Skip to main content

Veryfi Fraud Suite

Introduction

Veryfi Fraud Detection Suite provides a sophisticated layer of protection that works alongside Veryfi core data extraction API. This comprehensive solution helps businesses identify potentially fraudulent documents before they enter your workflow.

Veryfi multi-layered system employs a diverse set of signals and triggers to analyze each submission from multiple angles - from device-level patterns that identify suspicious user behavior to detailed document forensics that spot visual manipulations. The system returns clear color-coded results (Green, Yellow, Red) based on customizable thresholds, making it easy to automate.

In this Article, we describe the Fraud Suite for Receipts / Invoices OCR API https://api.veryfi.com/api/v8/partner/documents

Fraud Detection for CPG and FinTech Verticals

Fraud prevention is particularly critical in the CPG and Financial Technology sectors, where document fraud can directly impact promotional campaigns, loyalty programs, and financial transactions. Organizations in these industries face unique challenges that require specialized fraud detection approaches.

Why Fraud Detection Matters in These Sectors

  • Financial Asset Protection: Safeguards against direct monetary losses from fraudulent redemptions and reimbursements

  • Customer Trust Preservation: Maintains consumer confidence in promotional programs and financial services

  • Operational Cost Reduction: Minimizes resources wasted on investigating and resolving fraudulent claims

  • Regulatory Compliance: Helps meet industry-specific compliance requirements and audit standards

  • Brand Reputation Defense: Prevents damage to brand image from exploitation of promotions or services

  • Fair Competition Promotion: Ensures all customers have equal access to legitimately earned rewards and benefits

Veryfi continues to invest in advanced fraud detection capabilities specifically designed for CPG and FinTech applications. Our CPG and FinTech fraud detection features include specialized analysis of receipt authenticity, promotion stacking patterns, submission velocity monitoring, and sophisticated duplicate detection algorithms calibrated for these unique business environments.

Implementing Effective Fraud Prevention with Veryfi

Key benefits:

  • Multi-layered protection: Examines both user behavior patterns and document characteristics

  • Customizable thresholds: Adjust sensitivity based on your risk tolerance and specific fraud patterns

  • Easy integration: Color-coded results simplify implementation with your existing workflows

  • Continuous evolution: Our fraud detection capabilities are constantly refined to address emerging threats

For maximum protection, we recommend implementing both device monitoring (through Veryfi Lens) and document analysis features. Start with the default threshold settings, then adjust based on your specific needs and fraud patterns over time.

To access comprehensive fraud protection that examines both user behavior patterns and document forensics, organizations should implement Veryfi Lens SDK. This integration activates the full Fraud Detection Suite, enabling businesses to identify suspicious activities across all aspects of document submission in one unified system.

How Veryfi Fraud Detection Works

Veryfi's Fraud Detection uses a 2-stage approach combining Veryfi Lens mobile capture with AI-powered processing APIs to reduce fraud. Veryfi Lens performs initial device and image quality checks, while cloud-based AI applies computer vision, natural language processing, and behavioral pattern recognition to detect sophisticated fraud attempts.

The Triggers system is the core mechanism of Veryfi Fraud Detection Suite that evaluates submitted documents and flags potential fraud in the JSON response.

Color-Coded Response System

When signals or abnormalities are detected, the system triggers an investigation. Each submission receives a color code based on fraud probability:

  • Green: Low risk submission

  • Yellow: Moderate risk, requires review

  • Red: High risk, likely fraudulent

Key Response Elements:

  • Fraud Color meta.fraud.color Visual indicator of risk level

  • Fraud Score meta.fraud.score A numerical score between 0 and 1. Predicted probability of a document having an abnormality. Where <0.5 results in meta.fraud.color Green, 0.51-0.75 - Yellow, >0.75 - Red.

  • Fraud Signals meta.fraud.types List of all detected fraud indicators, sorted by importance.

  • Warnings meta.warnings Calculation inconsistencies that may indicate potential issues

Fraud Types: Fraud Detection Categories

Veryfi AI scans for various abnormalities, with each detection triggering specific flags in the system. These fraud types are organized into three main categories:

Device Signals

Catching Bad Actors with Veryfi Lens

Identifies suspicious user behaviors and device patterns:

  • High Velocity & Critical Velocity: Abnormal submission rates

  • Multiple Profiles or Devices: Account sharing or device switching

  • Fraud History: Previous fraudulent activity from same device

  • Emulated Device: Submissions via app emulation software

  • Blocked Device: Submissions from blacklisted devices

Document Processing Signals

Vision Models

Examines document contents for manipulation:

  • Handwritten Characters: Manual alterations to key fields

  • Digital Tampering: Software-based document editing

  • LCD Photo: Detects screen photography instead of original documents

  • Generated Document: Detects AI-created images

  • Screenshot: Identifies digitally-created (non-paper) submissions

  • Fraudulent PDF: Analysis of PDF creation methods and structure

  • Not a Document: Identifies non-receipt submission

Data Models

  • Duplicate: prevents resubmission of identical receipts

  • Similar Documents: Identification of similar documents

  • Warnings: Document integrity checks

Each type can be configured to be on/off and have custom sensitivity based on your specific risk tolerance and submission patterns.

Please take a look at Veryfi API Documentation > Meta object for the most up-to-date JSON structure and field descriptions.


Fraud Types: A Closer Look

Fraud Type
+ Signal

Device-Based Signals

high velocity
meta.fraud.submissions

This feature identifies unusually high numbers of receipt submissions from a specific device_id across multiple time periods.

The system monitors submission rates during these intervals:

  • Last 6 minutes

  • Last day

  • Last 2 weeks

  • Last 30 days

Fraud Color Assignment

Default: Fraud Color set to Yellow if triggered.

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

  • Embedding threshold settings directly on the Veryfi side

  • Using Business Rules (BR) to construct custom thresholds on the users' side

*Depends on Veryfi Lens data

critical velocity

meta.fraud.submissions

This feature identifies extremely high numbers of receipt submissions from a specific device_id across several time periods. Similar to high velocity but with more aggressive thresholds.

Threshold values for critical velocity are configured with higher limits than standard high velocity.

When a device_id exceeds these elevated thresholds, the system flags potential fraudulent activity with greater urgency.

Fraud Color Assignment

Default: Fraud Color set to Red if triggered.

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

  • Embedding threshold settings directly on the Veryfi side

  • Using Business Rules (BR) to construct custom thresholds on the users' side

*Depends on Veryfi Lens data

multiple profiles or devices

The system tracks and flags unusual patterns where:

  • A single account submits receipts from numerous different device_id.

  • A single device_id is used to submit receipts through several different accounts

    • Within the past 30 days.

This helps identify potential fraud, account sharing, or bad actors attempting to manipulate the

*Depends on Veryfi Lens data

fraud history

When a user device_id with known fraudulent activity attempts new submission, the system escalates the risk assessment based on this historical pattern of bad behavior..

This feature increases the fraud score when receipts are submitted from a device_id that has previously submitted fraudulent documents.

The system examines:

  • Past 30 days of submission history

  • Requires a minimum of 5 submissions to trigger

  • Configurable by "div_coef" - higher values make this feature less aggressive

*Depends on Veryfi Lens data

emulated device

This feature immediately returns the Red color if the document was submitted via app emulation software.

When the system detects that a receipt submission originates from an emulated environment rather than a genuine mobile device, it automatically flags this as high-risk activity. This identifies attempts to use virtual devices, app simulators, or other emulation technologies that may indicate fraudulent submission patterns.

*Depends on Veryfi Lens data

blocked device

This feature immediately returns the Red color if device_id is in a blocked list.

When a receipt submission comes from a device_id that has been explicitly added to the system's blocklist, it automatically triggers the highest risk level. This allows for immediate identification and rejection of submissions from devices previously confirmed to be associated with fraudulent activity.

Fraud Type
+ Signal

Vision Models

handwritten characters

meta.handwritten_fields

This feature detects handwriting in specific fields of the submitted document. When handwritten modifications are identified, the system provides a list of the exact areas where handwriting occurred using dot notation.
For example, line_items.1.total indicates that the total in line item 1 was manually altered or written.

Fields examined for handwriting detection include:

  • total

  • subtotal

  • date

  • line_items:

    • total

    • price

  • tax_breakdown:

    • tax

    • tax_base

This analysis helps identify receipts that may have been manually modified to alter key financial information or the extracted value is handwritten. Some customers use this field as a separate signal to build workflows for data handling.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

This flexibility allows organizations to adjust sensitivity levels based on their specific risk tolerance and fraud patterns.

digital tampering

meta.digital_tampering_fields

This feature visually detects instances where documents have been digitally altered or manipulated.

The detection works specifically on photo submissions where visual alterations are present, analyzing pixel-level inconsistencies and pattern anomalies.

