logo
Employer sponsorship compliance

Auditors open the file you kept — not the file you meant to keep

Built for fraud ops at lending, insurance & compliance teams

Sponsorship obligations rest on the evidence in your records: worker payslips, contracts, qualification letters, eligibility proof. When any of those PDFs were altered before filing, downgrade, suspension, or loss of sponsorship privileges becomes far more likely. Read every PDF before it is filed.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect holograms, phone photos, or ID biometrics. Case-management portals and regulator submissions remain primary; HTPBE? catches tampering on the supporting PDF evidence you retain.

When HTPBE? returns INCONCLUSIVE on sponsorship evidence, that’s itself a fraud signal in this context — real payslips, certificates, and portal letters almost always come from institutional systems, not from a desktop tool.

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

How fake and tampered sponsorship-evidence PDFs actually look

Three real fraud mechanics we catch at the structural PDF layer.

01

Sponsored worker payslips backdated to fill a gap

Periods where pay fell below the sponsored role threshold — or where payslips are missing — get patched with backdated PDFs. Payroll-system producer signatures, incremental update markers, and modification timestamps reveal the edits.

02

Qualification certificate fabricated

A claimed degree or licence is mocked up in Word with a logo from the institution’s website. Producer shows a consumer editor; structural markers of an issuing campus or registry are absent.

03

Work-eligibility supporting documents edited before retention

Portal letters and supporting PDFs are edited so the retained file matches what reviewers expect. The live check may be valid — the archived PDF is not. Annotation-layer changes and incremental updates expose post-issuance editing.

The scale

At risk
sponsorship privileges and civil penalties when evidence fails review
~3 sec
per evidence PDF via API
Audit trail
every verdict produces named structural markers for the file

Why your existing checks miss this

Submission systems record what you reported. They do not inspect every PDF byte.

On review, regulators open retained evidence — that folder is what must hold up.

Employer portals capture what you filed with authorities. Live eligibility and identity checks cover the session. A desk review still opens your archived PDFs — and if those files were altered before archiving, earlier checks do not fix the record. HTPBE? runs at intake on every PDF that lands in the evidence pack — no case-system API or regulator lookup required.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature on the evidence PDF

Authentic payslips come from payroll engines; certificates from issuers; portal letters from government stacks. When the producer is Microsoft Word, Excel, LibreOffice, or a generic PDF library, the file was built or edited on a desktop.

Incremental update trail

Edits to dates, salary figures, conditions, or signatures leave incremental updates in the xref chain. Legitimate single-session exports have one xref; tampered files have two or more.

Modification date vs. claimed evidence period

When a payslip dated June 2023 has a ModDate months later, the file was touched after the period it claims — a strong flag for backdated evidence.

Image-stream artefacts

Pasted logos and signatures show JPEG/PNG compression mismatches. That structural fingerprint often marks fabrication.

Annotation and form-field tampering

Annotation and form-field layers are tracked separately. Edited expiry dates or conditions on eligibility PDFs leave traces.

Font subset divergence across pages

Multi-session edits or page reassembly shift font subset prefixes. Single-session legitimate exports stay consistent.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Will regulators treat HTPBE?’s verdict as dispositive?

HTPBE? produces a deterministic verdict (intact / modified / inconclusive) with named structural markers — useful as an internal audit trail. How much weight a given authority gives that output is a separate legal question; most teams use HTPBE? upstream so tampered PDFs never enter the evidence pack.

Does this replace our IDV vendor or online eligibility checks?

No. Live proofing stays primary. HTPBE? inspects archived PDFs — payslips, contracts, certificates, eligibility letters — to confirm none were altered between issuance and retention. Use both.

Can it be wired into our HR or compliance platform?

Yes. The API is stack-agnostic — any system that accepts PDFs and can call HTTPS can integrate. Many sponsors run HTPBE? as a pre-filing check when a PDF lands in the evidence folder.

What happens when a PDF returns inconclusive?

A verdict of inconclusive means institutional integrity signals are weak — common for pure scans or consumer-authored exports. For sponsorship evidence, that alone often warrants manual review or a request for the original issuer export.

What does INCONCLUSIVE mean for sponsorship evidence?

HTPBE? returns INCONCLUSIVE when a PDF lacks the metadata pattern typical of payroll exports, campus systems, or portal stacks — and instead looks like desktop software output. In sponsorship workflows, INCONCLUSIVE is often a fraud signal: legitimate sources usually produce clean institutional files. Treat it as fraud-positive: obtain a fresh export from the issuer before filing.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →