Fake 1099 Detection — Catch Tampered Self-Employment PDFs
A 1099 is the only income proof a self-employed borrower has — and the easiest one to inflate. Self-employed borrowers face stricter income-fraud detection standards than W-2 employees. Many lenders treat the 1099 PDF as the primary document of record. When the contractor edits the figure on Box 1 (NEC) or Box 7 (Nonemployee compensation, MISC) before uploading, the wrong number anchors the entire underwriting decision.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated 1099, we’re the most specific tool for it.
When HTPBE? returns INCONCLUSIVE on a 1099, that’s itself a fraud signal in this context — real 1099 exports always come from an accounting platform or payer system, never from a desktop tool.
The problem
Modern document fraud is invisible to visual review
A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.
Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.
Common tampering patterns
- Modified balances or totals after export
- Swapped IBAN or beneficiary on invoices
- Post-signature edits on contracts
- Backdated issue and modification dates
- Fabricated documents from consumer PDF tools
What this looks like
How fake and tampered 1099 PDFs actually look
Three real fraud mechanics we catch at the structural PDF layer.
Real 1099 edited after issuance
Authentic 1099 comes from the payer’s accounting software (QuickBooks, Xero, Wave, FreshBooks) or a platform issuer (Stripe Tax, Square, PayPal for 1099-K, Uber/Lyft/DoorDash). The contractor downloads it, opens it in any PDF editor or spreadsheet, edits Box 1 (NEC) or Box 7 (MISC), exports as PDF. The producer field changes from the source system to whichever editor was used.
1099 fabricated in Word from a template
A 1099-shaped PDF authored in Word using the IRS form layout copied from screenshots, populated with desired payer and amount, exported. The producer is Microsoft Word; the structured payer-system metadata authentic 1099s carry is missing entirely.
Multiple "monthly" 1099s aggregated to claim higher annual
A contractor stitches together "1099s" from several fake clients to claim higher aggregate income than reality. Cross-document timestamp clustering and font-subset consistency reveal that "five different payers" all generated PDFs within minutes of each other in the same session.
The scale
Why your existing checks miss this
IRS Get Transcript checks via consent. Most lenders cannot use it at scale.
Both layers matter. The PDF the contractor uploaded is what your underwriter opens.
IRS Get Transcript can check 1099 figures with the IRS — but only with the borrower’s consent and one-by-one transcript pulls, which most lenders cannot run at scale. Bank-statement parsing platforms (Plaid, Finicity, MX) check deposit history when the contractor connects their bank account — contractors who edited the 1099 rarely do. HTPBE? catches the 1099 PDF the contractor uploaded at the moment of intake — standalone, no IRS API, no consent required.
What HTPBE? checks
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature mismatch
Authentic 1099s carry the producer signature of the payer’s accounting software or platform issuer (Stripe, Square, PayPal, Uber, etc.). When the producer is Microsoft Excel, Microsoft Word, LibreOffice, Chrome Headless, or a generic PDF library, the document was edited or fabricated on a desktop.
Incremental update trail
A clean accounting export has one cross-reference table. Re-saves through any editor append a second xref — visible structural evidence of post-issuance editing.
Cross-document timestamp clustering
When multiple 1099s arrive together claiming different payers, the API surfaces creation timestamps for each. Real 1099 issuance from different payers happens at different times. Batch-generated sets cluster within minutes — combined with identical font subsets, the batch pattern is unambiguous.
Box arithmetic fraud detection
For 1099 forms with multiple boxes (federal income tax withheld, state info), arithmetic relationships are checked. Edited boxes break the chain unless every dependent field is also adjusted.
Modification timestamp gap
A real 1099 issued by January 31 has CreationDate ≈ ModDate. A months-later modification on a "freshly issued" 1099 is a high-confidence flag for post-export editing.
Font subset divergence across pages
Multi-session edits leave font subset prefix shifts. Single-session legitimate exports have consistent subsets across all pages.
Share with engineering
Wire this into your intake pipeline in under a day
Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.
Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does HTPBE? work with 1099s from any platform issuer?
Can it catch a contractor stitching together multiple fake 1099s?
Does this replace IRS Get Transcript or income-data fraud detection?
What about 1099s from self-published platforms (Substack, Patreon, Etsy)?
What does an INCONCLUSIVE verdict mean for a 1099?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.