Fake Salary Slip Detection — catch tampered UK, India, Australia, and EU payroll PDFs
UK BGV operators, Indian NBFC underwriters, Australian property managers, and EU embassy visa reviewers all face the same non-US pattern: a candidate downloads a real salary slip from Sage Payroll, Xero, MYOB, Tally, Zoho Payroll, Keka, GreytHR, or RazorpayX, opens it in any PDF editor, edits the gross or the net, exports back to PDF. The page renders identically. The file structure does not — and we detect the edit regardless of which tool was used.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated salary slip, we’re the most specific tool for it.
When HTPBE? returns INCONCLUSIVE on a salary slip, that’s itself a fraud signal in this context — real salary slips always come from a payroll system, never from a desktop tool.
The problem
Modern document fraud is invisible to visual review
A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.
Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.
Common tampering patterns
- Modified balances or totals after export
- Swapped IBAN or beneficiary on invoices
- Post-signature edits on contracts
- Backdated issue and modification dates
- Fabricated documents from consumer PDF tools
What this looks like
How fake and tampered salary slips actually look
Three real fraud mechanics we catch at the structural PDF layer.
Edit-and-re-save with adjusted figures
Candidate downloads the real PDF from their HRMS, opens it in any PDF editor or spreadsheet, changes the gross or basic, exports as PDF. The producer field reveals an editor — not the payroll system that issued the original. A clean structural fingerprint of tampering, regardless of which tool was used.
Generator-tool fabrication
Online "salary slip generator" sites produce a plausible-looking PDF for any employer name and salary the user types in. These tools leave a recognisable producer signature (often Chrome Headless or a specific PDF library) and miss the institutional metadata authentic payroll exports carry.
Gross-to-net arithmetic that does not reconcile
When a candidate edits the gross figure but forgets the deductions, the math no longer adds up. Row-by-row arithmetic checks across the slip flag this even before structural analysis kicks in — a high-confidence signal that the PDF was hand-edited.
The scale
Why your existing checks miss this
Database lookups check the person. They do not check the file.
Both layers matter. Most teams only run one.
Background-fraud-detection platforms confirm employment by calling the previous employer or checking a registry. They cannot tell you whether the PDF the candidate uploaded was edited after issuance. KYC and identity vendors check the identity behind the document — not the bytes inside the PDF. Manual HR review catches obvious fakes (typos, wrong tax codes), but a clean re-save through any editor passes a visual check every time. HTPBE? fills the structural-PDF layer those workflows do not provide — and works standalone, without a reference original.
What HTPBE? checks
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature on the PDF
Real salary slips come from a known regional HRMS — Sage Payroll, Xero, MYOB, Tally, Zoho Payroll, Keka, GreytHR, RazorpayX, or a country-specific payroll engine. When the producer field shows Microsoft Excel, LibreOffice, Chrome Headless, or a generic PDF library, the document was authored on a desktop — not exported from a payroll system.
Incremental update trail
Every save after the original export creates an incremental update section in the PDF — visible in the xref table and trailer chain. Authentic payroll exports have one xref. Edited slips have two or more.
Gross-to-net arithmetic
Table arithmetic across earnings, deductions, and net pay is checked row by row. A single edited number breaks the chain — a marker most generator tools fail to fake.
Font subset divergence across pages
When a slip is edited in multiple sessions or assembled from multiple sources, font subset prefixes diverge between pages. Invisible to the eye, obvious to structural analysis.
Text layer vs. raster layer mismatch
Some fraudsters replace text in the rendered image while leaving the underlying text layer untouched. The two layers stop agreeing — an immediate flag.
Modification timestamp gap
Authentic salary slips have ModDate equal or near CreationDate. A gap of hours, days, or weeks between creation and modification on a "monthly slip" is structural evidence of post-export editing.
Share with engineering
Wire this into your intake pipeline in under a day
Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.
Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does HTPBE? work on salary slips from Indian payroll systems (Zoho People, GreytHR, RazorpayX, Keka)?
How is this different from background-fraud-detection services like AuthBridge or IDfy?
Can it catch slips made with online generator tools?
modified or inconclusive with a producer mismatch flag.What if the candidate sends a phone photo of the slip instead of the PDF?
What does an INCONCLUSIVE verdict mean for a salary slip?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.