logo

Insurance Claims Fraud Detection API

Detect altered repair estimates, inflated medical reports, and fabricated receipts before claims are paid. A single API call surfaces forensic evidence of PDF modification — at document intake, before adjuster review.

~3 sec
per document
35 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

Scope

htpbe? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect phone photos, vehicle telematics, or claimant biometrics, and we don’t replace SIU investigation. If your claims fraud problem includes tampered or fabricated supporting PDFs (medical bills, repair estimates, receipts, proof of loss), we’re the most specific tool for it.

INCONCLUSIVE meaning is context-dependent: institutional documents (medical bills, repair estimates) → INCONCLUSIVE is a high-confidence fraud signal; consumer documents (receipts, claimant statements) → INCONCLUSIVE is the expected baseline, requires combining with other markers.

Insurance document fraud is a $308 billion problem

According to industry estimates, insurance fraud costs US carriers $308 billion annually. An estimated 25–30% of claims now involve documents that have been digitally altered — repair estimates with inflated line items, medical reports with changed diagnoses, receipts with modified amounts.

Claims adjusters process dozens or hundreds of PDF documents per week. Manual review cannot catch structural modifications that are not visible when viewing the document. A fraudster can open a legitimate repair estimate in Adobe Acrobat, change one line item, and re-save the PDF. The resulting document looks identical to the original.

htpbe? analyzes the binary structure of each PDF for evidence of post-issuance modification. The structural traces left by editing tools cannot be removed without invalidating the document entirely.

Most common insurance document fraud patterns

  • Repair estimate: add parts that were not replaced
  • Medical report: change amounts or details after issuance
  • Receipt: inflate labor hours or unit prices
  • Expert assessment: change the damage severity rating
  • Police report: alter the accident description or vehicle details
  • Prescription: change quantity or medication to a higher-cost equivalent

Forensic signals analyzed in every claims document

Five layers of analysis — results in under 3 seconds

Multiple xref tables

Authentic documents from repair shops, clinics, or suppliers have one cross-reference table. A second table means content was appended after the original save — the primary structural marker of claims document tampering.

Incremental update chain

Every editing session on a PDF adds an incremental update record. htpbe? counts the update chain length. A repair estimate or medical report with two or more incremental updates was processed by an editing tool after issuance.

Consumer tool producer mismatch

Legitimate repair estimates come from automotive management systems; medical reports from clinical document systems. A producer field showing “iLovePDF”, “PDF24”, or “Adobe Acrobat” indicates post-issuance editing.

Modification date after incident date

The PDF ModDate updates automatically when a file is edited. If the ModDate on a repair estimate is later than the stated repair date, or on a medical report later than the treatment date, the document was modified after issuance.

Signature bypass detection

Adjuster-countersigned claim forms are sometimes stripped of the signature page and re-submitted with altered content. htpbe? detects removed digital signature blocks at “certain” confidence — the highest verdict level.

Multi-session page assembly

Complex fraud involves assembling pages from different documents or sessions into one PDF. htpbe?’s multi-session analysis layer detects pages that originate from different rendering sessions, a strong indicator of document fabrication.

Built for claims operations teams

Integrate at document intake or use the free tool for manual spot-checks

Detect inflated repair estimates where amounts were changed before submission

Flag medical reports where the producer field reveals a consumer PDF editor, not clinical software

Catch receipts edited in Word or online tools to inflate amounts or change vendors

Identify modification dates that post-date the incident, indicating post-creation editing

Integrate into your claims management system at document intake via a single REST call

Free web tool lets claims adjusters check suspicious documents for tampering without writing code

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 35-check breakdown

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use htpbe? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

Integrate in minutes

Two calls: POST to analyze, GET to retrieve the result.

Step 1 — POST /v1/analyze

bash
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/repair-estimate-claim-4821.pdf"}'

Step 2 — GET /v1/result/{id} — edited repair estimate detected

json
{
  "id": "f7e6d5c4-b3a2-1908-7f6e-5d4c3b2a1908",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Multiple cross-reference tables (incremental updates)",
    "Known PDF editing tool detected"
  ],
  "producer": "iLovePDF",
  "creator": "Microsoft Word",
  "creation_date": 1711929600,
  "modification_date": 1712016000,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

producer: “iLovePDF” with creator: “Microsoft Word” means the document was created in Word and then processed by an online PDF editor — not generated by an automotive or medical document system. The xref_count: 2 confirms editing after the original save.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual spot-checks for suspicious claims

Growth

$149/mo

350 checks/mo

Active claims operations teams

Pro

$499/mo

1,500 checks/mo

High-volume claims processing automation

Enterprise (unlimited, on-premise available) — see full pricing and docs

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Frequently Asked Questions

Which document types in a claims package can be checked for tampering?

Any PDF document submitted as part of a claim: repair estimates, medical reports, prescriptions, invoices from service providers, receipts, adjuster reports, police reports, and expert assessments. The API analyzes the PDF binary structure, not document type — so it works on any PDF regardless of what it claims to be.

Can it detect AI-generated fake medical reports?

Partially. htpbe? detects structural modification markers — xref tables, incremental updates, producer mismatches. An AI-generated PDF created from scratch with a tool like ChatGPT or a PDF library will often return inconclusive because the file was created from scratch and never edited after creation. However, the producer and creator fields will reveal the generation tool, which is itself a risk signal for medical documents that should come from clinical systems.

What does a "modified" verdict mean for a repair estimate?

It means the PDF file contains forensic evidence of post-issuance editing: additional cross-reference tables, incremental update records, a producer field inconsistent with automotive management software, or a modification date later than the repair date. It does not automatically mean fraud — it means the document warrants manual review before payment authorization.

How does it fit into existing claims management systems?

The recommended integration point is at document intake, when the claimant or repair shop uploads PDFs to your claims portal. Send each PDF URL to POST /v1/analyze, retrieve the result from GET /v1/result/{id}, and flag any document with a modified or inconclusive verdict for adjuster review before proceeding. The API adds under 3 seconds to the processing time. Results can be stored alongside the claim record using the returned id.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs

Related: Insurance claims fraud detection for SIU →

Integrate insurance claims fraud detection in any stack

Two API calls — submit the claim supporting PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.

bash
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer htpbe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}

# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
  -H "Authorization: Bearer htpbe_live_..." \
  | jq '.status'