logo
Free PDF Check

Immigration Document Fraud Detection

Built for fraud ops at lending, insurance & compliance teams

Detect structural modifications in visa documents before submission. One fraudulent filing — an edited bank statement, a forged recommendation letter, a fake Certificate of Sponsorship, an altered employment contract — can trigger a compliance audit or revoke your sponsor licence. HTPBE? catches both fake and tampered PDFs invisible to the naked eye.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect passport biometrics, holograms, or scanned-image authenticity, and we don’t replace right-to-work or sponsor-licence fraud-detection systems. If your fraud problem is a tampered or fabricated supporting PDF (employment letter, salary slip, education certificate, financial proof), we’re the most specific tool for it.

INCONCLUSIVE meaning is context-dependent: institutional documents (bank statements, government issuances) → INCONCLUSIVE is a fraud signal; small-employer letters and personal documents → INCONCLUSIVE is the expected baseline, requires combining with other markers before flagging.

The problem

Why visual review misses tampered immigration documents

Immigration consultants and global mobility teams process hundreds of supporting documents per month — bank statements, recommendation letters, employment contracts, Certificates of Sponsorship. A single fraudulent document in a visa application can trigger a sponsor licence audit, suspension, or revocation.

Visual inspection catches obvious forgeries: wrong fonts, misaligned logos, spelling errors. But modern PDF editing tools produce documents that are visually indistinguishable from originals. The modifications exist only in the file’s binary structure — metadata fields, cross-reference tables, incremental update chains.

HTPBE? analyses the PDF’s internal structure to detect whether a document was modified after its original creation — regardless of how convincing it looks on screen. No baseline copy required, no original document needed for comparison.

Compliance risks from fraudulent filings

  • Sponsor licence revocation risk from fraudulent filings
  • Altered bank statements meeting visa financial requirements
  • Post-signature edits invisible to visual review
  • Recommendation letters forged after original signing

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Sponsor licence revocation risk from fraudulent filings

02

Altered bank statements meeting visa financial requirements

03

Post-signature edits invisible to visual review

04

Recommendation letters forged after original signing

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects in immigration documents

Six forensic layers analyzed on every submission

Editing tool fingerprint in producer field

Authentic immigration documents are produced by institutional systems — core banking software, government document portals, payroll engines. A producer field showing a consumer editor (Adobe Acrobat, Foxit, iLovePDF, Microsoft Excel) is a primary signal that the file was reconstructed or edited outside its original issuer.

Multiple cross-reference tables

An authentic single-session PDF export contains one cross-reference table. Every subsequent open-and-save cycle in an editing tool appends a new table. Supporting documents with two or more xref tables were opened and re-saved after the original creation — the most common structural sign of tampering.

Creation-to-modification date gap

Metadata timestamps update automatically when a PDF is edited. A modification date that trails the creation date by days or weeks on a document that should have been produced in a single institutional export is a direct indicator that the file was altered after issuance.

Post-signature modification markers

Documents bearing a digital signature are cryptographically locked at the moment of signing. Any structural change after that point produces an invalidated signature state — HTPBE? surfaces both the signature failure and the specific markers that triggered it.

Missing institutional metadata structure

Bank statements, Certificates of Sponsorship, and government-issued letters carry embedded metadata that reflects the issuing system. PDFs reconstructed from scratch in consumer tools lack this metadata structure entirely — the absence is itself a forensic signal.

Incremental update chain

PDF editors append modifications as incremental updates rather than rewriting the file. HTPBE? counts the update chain depth: a document with incremental updates layered over an original export was processed by an editing tool after the institution produced it.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Can HTPBE? detect tampering in a Certificate of Sponsorship PDF?

Yes. HTPBE? analyses the PDF’s internal structure — xref tables, metadata fields, incremental update chains, and digital signature integrity — to detect whether the document was modified after its original creation. This works on Certificates of Sponsorship, recommendation letters, bank statements, and any other PDF document.

Do I need the original document to detect tampering?

No. HTPBE? performs one-sided forensic analysis on the single submitted file. No baseline copy or original is required. The analysis uses internal structural signals present in every PDF.

What does INCONCLUSIVE mean for a bank statement submitted for a visa application?

For a bank statement, INCONCLUSIVE is a strong fraud signal, not an ambiguous result. Legitimate bank statements are generated by institutional banking systems — they always carry recognisable producer metadata. If the verdict is INCONCLUSIVE, the file was produced by consumer software (Microsoft Word, Google Docs, a generic PDF tool) rather than a bank’s export engine. That itself is grounds for escalation: real bank statements are not generated in Word.

Can HTPBE? detect tampering in a recommendation letter signed digitally by an employer?

Yes. A digitally signed letter is cryptographically locked at signing. Any modification to the file after that point — even a single changed character — invalidates the signature and produces detectable structural markers. HTPBE? surfaces both the signature failure state and the specific modification markers. For letters without a digital signature, tampering is detected via the producer field, xref count, and timestamp delta, though confidence is lower than for signed documents.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →