Tampering

In a KYC/KYB system, "document transformations" are high-risk moments. Tampering often occurs when a user converts a file (e.g., "Print to PDF") or edits it using consumer software. To maintain financial-grade integrity, you must verify both the Digital Forensics (the file's DNA) and the Visual Consistency (the file's appearance).

Here is the checklist of what your AdonisJS backend and Vue frontend should verify to detect tampering.

---

1. Metadata Analysis (The "Digital DNA")

Metadata is usually the first thing a fraudster forgets to scrub. Your backend should parse the file's properties for "Red Flags."

• Software "Producers": Genuine bank statements or government PDFs are generated by enterprise systems (e.g., Oracle Financials, Finacle, IText). If the metadata shows "Adobe Photoshop," "Canva," "SmallPDF," or "Preview," it is a high-probability tamper.

• Timestamp Mismatches: On a genuine document, the Creation Date and Modification Date should be identical or very close. If the modification date is weeks after the creation date, the file has been opened and re-saved.

• Author/Usernames: Check if the PDF "Author" field matches the customer's computer name or, worse, a known "Document Template" seller.

---

2. PDF Structure & Font Forensics

Fraudsters often "layer" new text over an existing document.

• Font Inconsistencies: Banks use highly consistent typography. If the "Balance" amount uses a slightly different font weight, size, or spacing than the "Transaction" text, it's a "Copy-Paste" job.

• Non-Embedded Fonts: If a PDF contains fonts that aren't "Embedded" or "Embedded Subset," it often means the text was added by a local machine rather than the bank's server.

• Invisible Layers: Sophisticated tools can detect "Hidden Text" or white boxes placed over original numbers. In your Vue viewer, you can implement a "Scan for Hidden Layers" toggle that highlights overlapping elements.

---

3. Visual & Forensic Image Checks

For scanned IDs (KYC) or Photos of documents, you need to check the Pixel Integrity.

• Pixel Noise (Compression Artifacts): When an image is edited (e.g., changing a "3" to an "8"), the "noise" or grain around that specific character will be different from the rest of the page.

• Copy-Move Detection: Look for identical patterns in the "noise." Fraudsters often clone a "0" from one part of a bank statement and paste it into the "Total" column.

• Edge Detection: Check the edges of the photo on an ID card. If the pixels around the headshot are "too sharp" compared to the rest of the card, the photo was digitally swapped.

---

4. The "Four-Eyes" Verification Checklist

In your Vue FE, provide the Analyst with a Tamper Checklist that they must manually confirm:

Checkpoint	What to look for
Logic Check	Do the line items actually sum up to the "Total" shown?
Logo Quality	Is the bank logo blurry or pixelated compared to the text?
Alignment	Are the numbers in the "Amount" column perfectly vertically aligned?
Template Match	Does this statement match the known layout for "Chase Bank" in 2026?

---

5. Implementation in AdonisJS

You can use a Node.js library like pdf-lib or exiftool-vendored to extract this data during the upload process.

TypeScript

// Example: Basic Metadata Check in an AdonisJS Service
import { ExifTool } from 'exiftool-vendored'
const exif = new ExifTool()

export async function analyzeFile(filePath: string) {
  const metadata = await exif.read(filePath)
  
  const redFlags = []
  if (metadata.Software?.includes('Photoshop')) redFlags.push('EDIT_SOFTWARE_DETECTED')
  if (metadata.CreateDate !== metadata.ModifyDate) redFlags.push('MODIFIED_AFTER_CREATION')
  
  return redFlags
}

Summary for your KYC Workflow

Every document transformation should be logged in your Audit Trail with its original hash (SHA-256). If a user uploads a file, and then "re-uploads" a corrected version, the system should flag it for a "Manual Forensic Review" by a Senior Compliance Officer.

In a KYC/KYB system, the most common "red flag" is a mismatch between the Creation Date (when the bank system generated the PDF) and the Modification Date (when the user opened it in Acrobat/Photoshop to change a number).

To do this in AdonisJS, you should use exiftool-vendored. It is the gold standard for reading deep metadata that simple libraries often miss.

1. Install the Forensic Tool

Bash

npm i exiftool-vendored

2. Create a Forensic Service

This service will take the uploaded file from your Adonis controller and return a "Risk Score."

TypeScript

// app/Services/DocumentForensicsService.ts
import { ExifTool } from 'exiftool-vendored'
const exif = new ExifTool()

export default class DocumentForensicsService {
  public async analyze(filePath: string) {
    const metadata = await exif.read(filePath)
    const redFlags: string[] = []
    
    // 1. Check for Editing Software
    const software = metadata.Software || metadata.Creator || ''
    const forbiddenTools = ['Photoshop', 'Illustrator', 'Canva', 'SmallPDF', 'Nitro', 'Preview']
    
    if (forbiddenTools.some(tool => software.includes(tool))) {
      redFlags.push(`EDIT_SOFTWARE_DETECTED: ${software}`)
    }

    // 2. Check for Date Mismatches (The "Smoking Gun")
    const created = metadata.CreateDate?.toDate()
    const modified = metadata.ModifyDate?.toDate()

    if (created && modified) {
      // Allow a 60-second window for system processing lag
      const diffInSeconds = Math.abs((modified.getTime() - created.getTime()) / 1000)
      if (diffInSeconds > 60) {
        redFlags.push(`DATE_TAMPER_SUSPECTED: Modified ${diffInSeconds}s after creation`)
      }
    }

    // 3. Check for Missing Fonts (Signs of a "Flat" copy-paste)
    if (metadata.PDFVersion && !metadata.Fonts) {
        // High-end financial PDFs almost always have embedded font subsets
        redFlags.push('FLATTENED_PDF_DETECTED: No internal font structures found')
    }

    return {
      isSuspicious: redFlags.length > 0,
      redFlags,
      metadata: {
        software,
        created,
        modified
      }
    }
  }
}

---

3. Integrate into your Adonis Controller

When the user uploads the document via your Vue frontend, the controller runs the check before saving the case.

TypeScript

// app/Controllers/Http/KycDocumentsController.ts
import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import DocumentForensicsService from '#services/DocumentForensicsService'

export default class KycDocumentsController {
  public async upload({ request, auth }: HttpContextContract) {
    const file = request.file('kyc_document')
    if (!file) return

    // Move file to tmp for analysis
    await file.moveToDisk('tmp')
    const filePath = `./storage/tmp/${file.fileName}`

    const forensics = new DocumentForensicsService()
    const report = await forensics.analyze(filePath)

    // Save to Database
    const doc = await KycDocument.create({
      tenantId: auth.user!.tenantId,
      fileName: file.fileName,
      riskScore: report.isSuspicious ? 'HIGH' : 'LOW',
      forensicNotes: JSON.stringify(report.redFlags)
    })

    return { doc, report }
  }
}

---

4. Visualizing the Result in Vue

On your "Checker" screen (the Analyst view), you can now highlight these flags.

Code snippet

<template>
  <div v-if="report.isSuspicious" class="bg-red-50 border-l-4 border-red-500 p-4 my-4">
    <div class="flex items-center">
      <AlertTriangleIcon class="text-red-500 mr-2" />
      <h3 class="font-bold text-red-800">Potential Tampering Detected</h3>
    </div>
    <ul class="mt-2 list-disc list-inside text-sm text-red-700">
      <li v-for="flag in report.redFlags" :key="flag">{{ flag }}</li>
    </ul>
  </div>
</template>

Why this works:

1. Hard to bypass: A fraudster would need to use command-line tools to manually rewrite the EXIF ModifyDate to match the CreateDate exactly. Most scammers don't go that deep.

2. Modular: You can add a new check (like "Check for low-resolution logos") to the analyze method without touching your frontend.

3. Auditable: Because the redFlags are stored in your DB, you can prove to a financial regulator why you rejected a specific customer.

Would you like me to show you how to add a "Pixel Consistency" check? This detects if a small area of an image (like a name or amount) has been altered by looking for "noise" variations.