This feature can be configured to focus on specific fields, including:

  • total

  • subtotal

  • date

  • line_items:

    • total

    • price

  • tax_breakdown:

    • tax

    • tax_base

By identifying digital manipulation attempts, this feature helps prevent acceptance of fraudulently modified receipts where visual editing has occurred.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

Not a document
is_document

This feature identifies if the submitted image is not a valid receipt or document, but rather a random photo of cat. It functions as an enhanced extension of the document-level field is_document.

The system employs document classification algorithms to determine whether the submitted image contains legitimate receipt content or is an attempt to submit irrelevant material. This feature helps prevent fraud attempts where users submit random images or unrelated documents instead of actual receipts.

Fraud Color Assignment:
The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

LCD photo

meta.fraud.pages.is_lcd

This feature identifies when the submitted image is a photograph of a digital screen (monitor, tablet, or phone display) rather than an original document.

The system uses advanced image analysis to detect the characteristic patterns, pixel structures, and lighting anomalies that appear when someone takes a picture of an LCD/LED screen displaying a receipt. This helps prevent fraud attempts where users submit screen captures or photos of digitally displayed receipts instead of original receipt images.

By detecting screen photography, this feature helps ensure that only legitimate receipts captured directly from physical documents are processed.

Fraud Color Assignment:
The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

screenshot

Veryfi provides two complementary signals to identify non-paper document submissions:

#1 fraud_type: screenshot with fraud_attribute: Digital Background
A binary classifier that detects whether a document originated digitally rather than as a physical paper document.

#2. meta.pages.screenshot_type
Provides granular classification of the digital document type:
- mobile_screenshot — Capture from a mobile device screen
- other_screenshot — Desktop screenshots, PDF exports, and other digital documents
- null — Physical paper document capture
- ai_generated(Deprecated) AI-generated documents. Use meta.pages.ai_generated instead for this detection.

These signals help you flag and filter submissions of digital receipts, screen captures, and non-paper documents in expense management, reimbursement workflows, and compliance scenarios.

Note: The screenshot classification model is not applied to text-based PDFs, so meta.pages.screenshot_type will be absent from the JSON response for those documents.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

  • Fraud Configuration in Web Portal

  • Using Business Rules (BR) to construct custom thresholds on the users' side

  • meta.pages.screenshot_type does not affect fraud color or fraud type (!)

  • fraud_type: screenshot affects fraud color (!)

generated document

meta.pages.ai_generated

This feature is designed to detect images created by AI tools (such as ChatGPT, Gemini or other generative AI systems). It employs a dual detection approach:

  • Visual check: A specialized neural network analyzes image characteristics to identify telltale signs of AI generation. This analysis works only on images and not on PDFs. meta.pages.ai_generated - field

  • EXIF data check: The system examines document metadata for traces that indicate AI generation. This method only works when metadata is preserved in the submission and contains recognizable AI generation markers. meta.source_documents.exif

This feature helps prevent fraud attempts involving artificially created receipts that never existed in reality but appear legitimate.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

fraudulent pdf

This feature performs comprehensive analysis on PDF documents to detect signs of manipulation or fraudulent activity. It includes three specialized detection mechanisms:

  1. Fraudulent PDF Creator: Analyzes the software used to create or edit the PDF. Each known software application is assigned a fraud probability score. For example:

    • Photoshop: 0.95 (high probability of fraud)

    • Illustrator: 0.95 (high probability of fraud)

    • PDFTools SDK: 0.8 (elevated probability of fraud)

    • and 20+ more keywords ..

    Scores range from 0 to 1, with higher values indicating greater likelihood of fraudulent manipulation.

  2. Text Overlay: Examines word bounding boxes to identify text elements that highly overlap with each other. Such overlapping can indicate document editing or hidden text insertion. Scores range from 0 to 1, with higher values indicating more suspicious text placement.

  3. Font Mismatch: Evaluates the number and variety of fonts used per page. An unusual diversity of fonts may suggest document tampering or assembly from multiple sources. Scores range from 0 to 1, with higher values indicating more suspicious font usage patterns.

Fraud Color Assignment

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

  • Using Business Rules (BR) to construct custom thresholds on the users' side

  • Fraud Configuration in Web Portal

Fraud Type
+Signal

Data Models

duplicate

is_duplicate

This feature identifies when a submitted document is likely a duplicate of a previously submitted one. The detection algorithm employs straightforward matching of extracted values to identify repeated submissions of the same receipt.

The system utilizes the document-level field is_duplicate to flag instances where key receipt data points (such as vendor, date, total amount, etc) match those of previously processed documents.

