A lending company in Dubai receives 200 loan applications per day. Each application comes with a salary certificate, a bank statement, and an Emirates ID copy. Their operations team manually reviews each document — checking fonts, comparing dates, looking for obvious edits. They catch most of the obvious fakes — but a significant portion slips through and costs them money: bad loans, compliance fines, and time spent on recovery.
This is not unusual. Document fraud in UAE financial services is common because the documents themselves are easy to obtain and edit. A salary certificate is a single-page PDF. A bank statement is a table of numbers. Someone takes a legitimate document, changes a few values, and submits it as proof of income.
What document fraud looks like in practice
Most forged documents start as real documents. The common types we see in UAE:
- Salary inflation — original certificate shows AED 8,000/month, edited to show AED 25,000. The company name, letterhead, and signature are all genuine. Only the salary figure changed.
- Bank statement cleanup — transactions removed or added. Cash advances, gambling payments, and bounced cheques deleted. Fake salary deposits inserted on the right dates.
- Trade license edits — activity dates extended, license numbers changed, expired licenses made to look current. Sometimes the entire document is fabricated using a real company's letterhead.
- Employment letters — real company name, real format, but the person never worked there. These are harder to catch with document analysis alone and usually require verification calls.
Detection methods: what each one catches
No single check catches everything. Each method below finds a specific type of manipulation. The value is in combining all of them and looking at the overall risk score.
1. Metadata analysis
What it checks:
PDF creation date, modification date, software used to create the file, author field, and PDF producer string. Every PDF carries this data in its header.
What it catches:
A salary certificate dated January 2024 but the PDF was created two days ago in Adobe Acrobat. A bank statement supposedly from a major UAE bank but generated in Microsoft Word — real bank statements come from the bank's own reporting system, not Word. A trade license with a modification timestamp newer than the creation timestamp, meaning someone edited it after the original was issued.
Limitation:
If someone recreates a document from scratch instead of editing the original PDF, the metadata will be clean. This method catches edits, not recreations.
2. Pixel-level analysis (ELA)
What it checks:
Error Level Analysis re-compresses the image and compares compression artifacts across different regions. Areas that were edited compress differently from original content because they've been through fewer compression cycles.
What it catches:
Copy-pasted salary amounts where someone whited out the original number and typed a new one. Cloned stamps or signatures moved from one document to another. Regions where text was erased and rewritten — even if visually identical, the pixel structure is different.
Limitation:
ELA only works on image-based documents — scans, photos, and PDFs that contain images. Native PDFs with selectable text layers need different analysis (font and structure checks instead).
3. Font consistency
What it checks:
Font family, size, weight, character spacing (kerning), and baseline alignment across the entire document. The analysis compares every text element against its neighbors.
What it catches:
Someone deleted "8,000" from a salary certificate and typed "25,000" using what they think is the same font. But the kerning between digits is slightly off. Or they used Arial on a document that was typeset in Arial Narrow. Different PDF rendering engines also produce subtly different glyph positioning — a number typed in Chrome's print-to-PDF looks different from the same number in the bank's reporting system.
Limitation:
If the forger has access to the original template and the exact same font files, the differences become very subtle. Works best when the edited text was typed in a different application than the original.
4. Layout and structure analysis
What it checks:
Page margins, table alignment, header positioning, spacing between elements. The system compares against known templates for each document type — UAE bank statements, salary certificates from major employers, government-issued trade licenses.
What it catches:
Documents where sections were moved to accommodate edits. Tables resized after rows were added or deleted. Headers that don't match the expected format for a specific bank — for example, a statement claiming to be from one bank but using another bank's table layout.
Limitation:
Template matching requires having the template in the first place. Documents from smaller companies or less common banks may not have reference templates, reducing detection accuracy.
5. Digital signature verification
What it checks:
Whether the PDF has a valid digital signature or certificate, and whether the document was modified after signing. Also checks certificate chains — who issued the signature and whether the issuer is trusted.
What it catches:
Government documents from ICP (Federal Authority for Identity, Citizenship, Customs & Port Security) and MOL (Ministry of Labour) often carry digital signatures. If someone edits a signed salary certificate from the WPS (Wage Protection System), the signature breaks. Same with digitally signed trade licenses from DED or ADGM.
Limitation:
Most private-sector documents in UAE are not digitally signed. Salary certificates from private companies, bank statements from smaller banks, and employment letters rarely have signatures. This method only helps with government-issued or digitally certified documents.
6. Content verification
What it checks:
Logical consistency of the data inside the document. Do the transaction amounts add up to the closing balance? Is the salary consistent with the job title and company? Do transaction dates fall on actual business days?
What it catches:
A bank statement where the monthly deposits don't match the salary certificate amount. A salary of AED 50,000/month listed for a "receptionist" role. Transaction dates that fall on UAE public holidays when banks are closed. Opening and closing balances that don't reconcile with the listed transactions.
Limitation:
Depends on having cross-reference data. If you only have one document with no other context, logical checks are limited to internal consistency (do the numbers add up within the document itself).
What makes UAE documents different
Document fraud detection systems built for Western markets don't work well in UAE. The documents are different in several ways:
- Bilingual content — most official UAE documents contain both Arabic and English. Font analysis needs to handle both scripts. Arabic is right-to-left, uses different kerning rules, and has connecting characters that change shape based on position. A system trained only on Latin fonts will miss inconsistencies in the Arabic portions.
- Multiple issuing authorities — a trade license in Dubai can come from DED, DMCC, DIFC, JAFZA, or DAFZA. Each uses a different template, different fonts, different layout. Abu Dhabi has ADGM, KIZAD, and the Department of Economic Development. Detection systems need reference templates for each.
- Scanned copies are standard — in many countries, you get native digital PDFs. In UAE, a large portion of documents arrive as scans of printed originals, often photographed with a phone. This makes pixel analysis harder because the entire image has compression artifacts, not just edited regions.
- Stamps and signatures matter — UAE business documents rely heavily on physical stamps and ink signatures as proof of authenticity. These are easy to copy-paste digitally. Detection systems need to check whether stamps match the expected pattern for a given issuing authority.
- WPS salary certificates — salary certificates linked to the MOL Wage Protection System follow a specific format. These are among the most commonly forged documents because they directly affect loan eligibility. The format is standardized, which makes template matching effective — but also means forgers know exactly what to replicate.
False positives: legitimate documents that look suspicious
Not every flagged document is fraudulent. These legitimate scenarios regularly trigger alerts:
Re-scanned copies
An applicant prints a PDF, signs it, scans it back. The new scan has a recent creation date even though the underlying document is genuine. Metadata analysis flags it as suspicious because the creation date doesn't match the document date.
Documents saved from email
When someone saves a PDF attachment from Gmail or Outlook, the email client sometimes re-renders it. Font metrics shift slightly. The PDF producer field changes from the bank's system to the email client. Both metadata and font checks flag it.
Mobile banking screenshots
Some applicants screenshot their mobile banking app instead of downloading the official PDF statement. The screenshot is genuine, but it looks nothing like the bank's official template. Layout analysis flags it because it doesn't match any known format.
WhatsApp-compressed images
Documents shared via WhatsApp get compressed. The compression changes ELA patterns across the entire image, making the whole thing look edited. Pixel analysis can't distinguish WhatsApp compression from selective editing.
Multi-step printing workflows
A document printed on one device, signed, scanned on another, then emailed as a PDF. Each step adds compression artifacts and metadata changes. The final document has multiple layers of processing that look like manipulation but are just office workflow.
This is why automated detection systems output a risk score — not a binary pass/fail. The score tells your review team which documents to focus on. A score of 30 out of 100 probably doesn't need manual review. A score of 85 does.
How it fits into an existing workflow
The fraud detection API works as a step in your document processing pipeline. Upload the document, get back a JSON response with the risk score and individual check results.
POST /api/v1/fraud-detection
Content-Type: application/json
{
"file_url": "https://your-storage.com/docs/salary-cert.pdf",
"document_type": "salary_certificate",
"webhook_url": "https://your-app.com/webhook"
}
// Response (via webhook or polling)
{
"authenticity_score": 34,
"verdict": "suspicious",
"checks": {
"metadata": { "status": "warning", "details": "PDF created 2 days ago" },
"fonts": { "status": "fail", "details": "Inconsistent kerning in salary field" },
"pixels": { "status": "pass" },
"layout": { "status": "pass" },
"content": { "status": "warning", "details": "Salary exceeds typical range for role" }
}
}The typical integration takes 1-2 days. You add the API call after document upload, before your existing review step. Documents with high risk scores go to manual review. Clean documents proceed automatically.
Manual review vs. automated detection
Neither approach is sufficient on its own. Here's an honest comparison:
| Factor | Manual Review | Automated Detection |
|---|---|---|
| Cost | Proportional to team size | Per API call, fixed |
| Speed | Minutes per document | Seconds per document |
| Scales with volume | No — need more staff | Yes — same API |
| Catches pixel edits | Rarely | Yes |
| Catches logical issues | Yes (experienced staff) | Depends on rules configured |
| False positives | Low — human judgment | Higher — needs tuning per use case |
The practical answer: use both. Automated detection as a first pass flags suspicious documents. Human reviewers look only at flagged items. This gives you the speed and coverage of automation with the judgment of experienced reviewers. For a team processing 200 applications per day, this means your reviewers spend their time on the 20-30 documents that actually need attention — not all 200.
Where this matters most
Document fraud detection is relevant across UAE financial services, but these sectors see the highest volume:
- Banking — loan applications, account openings, KYC renewals
- Lending — income verification, credit assessments
- Insurance — claims documentation, policy applications
- Real estate — tenant verification, property transactions
- Fintech — automated onboarding, BNPL affordability checks
If you're processing documents at scale and want to test automated detection on your own document types, you can try the demo with sample documents or read the full tool documentation for API details.