logo
Free PDF Check

BGV, Right-to-Work, and I-9 document fraud detection — the structural layer reference calls cannot reach

Built for fraud ops at lending, insurance & compliance teams

Background verification operators in the US, UK, India, and EU all hit the same wall: the BGV call confirms the candidate worked there, but it does not look inside the PDF the candidate uploaded. Reference letters get tampered. Right-to-Work documents (UK) and I-9 supporting PDFs (US) get fabricated on PDF editors. A single API call surfaces the structural edits invisible to the eye and to the BGV operator on the phone.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We complement background-check services; we don’t replace them. Background checks check employment history against databases and employer responses. HTPBE? checks the PDFs a candidate uploads at the structural layer, independent of employer fraud detection.

The problem

Why BGV calls do not catch a tampered reference letter

A BGV operator on the phone with a former employer confirms the candidate’s tenure, role, and reason for leaving. The operator never sees the PDF the candidate attached to the application — HR review does, but only visually. A real reference letter from a real employer with the salary or title modified is structurally edited and visually indistinguishable from the original. The BGV call returns CLEAR. The PDF is fraudulent.

Self-produced PDFs mimicking prior employer letterheads are more common than outright fabrications. An applicant takes a legitimate employment letter from a previous job, opens it in a PDF editor, and changes the compensation figure or job title. The result looks authentic — the file structure does not. Credential fraud also extends to forged certificates and diplomas.

The average replacement cost for a fraudulent hire exceeds $17,000. At scale, credential fraud in hiring is a direct financial risk, not just an HR compliance issue.

Reference, RTW, and I-9 fraud patterns

  • Reference letter with salary, title, or tenure modified after the issuer signed off
  • Right-to-Work (UK) supporting PDF rebuilt to match a fabricated visa status
  • I-9 (US) supporting documents (SSN card scan, DL scan, visa) altered before upload
  • Prior offer letter opened in a PDF editor with compensation inflated
  • Salary certificate edited to show higher compensation than the candidate received
  • Self-produced PDF mimicking a former employer’s letterhead and formatting

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Reference letter with salary, title, or tenure modified after the issuer signed off

02

Right-to-Work (UK) supporting PDF rebuilt to match a fabricated visa status

03

I-9 (US) supporting documents (SSN card scan, DL scan, visa) altered before upload

04

Prior offer letter opened in a PDF editor with compensation inflated

05

Salary certificate edited to show higher compensation than the candidate received

06

Self-produced PDF mimicking a former employer’s letterhead and formatting

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects in employment documents

Five forensic layers analyzed on every document — results in under 3 seconds

Producer signature validation

Authentic corporate exports carry recognizable producer signatures from HR systems (Workday, SAP SuccessFactors, BambooHR) or office tools. Self-produced or re-saved PDFs don’t match the claimed issuer.

Incremental update detection

Any post-creation edit leaves a structural fingerprint in the xref table. A reference letter with two xref tables was modified after the original corporate export.

Font and object consistency

Edited fields produce detectable font subset prefix shifts and object-layout anomalies. Title or salary substitutions show up clearly in the structural layer.

Digital signature fraud detection

Digitally signed employment letters and contracts are checked for post-signature modifications. Signature bypass is flagged at certainty-level confidence.

Text layer vs. raster agreement

Replaced text in a rendered document (letterhead template with edited fields) breaks agreement between the text and visual layers — a clear forgery signal.

Modification date vs. document date

A reference letter with a ModDate years after the stated employment end date was modified long after original issuance — a high-confidence fraud signal.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

How does this compare to traditional background-check services?

Background-check services check employment, education, and criminal history against databases and employer responses. HTPBE? checks the PDFs a candidate uploads at the structural layer. They complement each other — background check handles the facts, HTPBE? handles the documents.

Does it detect diploma or degree forgery?

For digital PDFs, yes — the structural layer reveals edits and non-authentic exports. For scanned or photographed diplomas, results depend on the source material; structural analysis is weaker on pure rasters. See /use-cases/fake-certificate-detection/fake-diploma-detection for the diploma-specific guide.

Can this integrate with Greenhouse, Lever, Workday, or BambooHR?

Yes. The API is stack-agnostic. Any ATS that accepts uploaded PDFs and can make an outbound HTTPS call can integrate via webhook or custom action. Most teams wire it into the document upload step.

What if a real reference letter is scanned and re-uploaded?

A scan-to-PDF workflow typically produces a clean scanner export with no incremental update trail — that returns INTACT. Edits applied after scanning are what get flagged.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →