The Check That Fooled the Eye — Not the Algorithm
Case Study · AI Fraud Detection · Analysis Report #1027
By RiskInMind Intelligence · June 2026
A detailed look at how RiskInMind’s AI-powered document verification caught a synthetic check that human review would likely have missed.
At first glance, the check is unremarkable. A Lone Star Bank personal check — number 1027, drawn May 10, 2025, for $5,872.41, signed by Jonathan T. Miller and marked for “Escrow Deposit.” The handwriting looks natural. The layout looks right. The routing and account numbers are formatted correctly.
A busy loan processor or escrow agent might approve it in seconds. RiskInMind’s Document Fraud Detection engine flagged it as High Risk in the same amount of time.
Analysis Result — Check #1027
| Field | Value |
|---|---|
| Document | Check #1027 · Jonathan T. Miller · Lone Star Bank |
| Amount | $5,872.41 |
| Date | May 10, 2025 |
| Memo | Escrow Deposit |
| Decision | ⚑ High Risk |
| Confidence | High |
| Risk Score | 60 / 100 |
| Recommended Action | Reject & Flag for Fraud Team |
Result: This document shows signs of tampering and should be reviewed carefully. Strong tampering signals were detected. The document should be declined or sent for fraud review.
What the AI Found
The system identified three distinct and independent tampering signals — each concerning on its own, collectively damning. None of them are visible to the naked eye.
⚠ Tampering Indicator 1 — PDF Forensic Layer Anomaly
Forensic analysis of the underlying PDF revealed flattened or provenance-mismatched content — a signature pattern of documents that have been digitally reassembled or exported from an edited source. Legitimate bank-issued PDFs carry consistent structural provenance. This one did not.
⚠ Tampering Indicator 2 — Embedded Raster Image Anomalies
The embedded image layers showed both duplicate-region evidence and localized anomaly signatures — forensic signals common in copy-paste tampering or region-level editing. Portions of the document image appear to have been lifted from one source and composited into another.
⚠ Tampering Indicator 3 — Synthetic Handwriting & Future-Dated Metadata
The LLM signal identified the “handwriting” as a synthetic digital creation — perfectly repeating character forms without the natural variance of human script. Compounding this, the document’s embedded metadata carried a 2026 timestamp despite the check face reading May 2025. A classic hallmark of a digitally manufactured document.
· Minor Metadata Gap
The author field was absent from the document metadata — a minor but noted signal that, combined with the above findings, reinforces the overall risk profile.
“A risk score of 60 with high confidence isn’t a close call — it’s a clear signal. Three independent tampering indicators converge on a single verdict: this document was constructed, not printed.”
— RiskInMind Forensic Engine · Analysis Report #1027
Why This Matters for Lenders
Fraudulent checks submitted as escrow deposits, loan proof-of-funds, or down-payment documentation represent a growing exposure for community banks and credit unions. Modern synthetic documents are no longer crude forgeries — they are purpose-built digital artifacts designed to pass casual inspection.
The check above clears every visual heuristic a human reviewer is trained to apply: proper layout, legible numbers, a plausible signature, correct bank formatting. What gives it away are digital fingerprints — forensic anomalies in image layers, provenance mismatches in PDF structure, statistical impossibilities in handwriting variance — that no human can realistically detect at scale.
Three Layers of Detection
PDF Forensic Analysis examines the structural integrity of the document file — layer provenance, creation pipeline, and metadata consistency. Documents produced organically by banking software leave a coherent trail. Assembled or edited documents do not.
Image-Level Forensic Scanning applies computer vision to detect duplicate regions, localized pixel anomalies, and compression inconsistencies that arise when image content is copied, pasted, or selectively altered. It is effective against both region-level edits and wholesale image substitution.
LLM Semantic Review brings language model reasoning to document plausibility — identifying synthetic handwriting, temporal inconsistencies between visual and metadata dates, and formatting patterns inconsistent with the claimed institution.
Together, these three signals converge on a single risk score and recommended action, giving your underwriting or compliance team a clear, actionable output within seconds of document upload.
Try It Yourself
Submit any bank statement, check, pay stub, or financial document. RiskInMind returns a forensic verdict in seconds — not hours.
- 🔗 Web: riskinmind.ai/products/document-fraud-detection
- 🔗 API & Direct Access: riskinmind.ai
Built for credit unions and community banks. Automate underwriting, monitor portfolios, and stay compliant.
