📘

Looking for our page on legacy Detect?

We've moved our documentation of FTD 1.0 (our legacy Detect product) here. The Detect product described on the current page supersedes FTD 1.0 hence it's recommended to use this page going forward.

Detect empowers you to identify and interpret fraudulent activity through advanced machine-learning models. With clear, actionable signals, and intuitive visualizations, you can confidently approve legitimate loans while minimizing the risk of fraud and preventing unnecessary financial losses.

Detect provides specific fraud indicators known as signals. These signals offer contextual information that can support a fraud claim, such as positional data or edited text. Many signals are visually represented with colored highlights for easy identification.

We offer Detect through our Dashboard and through APIs (Book fraud signals and Document fraud signals). For more information on accessing Detect, please contact your Account Manager.

At a deeper level, Authenticity Status in Ocrolus Detect is determined by two complementary signal sources that feed into the Authenticity Status. The first is Resistant AI (RAI) forensic analysis, which operates at the file and pixel level, detecting metadata anomalies, digital modifications, suspicious PDF structure, and tampering indicators that are invisible to the human eye. The second is Ocrolus Algorithmic (ALGO) checks, which operate at the content level, evaluating extracted field values against IRS rules, mathematical consistency constraints, and government-mandated calculations to surface manipulation that file forensics alone cannot catch.

The Authenticity Status merges signals from both sources using a highest-risk-wins decision rule. This ensures fraud-sensitive signals always take precedence. The combined verdict is surfaced as a single Authenticity Status: LOW, MEDIUM, or HIGH in Ternary mode, or LOW / HIGH in Binary mode accompanied by structured reason codes, enabling fraud analysts and underwriters to understand exactly which layer flagged a document and why.

Resistant AI is a leading forensic document intelligence provider specializing in detecting manipulated, synthetic, and AI-generated documents. Their technology powers the enhanced metadata and digital forensic capabilities within Ocrolus Detect, adding a deep inspection layer that goes beyond what OCR or layout analysis can capture.

Key capabilities

Detect is enriched with the following capabilities:

• Expanded fraud signals, including forensic metadata analysis, AI-generated content detection, and screenshot detection
• Authenticity Status (High, Medium, Low) to simplify document triage
• Structured reason codes that explain why a document was flagged
• Enhanced API fields for easier integration into existing workflows

Current vs enhanced Detect

Detect with Resistant AI

Detect is Ocrolus’s fraud detection layer that evaluates documents submitted during verification workflows. The enhanced version combines the below three detection layers into a unified fraud assessment:

• Resistant AI forensic analysis: Deep metadata and digital forensic inspection
• Ocrolus fraud detection models: Proven algorithmic signals for document authenticity
• Authenticity status: Classification layer that translates scores into actionable decisions

Together, these layers detect both visible tampering (altered text, layout changes) and hidden manipulation (metadata anomalies, AI-generated artifacts, re-rendered files) coverage that OCR or layout-based systems alone cannot provide.

Detect outputs and evidence

Detect returns several outputs that help reviewers understand document integrity and decide how to handle a document. These outputs combine scoring, categorical results, and supporting evidence to provide both operational decision-making and detailed signals for analysis. These outputs allow teams to quickly assess document risk while still providing the detailed signals needed for automated workflows and deeper investigation.

The outputs include the following components:

• Authenticity Score (0–100): The integrity score is a numerical value ranging from 0 to 100 that indicates the overall authenticity of a document and the likelihood of it being genuine. It is calculated using multiple fraud detection signals, including pixel-level and file-structure analysis to identify potential manipulation. While the scoring scale remains unchanged, the methodology has been enhanced to incorporate a broader set of signals, such as forensic metadata analysis, digital modification detection, screenshot detection, and AI-generated artifact detection. To learn more see, the Authenticity Score page.

• Authenticity Status: Authenticity status classifies documents into High, Medium, or Low based on the authenticity score and detection signals. It simplifies risk assessment and supports faster decisioning.To learn more see, the Authenticity Status page.

• Reason codes: Reason codes are structured indicators that explain the signals contributing to a document’s Authenticity Score and Authenticity Status. They are derived from forensic metadata analysis, fraud detection models, and document structure validation. Each reason code identifies a specific issue detected during analysis and includes a code identifier, confidence level, and human-readable description. Reason codes provide clear, auditable insight into why a document was flagged, helping reduce review time and improve transparency in fraud decisioning.

  

Supported Documents

We support using Detect on bank statements, pay stubs, and W-2s. Other document types are not processed with Detect at this time.

Signals

Detect is designed to reduce both missed fraud and unnecessary review, but each customer’s policy and risk tolerance is different.

• False positives (over-flagging): Emphasize configurable thresholds, how customers use Authenticity Score for legacy rules and Authenticity Status for day-to-day routing, and the availability of evidence so teams can avoid blanket over-review and focus on true risk.
• False negatives (missed fraud): Emphasize the deeper forensics and serial fraud detection across documents and workflows. Recommend capturing real-world misses during pilots to tune policy and thresholds.

We use the term signal to mean a specific indicator of a fraudulent modification to a document. Some signals we uncover include:

🚧

Watch out for false positives!

While Ocrolus identifies potential signs of fraudulent activity, the final decision regarding fraud is yours to make. Some flagged documents may have legitimate explanations. For example:

• Documents with multiple names could belong to someone who recently changed their name or has variations in its spelling.
• Unusual image data might result from poor image conversion by the document's owner.
• Reports of uncommon fonts could be related to the design of the bank statement itself.

We recommend manually reviewing any activity that Ocrolus flags as suspicious.

Visualizations

Most signals describe fraudulent edits to a particular region on a Document's page. Detect illustrates these signals as highlighted areas on top of the submitted document. These visualizations can be seen using Dashboard or obtained with API.

Dashboard

The Ocrolus dashboard has been updated to reflect these new capabilities:

• Authenticity Status indicators: At-a-glance classification on every document
• Reason code explanations: Human-readable descriptions of fraud signals
• Visualisation overlays: Highlights the specific areas of a document where anomalies were detected

API output

For API-integrated partners, the form_authenticity object now returns additional structured fields to support automated decisioning. The response also includes visualization overlays and direct dashboard links for any document flagged for review. To learn more, see the Book-level fraud signal API documentation.

 "form_authenticity": {
                        "version": "1.0",
                        "score": 25,
                        "reason_codes": [
                            {
                                "code": "MULTIPLE_MANIPULATION_DETECTION",
                                "confidence": "MEDIUM",
                                "description": "Document contains multiple traces of digital manipulation"
                            },
                            {
                                "code": "570-M",
                                "confidence": "MEDIUM",
                                "description": "w2 incorrect taxes/wages computed"
                            }
                        ],
                        "authenticity_status": "LOW"
                    }
                }

Document evaluation process

Detect analyzes each document during processing using multiple methods to detect anomalies and signs of manipulation. These checks help identify digitally altered or fabricated documents.

Fraud detection flags

Detect identifies potential fraud indicators during document analysis and organizes them into structured flags. These flags help reviewers understand what type of issue was detected and where it occurred. Flags are grouped into categories that describe different types of document anomalies.

Each flag includes the following information that helps you understand the severity and impact of the detected issue:

• Severity (low, medium, high): Indicates how serious the detected issue is.
• Score impact: Shows how the flag affects the overall authenticity score.
• Explanation: Provides a clear description of the issue that triggered the flag.
• Source attribution: Identifies the system or provider that detected the issue

Fraud detection capabilities

Detect uses multiple techniques to identify document manipulation:

• Digital modification detection: Identifies evidence of document editing, including PDF manipulation and re-rendered or regenerated files. This includes cases where documents have been subtly altered to avoid detection.
• Screenshot detection: Flags documents submitted as screenshots instead of original files. Screenshots may obscure edits, remove metadata, and reduce traceability, making them a common fraud vector.
• AI-generated artifact detection: Identifies patterns associated with synthetic documents, including AI-generated financial statements and manipulated digital text layers.
• Metadata analysis analyzes file metadata to detect anomalies such as inconsistent creation and modification timestamps, unexpected document producers or editing tools, and hidden editing traces or unusual document structure.

These signals are typically not visible in standard document review workflows and serve as strong indicators of potential manipulation.

Using Detect

You can use Detect through the Ocrolus Dashboard or through Book fraud signals and Document fraud signals API endpoints. Both methods offer the same information (including visualizations) but are intended for different use cases.

All uploaded documents are automatically scanned for Detect signals, no matter how they are uploaded. Once the results are available, you can access them anytime.

Dashboard

The Dashboard is better suited for use by fraud analysts or other non-technical users. It's also good for quickly reviewing documents without needing to set up API credentials or write code to use them.

To begin using Detect through our Dashboard, perform the following steps:

1. Log in to the Ocrolus Dashboard.

2. Select a Book from which you want to read signals. You can create a new Book if required. To create a new Book, click on the NEW BOOK button and follow the on-screen instructions.

   

3. Click on the UPLOAD button.

   

4. Choose your form type, browse your Document containing one or more pay stubs, bank statements, or W-2s to upload, and then click on SUBMIT button. Check out this guide for more guidance on using the Dashboard.

   

   📘

   Note

   Results may not be available immediately, even after the uploaded documents are captured. Check back in a few minutes, or set up a webhook to be notified.

API

To use Detect via our API, you'll need to create a set of credentials. To learn more about using these credentials, see the using API credentials section.

You can retrieve Detect signals from complete Book or from individual documents. These endpoints provide the same information displayed on the Dashboard, including visualizations.

The API is ideal for integrating Detect into custom fraud analysis workflows, such as for analytics or internal review applications.

Webhooks

Ocrolus sends notifications to registered webhooks when specific events occur. You can register a webhook to listen for the following events:

• document.detect.signal_found: Triggered when an uploaded document contains at least one fraud signal.
• document.detect.signal_not_found: Triggered when no fraud signals are found in the uploaded document.
• document.detect.unable_to_process: Triggered when Detect cannot be run on the document.
• book.detect.signal_found: Triggered when at least one document in a Book contains fraud signals.

E-Mail notifications

Users are notified via e-mail whenever new Detect signals are found in any document within a Book. Such notifications are sent to the following users:

• The user who created the Book
• All users who uploaded a document to the Book
• All users with whom the Book has been shared (for non-public Books)
• All users that are part of your organization (for public Books)

If you'd like to subscribe or unsubscribe to Detect alerts, please contact [email protected] for further guidance.

Coming soon: expanded document coverage

Detect will be extended to support a broader range of document types in an upcoming release. New coverage will include:

All supported document types will use the same Detect framework, including Authenticity Score, Authenticity Status, reason codes, and forensic analysis powered by Resistant AI (RAI). This ensures a consistent and scalable approach to fraud detection across different stages of the application lifecycle.

Impact

• Broader fraud coverage across income, identity, and address verification
• Consistent decisioning using a unified framework
• Earlier detection of risk across your workflow

Need help?

For next steps, refer to the Ocrolus API documentation for details of field definitions and response schema. The enhanced Dashboard is already available and does not require any additional setup. For any questions or walkthrough guidance, contact our support team at [email protected].