Mortgage Document Fraud Detection API
Income documents are the last unverified layer in your mortgage file. Two digits changed on a W-2 survive every downstream check you run today — a single API call at document intake closes that gap with deterministic structural forensics.
Scope
HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t replace credit bureaus, VOE services, or AUS engines. We fill the structural-PDF gap that sits between document intake and downstream data verification — the layer where edited W-2s, altered tax returns, and fabricated asset statements live undetected.
Income documents are the last unverified layer
Credit bureaus report balances. VOE services call the employer. Appraisers value the property. AUS engines (DU, LP) evaluate the data. None of them open the PDF the borrower submitted and check whether it was edited after download.
Two digits changed on a W-2 — wage box altered from $72,000 to $92,000 — will qualify a borrower who would otherwise be declined. The edit is invisible to the eye but not to a forensic analyzer. PDF editors leave structural traces: extra xref tables, incremental update records, and metadata timestamps that do not match.
Mortgage application fraud exposure in the U.S. exceeds $11 billion annually. Income and asset document tampering appear in the top three fraud categories — covering tax document fraud, fabricated pay stubs, altered bank statements, and forged employment letters. An audit trail showing every income document was structurally verified at origination strengthens your defense against repurchase demands.
Most common mortgage income document fraud
- W-2 wage box altered to meet qualification threshold
- Schedule C or E income inflated on a tax return
- Bank statement running balance padded to show adequate reserves
- Asset statement balance inflated to meet down payment requirements
- Gift letter fabricated to explain large deposits
- Employment verification letter with salary or tenure modified
What the API detects in mortgage documents
Five forensic layers analyzed on every document — results in under 3 seconds
Form-field and table arithmetic
IRS forms and payroll reports have internal consistency requirements. W-2 wage boxes, Schedule C totals, and 1040 line items are cross-checked — one edited figure breaks the arithmetic.
Incremental update trail
Every post-export save produces a structural signature in the xref and trailer chain. A W-2 with two xref tables was modified after the original IRS e-file export.
Producer signature match
IRS e-file, ADP, Workday, and bank portals produce recognizable signatures. Edits or re-saves through PDF editors change them — a direct mismatch signal.
Font subset prefix divergence
Documents rendered in multiple sessions show font subset drift across pages — a fingerprint of multi-session editing that tax return fraud often produces.
Digital signature verification
Digitally signed mortgage documents (e-signed closings, notarized PDFs) are validated for post-signature modifications with certainty-level confidence.
Modification date vs. document date
The PDF ModDate updates automatically when a file is edited. A ModDate after the stated tax year or W-2 box date on a submitted document is a direct tampering signal.
Built for mortgage origination and wholesale channels
Integrate at document intake or use the free tool for manual spot-checks
Detect W-2s where wage boxes were altered to inflate qualifying income
Flag tax returns with arithmetic inconsistencies between Schedule and Form 1040
Catch bank statements where running balances were edited to show adequate reserves
Identify producer mismatches that expose PDF-editor re-saves of IRS or payroll exports
Integrate into LOS systems (Encompass, Blend, Byte) through a pre-verification webhook
Each document returns a named-marker audit trail suitable for GSE repurchase defense
Five forensic layers, one deterministic verdict
Every PDF we receive passes through the same structural pipeline — no model training, no thresholds to tune.
Metadata analysis
Creation and modification timestamps, producer and creator fields, XMP metadata — the first layer exposes basic tampering.
File structure
Xref tables, trailer chain, incremental updates. Any edit after export leaves a structural fingerprint here.
Digital signatures
Signature chain integrity and post-signature modifications produce deterministic markers. Certainty-level signal.
Content integrity
Fonts, objects, embedded content, page assembly. Multi-session edits and inserted objects are visible at this layer.
Verdict with markers
Deterministic output: INTACT / MODIFIED / INCONCLUSIVE, with named markers for every finding — suitable for audit trail.
Customer Stories
Teams that stopped document fraud
Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.
Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.
Sarah M.
AP Manager
United States
We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.
Lars V.
Risk Analyst, Online Lending
Netherlands
Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.
Priya K.
HR Operations Lead
India
Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.
Julien R.
Fraud Analyst, Fintech
France
Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for verified originals when something is flagged. Already saved us from a few bad decisions.
Marta S.
Compliance Coordinator
Spain
One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.
Tariq A.
Finance Manager
United Arab Emirates
Integrate in minutes
Two calls: POST the PDF URL, then GET the forensic verdict. No SDK required.
Request
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-storage.com/w2-2025.pdf"}'Result (GET /v1/result/{id})
{
"id": "b2c3d4e5-f6a7-8901-bcde-f23456789012",
"status": "modified",
"modification_confidence": "high",
"modification_markers": [
"Multiple cross-reference tables (incremental updates)",
"Known PDF editing tool detected"
],
"creator": "Adobe Acrobat Forms",
"producer": "iLovePDF",
"creation_date": 1735689600,
"modification_date": 1743552000,
"has_digital_signature": false,
"xref_count": 2,
"has_incremental_updates": true
}producer: “iLovePDF” on a W-2 means the form was processed through an online PDF editor after the original IRS e-file export. The xref_count: 2 confirms an edit session occurred. The modification_date three months after creation_date on a tax year document is an additional timing signal.
Pricing
Self-serve plans. No sales call, no procurement process.
Starter
$15/mo
30 checks/mo
Manual spot-checks for suspicious loan files
Growth
$149/mo
350 checks/mo
Active origination teams and brokers
Pro
$499/mo
1,500 checks/mo
High-volume lenders and wholesale channels
Enterprise (unlimited, on-premise available) — see full pricing and docs
API key on signup. Free test environment on every plan. No card required.
Frequently Asked Questions
Does HTPBE replace Fannie Mae Day 1 Certainty or asset verification?
No. D1C and asset-verification services validate data against the source. HTPBE validates the document the borrower submitted. When D1C is available, use it. For documents D1C doesn’t cover — or when verifying documents before submission — HTPBE tells you whether the file was edited after creation.
How does this help with repurchase risk?
Document fraud is a leading driver of repurchase demands from GSEs and investors. An audit trail showing that every income and asset document was structurally verified at origination strengthens your defense against buyback claims. Each API response includes named markers suitable for the loan file.
Can this run inside Encompass or Blend?
Yes. The API is stack-agnostic. Most mortgage platforms expose a webhook or custom action point where an outbound HTTPS call can run on document upload. The verdict flows back into the file as a note or field.
What about wet-signed documents that were scanned?
Scanned paper documents are raster images; structural analysis has less to work with. Best results come from digitally generated or digitally signed PDFs. For scan-heavy files, use HTPBE alongside tools that specialize in image-layer forensics.
Secure your workflow
Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.
Integrate mortgage document verification in any stack
Two API calls — submit the income or asset document PDF, read the verdict. Copy-paste examples for cURL, JavaScript, Python, PHP, Go, and Ruby.
# Step 1: Submit PDF for analysis
curl -X POST https://api.htpbe.tech/v1/analyze \
-H "Authorization: Bearer htpbe_live_..." \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/document.pdf"}'
# Returns: {"id":"3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"}
# Step 2: Retrieve full results
ID="3f9c8b7a-2e1d-4c5f-9b8e-7a6d5c4b3a21"
curl -s "https://api.htpbe.tech/v1/result/$ID" \
-H "Authorization: Bearer htpbe_live_..." \
| jq '.status'