logo
Free PDF Check

Mortgage Document Fraud Detection — close the gap Fannie and Freddie QC find post-fund

Built for fraud ops at lending, insurance & compliance teams

Repurchase demands on saleable loans almost always trace to income or asset documents that visual underwriting passed. By the time GSE QC samples the file, the loan is already on your books. A single structural-PDF check at document intake closes that audit gap before closing — deterministic, named-marker forensics for every W-2, tax return, bank statement, and asset letter the borrower uploaded.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t replace credit bureaus, VOE services, or AUS engines. We fill the structural-PDF gap that sits between document intake and downstream data fraud detection — the layer where edited W-2s, altered tax returns, and fabricated asset statements live undetected.

The problem

Why GSE QC samples catch tampered W-2s and bank statements after closing

Fannie Mae and Freddie Mac quality-control samples re-pull tax transcripts, re-call employers, and re-check bank statements months after the loan funds. That is when an altered W-2 wage box or padded running balance gets caught — long after the file closed, was sold, and was packaged into MBS. Repurchase demand follows.

Credit bureaus report balances. VOE services call the employer. Appraisers value the property. AUS engines (DU, LP) evaluate the data. None of them open the PDF the borrower uploaded and check whether the wage box or running balance was edited after download. Two digits changed on a W-2 — $72,000 to $92,000 — qualify a borrower who would otherwise be declined. The edit is invisible to the eye and to OCR, but not to a structural analyzer.

U.S. mortgage application fraud exposure exceeds $11 billion annually. Income and asset document tampering appear in the top three fraud categories — covering tax document fraud, fabricated pay stubs, altered bank statements, and forged employment letters. An audit trail showing every income document was structurally checked at origination is the cleanest defense against the QC repurchase letter.

Most common mortgage income document fraud

  • W-2 wage box altered to meet qualification threshold
  • Schedule C or E income inflated on a tax return
  • Bank statement running balance padded to show adequate reserves
  • Asset statement balance inflated to meet down payment requirements
  • Gift letter fabricated to explain large deposits
  • Employment verification letter with salary or tenure modified

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

W-2 wage box altered to meet qualification threshold

02

Schedule C or E income inflated on a tax return

03

Bank statement running balance padded to show adequate reserves

04

Asset statement balance inflated to meet down payment requirements

05

Gift letter fabricated to explain large deposits

06

Employment verification letter with salary or tenure modified

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects on income and asset documents

Six structural layers across W-2s, tax returns, bank statements, and gift letters — named markers, audit-grade response, under 3 seconds.

Form-field and table arithmetic

IRS forms and payroll reports have internal consistency requirements. W-2 wage boxes, Schedule C totals, and 1040 line items are cross-checked — one edited figure breaks the arithmetic.

Incremental update trail

Every post-export save produces a structural signature in the xref and trailer chain. A W-2 with two xref tables was modified after the original IRS e-file export.

Producer signature match

IRS e-file, ADP, Workday, and bank portals produce recognizable signatures. Edits or re-saves through PDF editors change them — a direct mismatch signal.

Font subset prefix divergence

Documents rendered in multiple sessions show font subset drift across pages — a fingerprint of multi-session editing that tax return fraud often produces.

Digital signature fraud detection

Digitally signed mortgage documents (e-signed closings, notarized PDFs) are validated for post-signature modifications with certainty-level confidence.

Modification date vs. document date

The PDF ModDate updates automatically when a file is edited. A ModDate after the stated tax year or W-2 box date on a submitted document is a direct tampering signal.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Does HTPBE? replace Fannie Mae Day 1 Certainty or asset fraud detection?

No. D1C and asset-fraud-detection services validate data against the source. HTPBE? validates the document the borrower submitted. When D1C is available, use it. For documents D1C doesn’t cover — or when checking documents before submission — HTPBE? tells you whether the file was edited after creation.

How does this help with repurchase risk?

Document fraud is a leading driver of repurchase demands from GSEs and investors. An audit trail showing that every income and asset document was structurally checked at origination strengthens your defense against buyback claims. Each API response includes named markers suitable for the loan file.

Can this run inside Encompass or Blend?

Yes. The API is stack-agnostic. Most mortgage platforms expose a webhook or custom action point where an outbound HTTPS call can run on document upload. The verdict flows back into the file as a note or field.

What about wet-signed documents that were scanned?

Scanned paper documents are raster images; structural analysis has less to work with. Best results come from digitally generated or digitally signed PDFs. For scan-heavy files, use HTPBE? alongside tools that specialize in image-layer forensics.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →