Lending Document Fraud Detection API
HTPBE is a REST API that detects tampered loan and mortgage application documents. It analyzes the binary structure of bank statements, payslips, tax returns, employment letters, and asset statements to expose modifications invisible to OCR and visual review.
Built for alt-lenders, fintech underwriting, mortgage brokers, and BNPL fraud teams. From $15/mo. No sales call.
Where Lending Fraud Hides in the Document
Every PDF carries hidden evidence of its history. Here is what to look for.
Inflated income on payslips and salary letters
The most common income fraud: a real payslip is opened in a consumer PDF editor and the salary figures are changed. The producer field shifts from the payroll software (ADP, PayFit, Sage, Xero) to the editor. The API returns KNOWN_EDITOR_IN_PRODUCER as a high-confidence marker.
Modified bank statements with edited balances
Bank statements rebuilt in Excel and exported to PDF carry spreadsheet software as the producer instead of the issuing bank’s reporting system. Edited real statements show timestamp gaps and additional revision layers. The API exposes both patterns from a single POST call.
Falsified tax returns and assessment notices
Self-employed income proof is often forged via altered tax returns or notice-of-assessment documents. The API detects modifications-after-signing on signed tax documents and producer mismatches on rebuilt forms — evidence visual review and OCR cannot find.
Fake employment verification and asset letters
Employment verification letters and proof-of-asset letters are usually issued on institutional letterhead via a corporate PDF generator. When a fraudster recreates them in Word or a consumer editor, the producer fingerprint reveals the substitution. The API maintains a database of hundreds of known PDF tools to make this distinction precise.
The Easy Way: Use HTPBE?
All checks run automatically in seconds — no technical knowledge required.
Integrate at document upload
When a borrower uploads a document to your loan origination system, your backend POSTs the file URL to /api/v1/analyze. The API downloads, analyzes, and returns a verdict — typically in under 3 seconds.
Use the verdict to gate the application
Build automated routing on the structured response. Intact documents continue through underwriting. Modified or inconclusive documents trigger a senior underwriter review. The HTPBE check ID is stored alongside the application for audit.
Stack alongside Plaid, Persona, and your KYC layer
HTPBE complements bank-account aggregation (Plaid, Tink, Bridge) and KYC platforms (Persona, Onfido, Alloy). Aggregators verify account ownership; KYC verifies identity; HTPBE verifies document integrity. The three layers detect different fraud and work together, not as substitutes.
Frequently Asked Questions
Which lending documents does the API support?
Any PDF document submitted in a loan or credit application: bank statements, payslips, tax returns, W-2s, 1099s, P60 and P45, T4 and NOA, employment verification letters, asset and reference letters, mortgage statements, and proof of address. The API analyzes the PDF binary structure, so no document-type configuration is required.
How does this fit alongside Plaid and KYC platforms?
Plaid, Tink, and Bridge pull bank-account data directly from the bank — ideal when the borrower consents to the connection, but many borrowers refuse, and the data does not cover the PDF documents themselves. Persona, Onfido, and Alloy verify identity and detect fake document templates, but they do not detect edited real documents. HTPBE fills the gap: it verifies the structural integrity of the specific PDF file submitted, regardless of identity or aggregation.
Does the API replace manual underwriter review?
No. It removes manual review as the only line of defence on document tampering. Underwriters cannot reliably catch a producer-field mismatch by eye, and OCR-based fraud platforms cannot read the binary structure. The API automates the structural check and lets the underwriter focus on credit decisions instead of forensic inspection.
What is the typical false-positive rate on lending documents?
Markers are returned with confidence levels — certain, high, or none. Certain markers (modifications after a digital signature, signature removal) have effectively zero false positives because the evidence is cryptographic. High-confidence markers (producer mismatch, timestamp gaps) have a small false-positive rate because legitimate workflows occasionally trigger them — a bank that exports statements through a third-party PDF service, for example. The API returns the marker name so your team can build context-aware rules: a producer mismatch on a major US bank statement is suspicious; on a smaller credit union it may be expected.
Pricing
Self-serve plans. No sales call, no procurement process.
Starter
$15/mo
30 checks/mo
Manual spot-checks and integration testing
Growth
$149/mo
350 checks/mo
Active document processing pipelines
Pro
$499/mo
1,500 checks/mo
High-volume automation and API integrations
Enterprise (unlimited, on-premise available) — see full pricing and docs
API key on signup. Free test environment on every plan. No card required.
Who uses this in production
The same detection engine, framed for the teams that rely on it.
Bank Statement Fraud Detection
Specialized analysis of edited and rebuilt bank statements — the most common lending fraud.
Fake Pay Stub Detection
Detect inflated income on payslips submitted as proof of employment.
Fake Tax Document Detection
W-2, 1099, P60, T4, Form 16 — detect tampering on every regional tax form.