A P60 is one PDF a year — and any applicant can re-save it with a higher gross
Lettings agents use it for tenant referencing. Mortgage lenders use it as primary income proof. Sponsor-licence holders keep it on file for Home Office audit. And every applicant who needed a higher figure knows the original from Sage, IRIS, or Xero Payroll can be opened in any PDF editor and re-exported in five minutes.
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally altered or fabricated P60, we’re the most specific tool for it.
When HTPBE? returns INCONCLUSIVE on a P60, that’s itself a fraud signal in this context — real P60 exports always come from a UK payroll engine, never from a desktop tool.
The problem
Modern document fraud is invisible to visual review
A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.
Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.
Common tampering patterns
- Modified balances or totals after export
- Swapped IBAN or beneficiary on invoices
- Post-signature edits on contracts
- Backdated issue and modification dates
- Fabricated documents from consumer PDF tools
What this looks like
How fake and tampered P60 PDFs actually look
Three real fraud mechanics we catch at the structural PDF layer.
Edit-and-re-save with bumped Total for year
Authentic P60 comes from a payroll system (Sage, IRIS, Brightpay, Xero, QuickBooks Payroll, Moorepay, ADP UK). The applicant downloads it, opens it in any PDF editor or spreadsheet, edits the Total for year (gross or net), exports back to PDF. The producer field changes from the payroll engine to whichever editor was used.
P60 fabricated in Word from a template
Online "P60 generator" sites and Word templates produce a P60-shaped PDF for any employer name and earnings the user types in. These tools miss the structured payroll-system metadata authentic P60s carry and leave generator-tool producer fingerprints.
Tax code edited but the figures don’t reconcile
Wrong-code P60s are a classic letting-agent flag — but most tenant-referencing teams catch only the obvious ones. When the applicant edits the gross figure, the PAYE deducted no longer reconciles with the tax code and bands. Row arithmetic catches this even before structural analysis.
The scale
Why your existing checks miss this
Open Banking checks the income. It does not check the P60.
Both layers matter. The applicant chose to upload the P60 because the bank doesn’t cover the full picture.
Tenant-referencing platforms (Goodlord, RentProfile, FCC Paragon) and mortgage tech vendors check income through Open Banking when the applicant agrees to connect the account — but applicants who want a higher figure shown rarely do. They submit a P60 instead. HMRC operates Real Time Information for employers, but tenant agents and lenders cannot query it on behalf of an applicant. HTPBE? catches the P60 the applicant uploaded, regardless of whether Open Banking is available — standalone, no HMRC API, no payroll-bureau lookup.
What HTPBE? checks
Detection capabilities
Deterministic structural signals. No probabilistic scores, no model training.
Producer signature on the P60
Authentic P60s come from a UK payroll engine — Sage, IRIS, Brightpay, Moneysoft, Xero, QuickBooks Payroll, Moorepay, ADP UK, FreeAgent. When the producer is Microsoft Excel, LibreOffice, Word, Chrome Headless, or a generic PDF library, the document was edited or fabricated on a desktop.
Incremental update trail
A clean payroll export has one cross-reference table. Re-saves through Excel or PDF editors append a second xref — visible structural evidence of post-issuance editing.
Tax code and figure arithmetic
Line arithmetic across the P60 (Total for year → tax deducted → NI) is checked row by row. Edited gross figures break the chain — even when the visual layout is preserved.
Modification timestamp gap
A real P60 issued in May has CreationDate ≈ ModDate. A six-month gap on a "freshly issued" P60 is a high-confidence flag for post-export editing.
Font subset divergence
Multi-session edits leave font subset prefix shifts across pages. Single-session legitimate exports have consistent subsets.
Text layer vs. raster layer mismatch
Some fraudsters replace text in the rendered image while leaving the underlying text layer untouched. The two layers stop agreeing — an immediate flag.
Share with engineering
Wire this into your intake pipeline in under a day
Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.
Pricing
Self-serve plans, no sales call
All plans include the same forensic checks. Pick the quota that matches your monthly document volume.
manualStarter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
most commonGrowth
$149/mo
350 checks/mo
Active document processing pipelines
high volumePro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing
API key on signup. Free test environment on every plan. No card required.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
FAQ
Frequently asked questions
Does HTPBE? work with P60s from any UK payroll provider?
Do I need to call HMRC to check P60s?
Can it catch P60s made with online generator tools?
modified or inconclusive with producer-mismatch flags.What about P60s that are scanned printed copies?
inconclusive: institutional metadata is gone (because the scanner authored a fresh PDF). Treat inconclusive on a P60 as a prompt for manual review or a request for the original PDF from the payroll system.What does an INCONCLUSIVE verdict mean for a P60?
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.