspicious.

Producer/creator mismatch

Genuine invoices are generated by accounting software (QuickBooks, Xero, SAP). If the producer field shows a PDF editor (iLovePDF, SmallPDF, QPDF), the file was processed after generation.

Date inconsistency

CreationDate and ModDate are metadata fields that PDF editors update automatically. A ModDate weeks after CreationDate on an invoice is a direct tampering signal.

Digital signature bypass

If the original invoice was digitally signed and content was added after signing, HTPBE? flags it as modified with “certain” confidence — the highest possible verdict.

Tool fingerprint analysis

Every PDF tool leaves a distinct fingerprint in the file structure. HTPBE? cross-references against a database of 200+ known tools to detect editing software.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

How does the API detect a tampered invoice?

HTPBE? analyzes the binary structure of the PDF file — not the visual content. It looks for cross-reference tables added after the original save, incremental update records, producer fields inconsistent with invoicing software (QuickBooks, Xero, SAP), and modification dates that post-date the stated invoice date. These structural traces cannot be removed without creating a new file from scratch.

Can it catch invoice fraud if the original was never signed?

Yes. Digital signature bypass is just one of several detection signals. HTPBE? detects xref table counts, incremental updates, producer mismatches, and date inconsistencies on any PDF — regardless of whether a digital signature was ever applied. Most invoice fraud involves unsigned PDFs edited in iLovePDF, SmallPDF, or Adobe Acrobat.

What does "inconclusive" mean for an invoice?

A verdict of inconclusive means the invoice was created with consumer software (Microsoft Word, Google Docs, or a desktop PDF printer) rather than with dedicated invoicing software. The file lacks the institutional metadata needed to detect tampering. This is itself a risk signal — legitimate vendor invoices from established businesses are generated by accounting systems, not Word.

How many invoice checks per month does a typical AP team need?

A team processing 10 invoices per day uses roughly 200 checks per month. The Growth plan (350 checks/mo at $149) covers a mid-size AP workflow with room for spikes. For teams running automated AP automation with batch processing, the Pro plan (1,500 checks/mo at $499) is more appropriate. The free web tool handles manual spot-checks for any volume.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →