Do I need an account?

No — one-off conversions work without signing in. A free account unlocks conversion history and the 10-file batch upload.

Are my the bank PDFs stored on your servers?

No. The PDF is parsed in memory and discarded as soon as the extraction finishes. Only the structured JSON is persisted, and only if you're signed in, with a 24-hour default retention on the free tier.

Password-protected PDFs?

Yes. If the PDF is encrypted, the upload prompts for the password inline and decrypts in memory during parsing. We never store the password.

Can I convert multiple the bank statements at once?

Drop up to 10 PDFs in a single batch. Each runs through the queue with its own status row, and when everything finishes a single ZIP packages all the converted files in your chosen format.

How accurate is the conversion?

For digital PDFs accuracy is effectively 100% on transaction rows, validated by the running-balance check. Scanned or low-quality PDFs go through a vision LLM pass, and the same running-balance check still runs.

May 1, 2026 · 9 min read

How Forensic Accountants Detect Altered Bank Statements

A structured, defensible method for CFF/CFE professionals to identify fabricated or manipulated PDF bank statements before relying on the data in litigation or audit work.

Opposing counsel produces a PDF bank statement. It looks clean — correct headers, legible fonts, plausible transaction dates. The question a forensic accountant must answer before that document enters any damage model or asset schedule is simple: is it authentic? Altered bank statements appear in divorce, fraud, and IRS audit engagements with enough frequency that a repeatable detection protocol is not optional — it is a professional obligation.

This guide outlines the layered checks forensic accountants use to assess PDF bank statement integrity, from surface-level typography flags through running-balance arithmetic to metadata forensics. The checks are sequenced in the order they are typically applied — cheap and fast first, computationally intensive last.

Why Bank Statements Are a Preferred Target for Manipulation

Bank statements are attractive to alter because they carry implicit institutional authority. A party producing a statement assumes the reviewer will trust the bank's logo and formatting rather than verify the underlying arithmetic. In litigation, statements are often produced in bulk — dozens of months across multiple accounts — which creates fatigue pressure that bad actors exploit.

The manipulation range is wide. At the crude end: a PDF editor is used to overwrite a specific transaction amount or delete a row entirely. At the sophisticated end: a statement is reconstructed from a bank's public HTML template, populated with fabricated data, and exported as a native-looking PDF. Neither technique survives a structured forensic review, but both will survive a visual skim.

Deletion of a single debit can inflate a reported ending balance by exactly that amount.
Changing a transfer description from one account to another can obscure asset movement between parties.
Adding a fictitious income credit can misrepresent earnings in a support or damages calculation.
Reconstructed PDFs often fail on metadata, font embedding, and running-balance continuity simultaneously.

Layer 1 — Surface and Typography Checks

The first pass is visual but disciplined. Authentic bank-issued PDFs are generated programmatically from a fixed template. That means font families, point sizes, column spacing, and header formatting are mechanically consistent across all pages of the same statement and across all statements from the same institution in the same period. Any deviation is a flag, not a finding — but it triggers deeper review.

Font and Rendering Inconsistencies

Open the PDF in Adobe Acrobat and use the preflight panel or a font inspection tool to enumerate embedded fonts. A bank-generated statement typically embeds one or two font families uniformly. If a particular page or row shows a different font embedding, a rasterized character, or a slightly different baseline, something was placed on top of the original. Consumer PDF editors often flatten to a generic font or rasterize edited text rather than matching the original embedded font precisely.

Alignment and Column Geometry

Transaction amounts on authentic statements align to a fixed decimal column. Extract the page with pdfplumber, PyMuPDF, or another text-with-coordinates tool and compare the x-coordinates of amount fields against the column grid. Inserted or overwritten values frequently sit a few points off the original grid — invisible to the naked eye at normal zoom but immediate from a coordinate dump.

Layer 2 — Running Balance Arithmetic Verification

The running balance is the most reliable single check for statement integrity. Every authentic bank statement maintains the invariant: prior balance plus credits minus debits equals the posted balance for each row. This relationship holds for every transaction line without exception. A single failure anywhere in the statement is a material integrity defect.

Manual verification across a 90-day statement with 200 transactions is error-prone and slow. The practical approach is to extract the statement to a structured format — CSV or Excel — and run the arithmetic programmatically. The extracted data should carry a verified badge only when the running balance recalculates cleanly to within a $0.01 tolerance across every row. Any row where the running balance breaks is flagged for investigation.

Common manipulation signatures in the running balance: a deleted transaction leaves the balance unchanged from the prior row (two consecutive rows with identical balances where no zero-dollar transaction is listed); an amount change causes all downstream balances to shift by a fixed delta; a reconstructed statement often miscalculates the balance for the first or last row of a page because the fabricator applied the correct opening balance but used an incorrect page-level subtotal.

Two consecutive identical balances with no intervening zero-dollar transaction signal a deleted row.
A constant delta between all reported balances and the recalculated balances signals a single amount was changed.
A balance error that first appears mid-statement and persists to the end narrows the manipulation to a specific date range.
A balance that reconciles on every page individually but not across page breaks signals fabrication by page rather than by full statement.

Layer 3 — Cross-Statement Continuity Checks

A single statement in isolation can be altered and still pass internal arithmetic if the fabricator recalculates all downstream balances correctly. The continuity check across multiple statement periods is harder to defeat. The ending balance of period N must equal the opening balance of period N+1 exactly. Across a 12-month production spanning 12 statements, this creates 11 continuity checkpoints the fabricator must maintain consistently.

Cross-statement continuity also catches gap manipulation: a party who withholds an entire month or quarter hoping the reviewer will not notice. When statements are loaded into a single spreadsheet sorted by date, a missing period is immediately visible as a discontinuity in the date sequence or an unexplained jump in the opening balance.

Transaction-Level Cross-Reference

Where corroborating records exist — credit card statements, brokerage transfers, real estate records, payroll records — individual transactions can be cross-referenced by amount, date, and description. A $4,200 wire transfer appearing in a payroll record that is absent from the corresponding bank statement, or that appears with a different amount, is a finding. This is the evidentiary layer that converts a balance anomaly into a provable alteration.

Account Number and Statement Header Consistency

Verify that the account number (often partially masked), routing number suffix, statement period, and institution address are consistent across all produced statements. Fabricators sometimes introduce inconsistencies in these fields when populating a reconstructed template — copying a statement number that should increment, reusing a statement period date, or using an address format that the bank discontinued before the statement period.

Layer 4 — PDF Metadata and Creation Artifact Analysis

Authentic bank-generated PDFs carry metadata that reflects institutional production systems: a Creator field referencing the bank's print or document management software, a Producer field corresponding to a PostScript or PDF library version, and a CreationDate that falls within a narrow plausible window after the statement period closes. Reconstruction with a consumer PDF tool leaves a different metadata signature.

Use exiftool or Acrobat's document properties panel to extract full XMP and DocInfo metadata. Look for: Creator or Producer values that reference Adobe Acrobat, PDFium, Foxit, or LibreOffice rather than a bank production system; a ModDate that postdates the CreationDate by weeks or months (indicating post-creation editing); and an absence of the document ID pair that genuine bank PDFs typically embed. None of these alone is conclusive, but each narrows the probability distribution toward alteration.

A ModDate later than CreationDate by more than a few seconds indicates the PDF was opened and re-saved after initial generation.
Creator fields referencing consumer PDF editors are inconsistent with bank production workflows.
Missing or zeroed document ID fields are common in PDFs reconstructed from HTML templates and printed to PDF.
Incremental update structures in the PDF byte stream show which objects were modified after original creation — visible in a hex editor or with tools like pdf-parser.py.
Page object creation timestamps embedded in some PDF generators can reveal that individual pages were produced at different times.

Integrating Programmatic Verification Into the Forensic Workflow

Manual execution of these checks across a multi-account, multi-period production is not sustainable at engagement scale. The practical workflow is to convert all produced PDFs to structured spreadsheet data first, verify running-balance continuity programmatically across every statement, and then apply the manual and metadata checks to statements that fail or are flagged for other reasons.

The conversion step itself serves a diagnostic function: a PDF that cannot be extracted cleanly — one where OCR confidence is low, where columns do not align, or where transaction counts do not match page totals — is itself a flag. Authentic bank-generated PDFs are text-native and extract cleanly. A statement that requires heavy OCR correction, or that produces garbled text in columns that should be programmatically regular, warrants scrutiny independent of the balance arithmetic.

When a converted statement earns a verified running-balance badge — meaning every row recalculates to within the $0.01 tolerance — that confirmation is documentable. The verification output becomes a working-paper exhibit: here is the extracted data, here is the recalculation, here is the badge status. If a statement fails verification, the failure output is equally documentable as the basis for requesting the native file, a bank-certified copy, or a subpoena for the institution's records directly.

Requesting Certified Copies and Subpoena Strategy

A failed running-balance verification or a metadata anomaly is the evidentiary basis for escalating document requests. In divorce litigation, counsel can request a certified copy directly from the financial institution or subpoena the institution's production in native format with chain of custody documentation. Certified copies carry the institution's authentication and are not subject to the alteration vectors that apply to party-produced PDFs.

Document the specific anomaly found — the row where the balance breaks, the metadata field that is inconsistent, the font deviation — before requesting the certified copy. Courts and opposing counsel respond to specific, technically grounded requests. A general objection to authenticity without documented support is easily dismissed; a working paper showing row 47 of the March statement carries a $312.00 balance discrepancy from the recalculated figure is not.

Convert and verify your statement PDFs — running-balance check on every row, 15 free pages, no card required.