This helps prevent fraud schemes involving multiple submissions of the same receipt for additional reimbursements or rewards.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

  • Using Business Rules (BR) to construct custom thresholds on the users' side

  • Fraud Configuration in Web Portal

Learn more about Duplicate vs Similar documents

similar documents

meta.duplicates

This feature identifies when a submitted document's text has high similarity with previously submitted documents, even if they aren't exact duplicates.

The system performs comprehensive text comparison analysis and returns a list of similar documents in the meta.duplicates field, complete with similarity scores. This allows for detection of slightly modified versions of the same receipt or documents that contain highly similar content but with minor alterations/differencies.

Similarity thresholds are fully configurable, allowing businesses to adjust sensitivity based on their specific needs and fraud patterns.

Fraud Color Assignment:

The fraud decision color for this feature is fully configurable. Thresholds can be customized for each signal by either:

warnings

Veryfi Warnings system works alongside the Fraud Detection Suite to identify calculation inconsistencies and logical discrepancies that may indicate potential issues. Unlike fraud signals that detect deliberate manipulation, warnings highlight natural anomalies such as mismatched line item totals, duplicate entries, or tax calculation errors that might occur in legitimate receipts but still warrant verification.

This additional layer of scrutiny helps organizations maintain data integrity even when submissions pass fraud detection, ensuring complete confidence in extracted financial information.

line_item_amount_missmatch

Line item totals x quantity do not add up to the subtotal value.

line_item_repeats

When a line item has the same description or SKU with the same quantity but a different total.

tax_rate_missmatch

When Tax Rate x Subtotal != Tax Amount

item_counts_missmatch

When number of products on line items doesn't match Number of Items Sold value

totals_missmatch

When subtotal from line items doesn't match subtotal on the document

barcode_decoding_issue

When barcode is present on the document but is not decodable

logo_vendor_missmatch

When vendor name from logo doesn't match vendor name output from model

barcode_code_missing_in_ocr

Decoded Barcode numbers were not found on the document

malware

Supplied pdf file contains executable javascript code or eicar malware

How to Get Access

Veryfi Fraud Detection Suite is a premium feature that requires separate activation beyond the standard API access. If you're interested, don't hesitate to get in touch with your Veryfi account manager to enable it for your organization.

How to Configure Fraud

Fraud Config is a self-service section in the Veryfi web portal where you can tune individual fraud signals for your account. Instead of waiting for Veryfi to adjust settings on your behalf, you can now enable or disable specific signals, set sensitivity thresholds, and control which document fields are monitored, all from one place. Guide here.

You can find it at: Settings > Fraud Config

Fraud Signals Analytics

Fraud Analytics is a self-service section in the Veryfi web portal where you can review and analyze fraud detection patterns across your document submissions. Instead of requesting custom reports from Veryfi, you can now explore fraud signal distributions, track trends over time, filter by specific fraud types, and identify patterns in flagged documents - all from one centralized dashboard.

You can find it at: Analytics>Fraud Stats


Review Flagged Documents in the Inbox

The Inbox now includes enhanced filtering for fraud-flagged documents. You can filter by specific fraud signals, fraud types, and confidence thresholds to quickly identify and review suspicious submissions. Instead of manually sorting through all documents, use the new fraud signal filters to isolate documents that triggered particular detection rules - making it easier to audit, approve, or reject flagged items in bulk.

You can find it at: Inbox>Fraud Filter

How can I help improve Veryfi's fraud detection accuracy?

You can establish a feedback loop by sending fraud decision corrections back to Veryfi using a PUT API call with the fraud_review object. This gives Veryfi team valuable insights into fraudulent and non-fraudulent submissions, helping us continuously improve our models.

How does this work in practice?

If your workflow includes sending warnings or flags to your end users (giving them the option to approve or reject a document), you can pass those decisions back to Veryfi.


For example:

  • User submits a document flagged as potentially fraudulent

  • You present a warning and ask them to confirm or dispute the flag

  • User makes their decision (approve/reject)

  • You send that feedback to Veryfi via the fraud_review object with just a decision or Fraud Type. API docs link for reference

    Decision : [fraud, not fraud, unknown]

    Types: [other, handwritten characters, digital tampering, generated document, ai generated, LCD photo, screenshot, not a document, duplicate, high velocity, fraudulent pdf, invalid qr data]

This closed-loop feedback helps Veryfi models learn from real-world decisions and improve detection accuracy over time.

Need help? Reach out to [email protected]

Related Articles
Detecting AI-Generated Images with Veryfi
Artifact Analysis: Handwriting & Digital & AI Detection for Receipts
Veryfi Default Fraud Configuration FAQ
Veryfi Embedded
Configuring Fraud Signals in Veryfi
Did this answer your question?