logo
Receipt fraud

Fake Receipt Detection — Catch Regenerated and Edited PDFs

Built for fraud ops at lending, insurance & compliance teams

A receipt-generator site can produce a plausible-looking PDF in seconds — and most expense reviewers cannot tell. Finance and AP teams approve thousands of expense receipts a month. Insurance claims adjusters see receipts attached to every property and travel claim. Tax preparers receive client-uploaded receipts as substantiation. The fabrication scripts have changed — generator sites, AI tools, edited real receipts — but the visual still passes review every time.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don't inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally fabricated or tampered receipt, we're the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on a receipt that should have come from a POS or platform issuer (Uber, Square, Stripe, hotel PMS, restaurant POS), that's itself a fraud signal in this context — real receipts always carry the issuer's producer signature, never a desktop tool.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered receipts actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Generator-tool fabrication

Free online receipt-generator sites and AI tools produce a plausible PDF for any merchant, amount, and date the user types in. These tools leave a recognisable producer signature (Chrome Headless, generic PDF library, or an AI-platform fingerprint) and miss the platform metadata authentic POS or platform exports carry.

02

Real receipt edited after issuance

Authentic Uber receipt or hotel folio downloaded by an actual customer, opened in any PDF editor, the amount or date bumped, exported. The producer field changes from the platform engine to whichever editor was used, and the xref chain shows an incremental update — visible structural evidence of post-issuance editing.

03

Same receipt submitted multiple times across expense periods

A real receipt is reused across multiple expense reports with the date subtly edited each time. Cross-document image hash and content hash comparison catches the reuse — the underlying payment was made once but reimbursed three times.

The scale

~5%
of annual T&E spend lost to expense fraud on average
$1.9M
median annual cost of expense fraud at mid-market companies
~3 sec
per receipt via API

Why your existing checks miss this

OCR extracts the amount. It does not check the file.

Concur and Expensify read whatever the receipt shows — even if the receipt was generated this morning.

Expense management platforms (Concur, Expensify, Ramp, Brex, Pleo, Navan) extract receipt data via OCR and run policy rules. They cannot tell you whether the receipt PDF was issued by a real merchant or fabricated five minutes ago through a generator site. Tax-filing software accepts receipt PDFs at face value. HTPBE? catches the receipt PDF the employee or claimant uploaded at the moment of intake — standalone, no platform integration required.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

Authentic receipts carry the producer signature of the issuing platform (Uber, Lyft, Square, Stripe, Toast, Clover, Marriott PMS, etc.). When the producer is Microsoft Excel, Microsoft Word, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored on a desktop or generator tool — it didn't come from the platform.

Generator-tool and AI-platform fingerprints

Receipt-generator sites and AI tools produce PDFs through headless browsers or specific PDF libraries with recognisable producer strings. HTPBE? flags these patterns separately from legitimate platform exports.

Incremental update trail

A clean platform export has one cross-reference table. Re-saves through any editor append a second xref — visible structural evidence of post-issuance editing.

Cross-receipt content hash

When the same expense report contains receipts that share content fingerprints across "different" merchants or dates, the API surfaces the duplication. Real receipt issuance from different vendors produces unique content; reuse-with-edits leaves a trail.

Modification timestamp gap

A real receipt issued at the time of purchase has CreationDate matching the transaction. A months-later modification on a "freshly issued" receipt is a high-confidence flag for post-export editing.

Font subset divergence across pages

Multi-session edits or page assembly leave font subset prefix shifts. Single-session legitimate exports have consistent subsets across all pages.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

How is this different from Concur or Expensify?

Concur, Expensify, Ramp, and Brex extract receipt data via OCR and apply policy rules. They process whatever the PDF shows, including fabricated PDFs. HTPBE? inspects the PDF file structure to detect that the receipt was authored on a desktop, generated by a tool, or edited after issuance. Use both: extraction tools for data capture, HTPBE? for integrity fraud detection.

Can it catch ChatGPT or other AI-generated receipts?

Many AI-generated receipts carry recognisable producer fingerprints (headless browsers, AI-platform tooling) that distinguish them from authentic POS exports. HTPBE? flags these patterns. For a deeper treatment of AI-generated documents specifically, see /use-cases/ai-generated-document-detection.

What about phone photos of receipts?

Phone photos are raster images with no PDF structure to analyse — outside scope. Always require digital PDF receipts where possible. Most modern receipt issuers (Uber, Stripe, Square, hotel PMS) email PDFs directly; require those rather than phone photos for any receipt above your audit threshold.

What does an INCONCLUSIVE verdict mean for a receipt?

HTPBE? returns INCONCLUSIVE when a receipt PDF lacks the institutional metadata that genuine platform exports carry — typically because the file was authored on a desktop with consumer software (Word, Excel, generator-site renderers) rather than exported from a POS, hotel PMS, or platform issuer. For receipts that should come from issuers (Uber, Lyft, hotel chains, Square, Stripe, e-commerce platforms), INCONCLUSIVE is itself a high-confidence fraud signal: a real receipt always carries the platform's producer signature. Treat INCONCLUSIVE on those receipts as fraud-positive and route the case to manual receipt sourcing or merchant fraud detection.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →