logo

KYC Document Fraud Detection API

KYC verifies the person. HTPBE? verifies the paperwork behind them. Identity-verification platforms confirm the face and the ID — they don’t examine the utility bill, bank letter, or certificate of incorporation the applicant uploaded. We do, at the structural PDF layer.

~3 sec
per document
36 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We sit alongside identity-verification platforms (Persona, Onfido, Alloy, Jumio, Sumsub) as the structural-PDF layer they don’t provide. For identity verification, use an IDV platform. For the paperwork behind the identity, use HTPBE?.

Identity is verified. The paperwork behind it is not

Persona, Onfido, Alloy, Jumio, and Sumsub verify identity — face match, ID authenticity, liveness. They are the right tool for the identity layer. They don’t analyze the structural integrity of supplementary PDFs: proof of address, bank letters, certificates of incorporation, source-of-funds declarations.

One in five fraudulent documents passes initial manual review. A name or address field replaced on a real utility bill establishes false residency. A PDF mimicking a bank statement or corporate certificate, produced through an editor, passes visual screening. The structural layer records every edit regardless of how the rendered document looks.

Hours of manual review per application are replaced with seconds per document. Compliance teams gain a structural-integrity check and an audit record for every PDF submitted during KYC or KYB intake.

Most common KYC supporting document fraud

  • Proof of address: name or address replaced on a real utility bill
  • Bank reference letter: fabricated PDF mimicking institutional formatting
  • Certificate of incorporation: altered to hide ownership or change company name
  • Source-of-funds letter: edited to inflate declared wealth
  • Shareholder register: modified to conceal UBO or beneficial ownership

What the API detects in KYC supporting documents

Five forensic layers analyzed on every request — results in under 3 seconds

Incremental update detection

Any post-issuance edit leaves a fingerprint in the xref and trailer chain. A utility bill or bank letter that was edited after original generation carries this trace regardless of how it looks.

Producer signature validation

Real bank and government exports produce recognizable signatures. A bank reference letter with a consumer-tool producer field was never exported from a banking system.

Font subset prefix consistency

Multi-session edits create detectable font subset shifts across pages. Altered corporate documents often show this pattern when individual pages were modified separately.

Text layer vs. raster mismatch

Replaced text in rendered images breaks agreement between the text and visual layers — the clearest signal for name or address field substitutions on utility bills.

Digital signature verification

Officially issued documents (certificates, notarized letters) that carry digital signatures are checked for post-signature modifications.

Modification date after issuance

The PDF ModDate field updates automatically when edited. A utility bill ModDate weeks after its stated billing date is a direct signal of post-issuance tampering.

Built for compliance teams and regulated onboarding flows

Integrate at KYC or KYB intake alongside your existing IDV provider

Detect proof of address documents where name or address was replaced after issuance

Flag bank reference letters produced by consumer tools rather than banking systems

Catch corporate documents modified to hide ownership or inflate financial standing

Identify incremental updates on any supporting document — the primary tampering signal

Pair with Persona, Onfido, Alloy, or Jumio — they verify the person, HTPBE verifies the paperwork

Every check produces a structured audit record suitable for compliance documentation

Five forensic layers, one deterministic verdict

Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.

01

Metadata analysis

Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.

02

File structure

Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.

03

Digital signatures

Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.

04

Content integrity

Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.

05

Verdict with markers

Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.

See the full 36-check breakdown

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

Integrate in minutes

Two calls: POST the PDF URL, then GET the forensic verdict. No SDK required.

Request

bash
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-storage.com/proof-of-address.pdf"}'

Result (GET /v1/result/{id})

json
{
  "id": "d4e5f6a7-b8c9-0123-defa-456789012345",
  "status": "modified",
  "modification_confidence": "high",
  "modification_markers": [
    "Multiple cross-reference tables (incremental updates)"
  ],
  "creator": "British Gas Online",
  "producer": "Smallpdf",
  "creation_date": 1741219200,
  "modification_date": 1743552000,
  "has_digital_signature": false,
  "xref_count": 2,
  "has_incremental_updates": true
}

creator: “British Gas Online” with producer: “Smallpdf” means the utility bill originated from a real issuer but was subsequently processed through an online PDF editor — the proof-of-address fraud pattern. The modification date two months after creation confirms the editing session.

Pricing

Self-serve plans. No sales call, no procurement process.

Starter

$15/mo

30 checks/mo

Manual spot-checks for high-risk applications

Growth

$149/mo

350 checks/mo

Active onboarding teams with daily KYC volume

Pro

$499/mo

1,500 checks/mo

Fintech platforms and regulated institutions

Enterprise (unlimited, on-premise available) — see full pricing and docs

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Frequently Asked Questions

Does HTPBE replace Persona, Onfido, or Alloy?

No. Those platforms verify identity — face, ID, liveness. HTPBE verifies the PDFs an applicant uploads alongside their ID. They complement each other. Use the IDV platform for the person, HTPBE for the paperwork.

Can this help with enhanced due diligence (EDD) for high-risk clients?

Yes. EDD typically involves more supporting documents — corporate structure, source of funds, UBO declarations. Each is a PDF that can be edited. HTPBE provides a structural-integrity check and an audit record for each, directly supporting your EDD workflow.

Is it compliant with GDPR and financial-services data rules?

Documents are processed through the API and the analysis response is returned to your system. Review the privacy documentation at /legal for specific handling details and request a DPA if you need one for your compliance program.

What about scanned or photographed documents?

Structural analysis works best on digitally issued PDFs. Scans and photos are raster; our method has less to work with on pure rasters. Require digital PDF uploads where possible, or pair HTPBE with image-forensics tooling for raster-heavy flows.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Secure your workflowView API docs

Related: Fake utility bill detection guide →

Integrate KYC document verification in any stack

Two API calls — submit the supporting document PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.

bash
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
  -H "Authorization: Bearer htpbe_live_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}

# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
  -H "Authorization: Bearer htpbe_live_..." \
  | jq '.status'