logo
Free PDF Check

Loan Origination Document Fraud Detection — the structural-PDF layer alongside Plaid, Persona, and OFAC

Built for fraud ops at lending, insurance & compliance teams

HTPBE? sits in the loan-origination pipeline next to bank-data aggregation (Plaid, Tink, Bridge), identity proofing (Persona, Onfido, Alloy), and sanctions screening (OFAC, ComplyAdvantage). It is the layer that opens the binary structure of every bank statement, payslip, tax return, and asset letter the borrower uploaded — and surfaces edits invisible to OCR, visual review, and downstream data-fraud-detection. Built for alt-lenders, fintech underwriting, BNPL fraud teams, and consumer-credit risk leads who carry post-disbursement loss and repurchase exposure. For first-lien mortgage origination — LOS/POS integration, repurchase exposure on agency loans — see the Mortgage page. From $15/mo. No sales call.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth

The problem

Modern document fraud is invisible to visual review

A growing class of document fraud opens a genuine PDF, edits a balance, a date, or a beneficiary, and re-saves it. Visually nothing changes — the document passes pixel-level review, layout review, and KYC.

Structural PDF analysis reads the layers rendering engines never expose: revision history, object structure, signature coverage maps. That is where edits leave fingerprints they cannot wipe.

Common tampering patterns

  • Modified balances or totals after export
  • Swapped IBAN or beneficiary on invoices
  • Post-signature edits on contracts
  • Backdated issue and modification dates
  • Fabricated documents from consumer PDF tools

What this looks like

What KYC stops at, and what tampered bank statements still get through

Three real fraud mechanics we catch at the structural PDF layer.

01

Inflated income on payslips and salary letters

The most common income fraud: a real payslip is opened in a consumer PDF editor and the salary figures are changed. The producer field shifts from the payroll software (ADP, PayFit, Sage, Xero) to the editor. The API returns KNOWN_EDITOR_IN_PRODUCER as a high-confidence marker.

02

Modified bank statements with edited balances

Bank statements rebuilt in Excel and exported to PDF carry spreadsheet software as the producer instead of the issuing bank’s reporting system. Edited real statements show timestamp gaps and additional revision layers. The API exposes both patterns from a single POST call.

03

Falsified tax returns and assessment notices

Self-employed income proof is often forged via altered tax returns or notice-of-assessment documents. The API detects modifications-after-signing on signed tax documents and producer mismatches on rebuilt forms — evidence visual review and OCR cannot find.

04

Fake employment fraud detection and asset letters

Employment verification letters and proof-of-asset letters are usually issued on institutional letterhead via a corporate PDF generator. When a fraudster recreates them in Word or a consumer editor, the producer fingerprint reveals the substitution. The API maintains a database of hundreds of known PDF tools to make this distinction precise.

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

Where the loss lands

Underwriting decisions you cannot reverse after fund

A tampered bank statement that passes intake becomes a charge-off you carry on the book.

Plaid, Tink, and Bridge confirm bank-account ownership when the borrower agrees to connect — many will not. Persona, Onfido, and Alloy verify the person, not the paperwork. OFAC and ComplyAdvantage screen names against sanctions lists, not document integrity. None of them open the PDF the borrower uploaded. Once the loan funds, post-disbursement loss is yours to absorb — and on warehouse-line or institutional capital, repurchase exposure compounds it. The structural-PDF check at intake is the cheapest place to catch the edit.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

Detection capabilities

Deterministic structural signals. No probabilistic scores, no model training.

Producer signature mismatch

The PDF claims to come from one tool but the binary structure points to another. The first signal of post-export editing.

Incremental update trail

Every save after the original creates an incremental update. Long chains mean multiple editing sessions on the same file.

Multiple xref tables

Each editing session adds a new cross-reference table. Genuine institutional PDFs have one. Tampered PDFs have several.

Modification timestamp gap

A real PDF has matching CreationDate and ModDate. Months between them is a high-confidence forgery signal.

Digital signature validation

When a digital signature exists, we verify the coverage map. Modifications after signing return certain-confidence verdicts.

Font and object consistency

Edited text introduces new font subsets or objects with origin patterns inconsistent with the rest of the document.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Which lending documents does the API support?

Any PDF document submitted in a loan or credit application: bank statements, payslips, tax returns, W-2s, 1099s, P60 and P45, T4 and NOA, employment fraud detection letters, asset and reference letters, mortgage statements, and proof of address. The API analyzes the PDF binary structure, so no document-type configuration is required.

How does this fit alongside Plaid and KYC platforms?

Plaid, Tink, and Bridge pull bank-account data directly from the bank — ideal when the borrower consents to the connection, but many borrowers refuse, and the data does not cover the PDF documents themselves. Persona, Onfido, and Alloy check identity and detect fake document templates, but they do not detect edited real documents. HTPBE? fills the gap: it checks the structural integrity of the specific PDF file submitted, regardless of identity or aggregation.

Does the API replace manual underwriter review?

No. It removes manual review as the only line of defence on document tampering. Underwriters cannot reliably catch a producer-field mismatch by eye, and OCR-based fraud platforms cannot read the binary structure. The API automates the structural check and lets the underwriter focus on credit decisions instead of forensic inspection.

What is the typical false-positive rate on lending documents?

Markers are returned with confidence levels — certain, high, or none. Certain markers (modifications after a digital signature, signature removal) have effectively zero false positives because the evidence is cryptographic. High-confidence markers (producer mismatch, timestamp gaps) have a small false-positive rate because legitimate workflows occasionally trigger them — a bank that exports statements through a third-party PDF service, for example. The API returns the marker name so your team can build context-aware rules: a producer mismatch on a major US bank statement is suspicious; on a smaller credit union it may be expected.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →