What are the forgery targets?

We protect our customers from three categories of document modifications:


Transaction modifications are the most common. They start with a legitimate document and change its meaning. Examples include modified or cloned purchase orders and invoices, increased salary on payslips, or removal or modification of transactions on a bank statement.


Identity modifications are less common, but can be even more dangerous. The attackers take a genuine document and modify the original customer’s identity to another customer (or service provider). In this way, they minimise the document modifications and can create a semblance of relationship or economic activity for a fraudulent or non-existent entity.

Payment information modification

Account number and payment information modification allow the attacker to modify a perfectly legitimate transaction and “only" direct the funds to the attacker’s account. Cryptocurrencies then offer a convenient way to launder the proceeds.

How we do this?

Forgeries are detected on two independent levels. During the technical inspection, we concentrate on the analysis of the PDF document itself, verify its properties, and match them against the expected properties of original documents issued by the source (such as a bank). We also look for any modification artefacts and verify the legitimacy of present electronic signatures. During the content analysis, we assess whether the content of the document is meaningful, consistent with past practices, and corresponds to similar documents from the same source submitted by other entities. We also look for content that might be intentionally constructed to mislead the algorithms of the automated processes working with the data.