logo
NOA fraud

A CRA Notice of Assessment is the most-trusted income proof in Canada — and the most-edited

Built for fraud ops at lending, insurance & compliance teams

Mortgage brokers and B-lenders treat the NOA as authoritative — it’s the official CRA verdict on the borrower’s declared income. Express Entry candidates submit it as proof of Canadian work history. Whenever an applicant needs a higher figure, the temptation is the same: download the real NOA from CRA My Account, edit the line that matters, re-export. The page renders identically. The file structure does not.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated NOA, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on a Notice of Assessment, that’s itself a fraud signal in this context — real NOA exports always come from CRA My Account, never from a desktop tool.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered NOA PDFs actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Real NOA edited and re-saved with a higher Total income

Authentic NOA comes from CRA My Account as a generated PDF with the CRA producer signature. The applicant downloads it, opens it in any PDF editor or spreadsheet, edits Line 15000 (Total income) or Line 26000 (Taxable income), exports as PDF. The producer field changes from CRA to whichever editor was used. Visual layout preserved; file fingerprint flipped.

02

NOA fabricated in Word from a screenshot of the CRA layout

A Word document built using the NOA layout copied from CRA documentation, populated with desired figures, exported as PDF. The producer is Microsoft Word; the CRA producer signature and structured CRA portal metadata authentic NOAs carry are missing entirely.

03

Tax year backdated to fill an income gap

A real NOA from one tax year gets edited to show a different year — covering a gap when the applicant was not earning Canadian income. Visual page looks legitimate; modification timestamp and incremental update markers reveal the post-issuance edit.

The scale

Top 3
fraud categories in Canadian mortgage applications involve income document tampering
~3 sec
per NOA via API
No CRA
no CRA API call needed — works on the file

Why your existing checks miss this

CRA Auto-fill My Return checks via consent. Borrowers who edited the file rarely consent.

Both layers matter. The CRA call only works if the borrower lets you make it.

CRA Auto-fill My Return and similar consent-based tooling can check NOA figures directly with CRA — when the borrower agrees to grant access. Borrowers who edited the file rarely do. OSFI B-20 guidelines push lenders to check income, but the fraud detection step is downstream and slow. IRCC immigration officers see NOAs in PDF form without consent-based CRA fraud detection at all. HTPBE? catches the NOA PDF the borrower or applicant uploaded at the moment of intake — standalone, no CRA API, no consent required.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

Authentic NOAs carry the CRA producer signature. When the producer is Microsoft Excel, Microsoft Word, LibreOffice, Chrome Headless, or a generic PDF library, the document was edited or fabricated on a desktop — it did not come fresh from CRA.

CRA portal metadata block presence

Real NOAs embed structured CRA metadata in the PDF — assessment identifiers, system-generated reference codes encoded as objects. Generator-tool fakes don’t reproduce these correctly. Missing or malformed identifiers are a clean signal of fabrication.

Incremental update trail

A clean CRA export has one cross-reference table. Re-saves through any editor append a second xref — visible structural evidence of post-issuance editing.

Line arithmetic across the assessment

Line arithmetic across the NOA (Total income → deductions → Taxable income → tax owed/refund) is checked row by row. Edited lines break the chain unless every dependent figure is also adjusted.

Modification timestamp gap

A real NOA issued in spring has CreationDate ≈ ModDate within days of CRA assessment. A months-later modification on a "freshly issued" NOA is a high-confidence flag for post-export editing.

Font subset divergence across pages

Multi-session edits leave font subset prefix shifts. Single-session legitimate CRA exports have consistent subsets across all pages.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Do I need to call CRA or use Auto-fill My Return to check NOAs?

No. HTPBE? performs standalone forensic analysis on the PDF the borrower or applicant uploaded — no CRA API call, no Auto-fill My Return integration, no borrower consent required. The signals are inside the file structure.

Can it catch NOAs fabricated from scratch in Word?

Yes. Fabricated NOAs lack the CRA producer signature and the structured CRA portal metadata genuine NOAs carry. The verdict is typically modified or inconclusive with producer-mismatch and missing-metadata flags.

How is this different from Equifax or TransUnion fraud detection?

Equifax Canada and TransUnion check identity and credit history — they do not analyse the file structure of the NOA the borrower uploaded. HTPBE? inspects that PDF directly. Use both: credit bureaus for the borrower, HTPBE? for the file.

What about NOAs used in Express Entry or PR applications?

IRCC officers receive NOAs as PDF supporting documents — without consent-based CRA fraud detection. HTPBE? inspects the same file an officer would open: producer mismatch, incremental update trail, missing CRA portal metadata, line arithmetic. Verdicts are deterministic and audit-ready.

What does an INCONCLUSIVE verdict mean for a Notice of Assessment?

HTPBE? returns INCONCLUSIVE when an NOA PDF lacks the institutional metadata that genuine CRA My Account exports carry — typically because the file was authored on a desktop with consumer software (Word, Excel, LibreOffice) rather than downloaded from CRA My Account. In the NOA context, INCONCLUSIVE is itself a high-confidence fraud signal: a real CRA Notice of Assessment always comes from CRA My Account and carries the CRA producer signature — it would never originate from a desktop tool. Treat INCONCLUSIVE on an NOA as fraud-positive and route the case to CRA consent-based fraud detection or manual income review before any mortgage or immigration decision.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →