Retrieve suspicious activity data for uploaded documents


Looking for our page on legacy Detect?

We've moved our documentation of FTD 1.0 (our legacy Detect product) here. The Detect product described on the current page supersedes FTD 1.0 hence it's recommended to use this page going forward.


Detect enables lenders to identify and contextualize fraudulent activity by using our best-in-class machine-learning models. With clear signals and intuitive visualizations, lenders can confidently approve trusted loans while avoiding unnecessary losses.

We offer to Detect through our Dashboard and through our API.

Detect offers specific indicators of possible fraud called signals. Signals include context that can justify a claim of fraud, such as position information or edited text. Most signals are also visualized as colored highlights.

Contact your account manager for information about getting access to Detect.

Supported Documents

We support using Detect on bank statements, pay stubs, and W-2s. Other document types are not processed with Detect at this time.


We use the term signal to mean a specific indicator of a fraudulent modification to a document. Some signals we can uncover include:

  • Account holder name and address
  • Account number
  • Dollar amounts
  • Dates
  • Employer address
  • Transaction details
  • Misaligned text
  • Reconciliation checks
  • Online generated paystub checks


Watch out for false positives!

Although Ocrolus detects potentially fraudulent activity, the final determination of fraud is up to you. Some flagged documents that appear suspicious may have an explainable reason. For example:

  • Documents with multiple names might belong to someone who recently changed theirs, or to someone whose name has multiple spellings.
  • Unusual image data could be due to poor image conversion on the part of the document's owner.
  • Reports of unusual fonts could be due to the design of the bank statement itself.

We encourage you to manually review any activity that Ocrolus reports as suspicious.


Most signals describe fraudulent edits to a particular region on a Document's page. Detect illustrates these signals as highlighted areas on top of the submitted document.


Signals indicating fraudulent activity are shown.

These visualizations can be seen with the in-browser Dashboard or obtained with the API.

Using Detect

You can use Detect through the Ocrolus Dashboard or through our two API endpoints. Both methods offer the same information (including visualizations), but are intended for different use cases.

All uploaded documents are automatically scanned for Detect signals, regardless of how they're uploaded; once the results are ready, you can view them at any time.


To get started with Detect through our Dashboard, log in to the Dashboard and select a Book (or create a new one if there aren't any). Upload a Document that contains one or more pay stubs, bank statements, or W-2s.



Results may not be available immediately, even after the uploaded documents are captured. Check back in a few minutes, or set up a webhook to be notified.

The Dashboard is better suited for use by fraud analysts or other non-technical users. It's also good for quickly reviewing documents without needing to set up API credentials or write code to use them. Check out this guide for more guidance on using the Dashboard.



Don't forget your keys!

To use Detect via our API, you'll need to create a set of credentials. See here for more information about using these credentials.

You can retrieve Detect signals from complete Books or from individual Documents. These endpoints return the same information on the Dashboard, including visualizations; see the linked documentation for more information on how to access them.

The API is better for integrating Detect into custom fraud analysis workflows, such as for analytics or for internal review applications.


Ocrolus sends notifications to registered webhooks upon certain events. You can register a webhook to listen for the document.detect.signal_found, document.detect.signal_not_found, document.detect.unable_to_process, book.detect.signal_found, and book.detect.signal_not_found events, which are respectively fired when an uploaded document contains or lacks at least one fraud signal when Detect cannot be run on the document, when at least one document in a book has fraud signals on it, and when no documents in the book have any fraud signals found.

E-Mail Notifications

Users are notified via e-mail whenever new Detect signals are found in any document within a book. Such notifications are sent to the following users:

  • The user who created the book
  • All users who uploaded a document to the book
  • All users with whom the book has been shared (for non-public books)
  • All users that are part of your organization (for public books)

If you'd like to subscribe or unsubscribe to Detect alerts, please contact [email protected] for further guidance.