logo
Utility bill fraud

Fake Utility Bill Detection — Catch Forged Proof of Address

Built for fraud ops at lending, insurance & compliance teams

A utility bill is the cheapest forgery in fintech onboarding — and the one your KYC stack waves through. KYC ops at neobanks, brokers, crypto exchanges, and lenders all accept utility bills as proof of address. Fraud rings know it. They author bills in Microsoft Word using a real provider’s template, paste the applicant’s name and target address, export to PDF, upload. The visual layout passes; the file structure does not.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. If your fraud problem is a digitally fabricated or tampered utility bill, we’re the most specific tool for it.

When HTPBE? returns INCONCLUSIVE on a utility bill, that’s itself a fraud signal in this context — real bills always come from utility-provider billing systems (SAP, Oracle Utilities, in-house print engines), never from a desktop tool.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered utility bills actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Bill fabricated in Microsoft Word from scratch

No provider involved. The applicant downloads a real utility-provider template image, drops it into Word, types the name and target address, exports to PDF. The producer field shows Microsoft Word — not the billing system real bills carry.

02

Real bill with edited address or name

Applicant takes a real bill from another tenant or family member, opens it in any PDF editor, replaces the name or street, re-exports. The xref chain shows an incremental update — visible structural evidence of post-issuance editing.

03

Old bill with edited statement date

A genuine bill from two years ago becomes a "current" bill by editing the statement period and due date. Modification timestamp gap (years between CreationDate and ModDate) exposes the freshening.

The scale

~30%
of address-fraud cases use fabricated utility bills as the primary document
$5K–$15K
average loss per synthetic-identity account opened with fake POA
~3 sec
per utility bill via API

Why your existing checks miss this

KYC platforms check the address. They do not check the file.

Address-validation services confirm the address exists. Not that this PDF is real.

KYC platforms (Onfido, Persona, Jumio, Sumsub) extract the address with OCR and check it against postal databases — they cannot tell whether the underlying PDF was issued by the utility provider or fabricated on someone’s desktop. Address-validation APIs confirm the address exists and is reachable; they don’t confirm this specific bill came from the provider. HTPBE? inspects the file structure (producer, xref, metadata, image streams) and surfaces structural fraud markers before account opening.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the bill

Authentic utility bills come from provider billing systems (SAP IS-U, Oracle Utilities, CIS+, in-house print engines that route through enterprise PDF libraries). When the producer field shows Microsoft Word, LibreOffice, Google Docs, Chrome Headless, or any consumer PDF tool, the bill was authored on a desktop — it didn’t come from the provider.

Incremental update trail

A clean export from a billing system has one cross-reference table. Re-saves through any PDF editor append a second xref — visible structural evidence of post-issuance editing on a name, address, or amount.

Statement-date vs metadata gap

A bill claiming "Statement period: March 2026" but with a CreationDate or ModDate from a year earlier (or vice versa) is a high-confidence flag. Real bills are issued the day they’re generated.

Image-stream artefacts in pasted logos and headers

Fabricated bills paste the provider’s logo lifted from the public site. The pasted image stream carries different compression characteristics and object structure than authentic embedded headers — a structural fingerprint of fabrication.

Font subset divergence

Real billing-system bills use a single font subset across the full document. Fabricated bills assembled by hand often show subset prefix shifts where text was retyped or pasted, exposing the multi-source authoring.

Single-session vs multi-session creation pattern

Provider billing systems produce bills in one shot — single xref, no incremental updates, CreationDate equals ModDate. Edits and hand-fabrications break this pattern in different but consistent ways.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Does this work with utility bills from any country or provider?

Yes. The analysis is producer-agnostic — it inspects whichever PDF arrives. Utility-provider billing systems leave recognisable producer signatures regardless of country (US, UK, EU, India, AU, CA). Hand-fabricated bills authored in Word, Docs, or generic PDF tools leave non-institutional signatures HTPBE? flags equally across regions.

How is this different from address-validation APIs?

Address-validation APIs (Loqate, Smarty, Google Address Validation) confirm the address exists and is correctly formatted — they don’t check the PDF that claims someone lives there. HTPBE? inspects the file structure to detect that the bill itself was fabricated or edited. Use both: address validation for the address fact, HTPBE? for the file integrity.

Can it catch a bill where only the name was swapped?

Yes. Name swaps require opening the PDF in an editor and re-saving, which appends an incremental update to the xref chain. The verdict will be modified with the incremental-update marker — even when the visual layout looks pixel-perfect.

What does an INCONCLUSIVE verdict mean for a utility bill?

HTPBE? returns INCONCLUSIVE when a utility bill PDF lacks the institutional metadata genuine billing-system exports carry — typically because the file was authored on a desktop with consumer software (Word, Docs, generator tools) rather than exported from the provider’s billing engine. For utility bills, INCONCLUSIVE is itself a high-confidence fraud signal: a real provider bill always carries a billing-system producer string. Treat INCONCLUSIVE on a POA bill as fraud-positive and route the case to manual document review or alternative POA before account opening.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →