is_suspicious flag on verification reports and detailed error detection for document uploads. Understanding when and how to act on each is critical for maintaining data integrity without creating unnecessary friction.
Detect document upload fraud
For document processing (pay stubs, W-2s, tax forms), Truv runs every uploaded document through fraud detection trained on 50M+ verified pay stubs. When fraud or data issues are detected, the connection status is set toconfig_error or no_data.
Detecting fraud in document uploads
When a document upload task completes with aconfig_error status, fetch the task record to get the specific error message:
error_message field on each task in the response.
The error_message field on the task record provides the specific reason for the failure.
config_error messages
These indicate issues with the uploaded documents that require action. Some are fraud-related, others are validation failures.Fraud & tampering
Fraud & tampering
Identity mismatches
Identity mismatches
File issues
File issues
These errors only occur for documents uploaded through the Truv Bridge experience. For document collections, the same issues are caught up front by the validation check at upload time (see Monitor validation and classification) and never reach this
config_error path.no_data messages
These indicate the documents were processed but didn’t contain enough information to complete the verification.Manual Review with is_suspicious Flag
Every income and employment verification report includes anis_suspicious boolean field. When true, it signals that something in the returned data warrants a closer look. It does not necessarily indicate fraud.
Two-tier fraud detection
Truv uses a two-tier detection system. The tier determines whether the task completes with data or fails entirely.Tier 1 flags require manual review but still return data. Tier 2 blocks the verification entirely because the document cannot be trusted. Check the task
error_message for Tier 2 failures.Common triggers
Detection indicators
Truv’s fraud detection engine, trained on 50M+ verified pay stubs, analyzes documents across multiple dimensions.Document metadata analysis
Document metadata analysis
Every uploaded document carries metadata that reveals its creation and editing history. Truv inspects PDF producer fields, creation timestamps, and modification history to detect documents that were generated or altered using manipulation tools rather than produced by a legitimate payroll system.
Known fraud template matching
Known fraud template matching
Truv maintains a library of known fraudulent document templates. Uploaded documents are compared against these patterns to catch documents created from widely circulated fraud kits or template generators.
Manipulation tool detection
Manipulation tool detection
Documents edited with PDF manipulation software leave distinct artifacts. Truv detects these fingerprints, including font substitution, layer inconsistencies, and editing tool signatures that differ from legitimate payroll-generated documents.
Browser-generated PDF detection
Browser-generated PDF detection
Pay stubs “printed to PDF” from a browser rather than exported from a payroll system have different structural characteristics. While not always fraudulent, browser-generated PDFs bypass the payroll system’s native export and are flagged for review.
Date and pay period consistency
Date and pay period consistency
Truv validates that pay dates, pay period start and end dates, and year-to-date totals are internally consistent. Mismatched dates, impossible pay periods, or YTD totals that don’t align with pay frequency are flagged.
Cross-document consistency
Cross-document consistency
When multiple documents are uploaded (e.g., several pay stubs or a pay stub plus a W-2), Truv cross-references them for consistency. Inconsistencies trigger Tier 1 flags or Tier 2 failures depending on severity:
Cross-field validation
Cross-field validation
Individual fields within a document are validated against each other. Truv checks that gross pay, deductions, and net pay are arithmetically consistent, that tax withholdings are within plausible ranges for the stated income, and that employer identification numbers (EINs) match known formats.
How to handle each tier
Tier 1: is_suspicious = true
The is_suspicious flag appears in the response body when you fetch a verification report:
is_suspicious is true:
- Do not auto-reject. The flag is a signal for manual review, not an automatic denial.
- Compare the order details against the returned data. Check names, SSN, and employer information.
- Contact the applicant if needed. In many cases, the mismatch has a simple explanation (e.g., a spouse connected instead of the applicant).
Tier 2: Task fails with config_error
When a document is too suspicious to process, the task fails with status config_error and no verification data is returned. Fetch the task record to get the specific error_message. See Detect document upload fraud for all error messages and recommended actions.
SSN mismatch detection
When you create an order with the applicant’s SSN, Truv automatically compares it against the SSN returned from the payroll provider or extracted from uploaded documents. This is a backend validation — there is no front-end control or configuration.SSN matching runs automatically on every verification where an SSN is provided on the order. You cannot disable or configure this behavior. If no SSN is provided on the order, cross-matching against the payroll provider is skipped, but cross-document SSN consistency checks still run for document uploads.
is_suspicious: true on the report (Tier 1). The verification still completes with data, but you should route the result to manual review before accepting it.
For document uploads, SSN mismatches produce config_error task failures with specific error messages listed in the Identity mismatches section below.
Recommended review workflow
Priority levels
Test fraud scenarios
Truv provides test documents in sandbox mode to simulate fraud detection. See Test Documents for downloadable files including:- Tampered documents: triggers
Possible tampering detected - Different SSNs: triggers SSN mismatch errors
- Different applicant names: triggers name mismatch errors
- No data / invalid data: triggers
no_datascenarios
Next steps
Document Processing
Implementation guide for document uploads
Test Documents
Test fraud detection with sample documents
Connection Lifecycle
All connection statuses and error states
Errors & Handling
Complete error code reference
Bridge Events
Client-side event reference for error handling and fallback routing