Tampered Document Detection
The document is genuine, but was it altered after the fact? — forensics for edited-not-fabricated fraud.
Tampered document detection focuses on a specific subcategory of the broader document-forgery-detection entry's territory: documents that are fundamentally genuine — a real bank statement, an actual employment letter, an authentic government-issued form — but have been altered after issuance to change what they say, as distinct from documents fabricated wholesale from a template or generator. This distinction matters because tampering leaves different forensic traces than fabrication: a tampered document inherits the genuine original's authentic printing, paper, and format characteristics everywhere except the specific altered region, meaning detection often concentrates on finding the localized inconsistency rather than assessing the document as a whole.
The forensic signals that distinguish a tampered region from its surrounding genuine content cluster around several detectable inconsistencies. Digital tampering of scanned or born-digital PDFs leaves traces in compression artifacts (a region re-saved or edited after the original file's creation often shows different JPEG compression characteristics than untouched areas), font and rendering inconsistencies (a digit changed using different software than produced the original often uses a subtly different font, weight, or anti-aliasing), and metadata anomalies (edit timestamps, software signatures, or revision history inconsistent with the document's claimed single-origin creation). Physical tampering — an altered paper document subsequently rescanned — leaves different traces: alignment or spacing irregularities where text was physically added or covered, ink or toner density inconsistencies between the altered region and the surrounding genuine print, and in some cases visible evidence of correction fluid, overwriting, or splicing that survives even after rescanning.
The detection approach that works best combines automated forensic screening — models trained to flag the digital and visual inconsistency signals described above — with the same cross-document and cross-field consistency checking this glossary's cross-document-reasoning entry describes: a tampered income figure on a payslip becomes far more detectable when compared against the same applicant's bank statement deposits or tax records than when the payslip is assessed in isolation, since tampering typically alters one document without correspondingly altering every other document that should agree with it. As with all fraud-adjacent detection in this glossary, the operational posture is risk-scoring and human escalation rather than automated rejection — forensic signals indicate elevated tampering probability, not certainty, and confirmed determinations warrant the same investigative rigor and documented rationale this glossary's forgery-detection entry describes.
The PDF looks perfect — the metadata, the fonts, and the pixel noise say otherwise.
Not a fake document — a fake presentation of one: the screen photo, the replayed capture, the injected image.
A real Social Security number, a fabricated name, a manufactured credit history — identity fraud built to survive individual checks.
Proof Perimeter runs document AI inside your own perimeter — with a provenance record on every field.
Book a demo