Demo Mode — curated FINDIT2 test samples
Hidden by default · activate with Shift+D or?demo=1
Clean receipt
Low Risk · ~0%
True negative — small clean receipt; heatmap stays sparse.
Text imitation (IMI)
High Risk · ~99%
Product line redrawn in similar font. The paper itself cites this file.
Deletion (CUT)
High Risk · ~100%
Product line erased — different attack class than text edits.
Multi-region digit edit (CPI)
High Risk · ~99%
12 modified Total/Product regions — most visually striking heatmap.
Cross-document paste (CPO)
High Risk · ~99%
Content pasted from another receipt.
Hard case — model under-fires
Low Risk · ~15% (but actually forged)
Honest limit. Real CPI on Total/payment that the model misses; image-level discrimination is dataset-hard (paper F1 < 30 too).
VAT QR — clean Phase-1 invoice
QR check ✓ verified
Synthetic Saudi VAT QR with valid TLV, 15% rate, total matches OCR.
VAT QR — Phase-1 spec violations
QR check ✗ failed (format)
VAT# is malformed and VAT > total — both should fail format checks.
VAT QR — decimal-shift fraud
QR check ✗ failed (mismatch)
QR encodes a smaller total than the printed receipt (10× shift) — OCR cross-check should catch the discrepancy.
Real Saudia invoice (Phase-2)
QR ✓ (CNN over-fires)
Real Saudi Arabian Airlines invoice with 9-tag Phase-2 QR (includes ECDSA signature + cert). Total 479.55 SAR. QR check passes cleanly. The patch CNN false-flags this as high-risk because PDF-rendered Saudi invoices are out-of-distribution vs the FINDIT2 training set — this is exactly the regime where the structural QR signal earns its keep.
Real Saudia — decimal-shift fraud
✗ DISCREPANCY
Same Saudia receipt with the printed total scaled 10× (479.55 → 4795.50). QR untouched. Killer demo of structural verification.
Real Saudia — total replaced
✗ total mismatch
Printed total replaced with a different amount (not a decimal shift). Tests the generic 'QR total not found in receipt' branch.
Real Aldawaa pharmacy invoice (Phase-1)
QR caveats (CNN over-fires)
Real KSA pharmacy receipt. Implied VAT rate is 6.47 % (mixed-rate / zero-rated meds), correctly flagged as a warn not a fail. QR seller is "صيدلية الدواء" (Pharmacy Aldawaa) but the body prints "شركة الدواء الطبية" (Aldawaa Medical Company) — same brand, different legal name → soft seller warn. CNN over-fires for the same reason as Saudia.
Real Aldawaa — decimal-shift fraud
✗ DISCREPANCY
Aldawaa total tampered 37.99 → 379.90. QR cross-check catches it.
Real Aldawaa — VAT zeroed
VAT warn
Printed VAT amount blanked out. The QR's declared VAT is no longer findable in the OCR text → soft warn.
Tip: clicking a demo card reuses the engine's cache; click the same card twice to surface the duplicate-detection signal.
!
Verdict
— High risk
Likely forged
Visual tampering AND a VAT QR discrepancy were both detected.
Patch CNN
High risk
forgery confidence 100%
VAT QR
Discrepancy
1 QR
100%
CNN forgery confidence
⚠ Duplicate: exact match of a file already analysed in this session.
Saudi VAT QR check ✗ failed
ZATCA
Phase-1
QR
Phase-1
QR
Seller
صيدلية الدواء 340
VAT registration #
300544591200003Timestamp
2026-03-17T03:18:50Z
Invoice total
37.99 SAR
VAT amount
2.31 SAR
Format
6/7
· 1 caveat
Cross-check vs receipt
1/3
· 1 failed
· 1 caveat
- invoice total matches receipt — DISCREPANCY: QR total 37.99 SAR but receipt shows 379.90 SAR — likely decimal-shift tampering.
- VAT rate ≈ 15% — Implied rate 6.47% deviates 8.5pp from 15%. Could be mixed-rate / exempt items — review the line items.
- seller name on receipt — 'صيدلية الدواء 340' partially matches OCR text (token overlap 33%). Review manually.
Show all 10 checks
Format compliance
- payload decodes — Base64 + TLV well-formed; 5 tag(s) found.
- all mandatory tags present — Tags 1 (seller), 2 (VAT#), 3 (timestamp), 4 (total), 5 (VAT) all present.
- VAT number format — 300544591200003 — 15 digits, starts and ends with 3.
- timestamp valid — 2026-03-17T03:18:50Z (parses as ISO 8601).
- amounts numeric — Total 37.99 SAR · VAT 2.31 SAR.
- VAT ≤ total — VAT amount does not exceed invoice total.
- VAT rate ≈ 15% — Implied rate 6.47% deviates 8.5pp from 15%. Could be mixed-rate / exempt items — review the line items.
Cross-check vs receipt
- seller name on receipt — 'صيدلية الدواء 340' partially matches OCR text (token overlap 33%). Review manually.
- invoice total matches receipt — DISCREPANCY: QR total 37.99 SAR but receipt shows 379.90 SAR — likely decimal-shift tampering.
- VAT amount matches receipt — QR VAT 2.31 SAR appears in the receipt OCR.
Key findings
- Multiple regions show strong evidence of editing.
- Showing the top 5 highest-confidence regions (highest score 100%). 374 of 513 text-bearing regions exceeded the model's threshold overall.
- Edit type predicted across the top 5 regions: 3 × deletions / erasures and 2 × copy-paste edits.
- Targeted fields: 2 × Total / payment lines and 1 × Company / header info.
- This file is an exact duplicate of one already analysed in this session.
- VAT QR check: DISCREPANCY: QR total 37.99 SAR but receipt shows 379.90 SAR — likely decimal-shift tampering.
Document — original & heatmap
Original
🔍 Click to zoom
🔍 Click to zoom
Suspicion heatmap
🔍 Click to zoom
🔍 Click to zoom
Suspicious regions
The top 5 highest-confidence regions out of all 374 that exceeded the model's threshold. Hover or click any thumbnail to highlight that 128 × 128 region on the document on the left.
1
CPI
Company
2
CPI
Metadata
3
CUT
Total/payment
4
CUT
Total/payment
5
CUT
Other
Region breakdown table (5 rows)
| # | Coords | Score | Edit type | Field affected |
|---|---|---|---|---|
| 1 | (384, 512) |
100% | CPI 85% | Company 74% |
| 2 | (768, 64) |
100% | CPI 47% (low conf) | Metadata 48% (low conf) |
| 3 | (896, 1344) |
100% | CUT 85% | Total/payment 70% |
| 4 | (256, 960) |
100% | CUT 53% | Total/payment 47% (low conf) |
| 5 | (704, 64) |
99% | CUT 66% | Other 33% (low conf) |
Methodology, audit metadata & technical details
File:
aldawaa__decimal_shift.png
SHA-256: 47e10e598c62…
Size: 1700 × 2363 px
Analysed: 2026-05-11 23:29:28
Model: FraudX v2-multi · ResNet-18 · ep13 · thr=0.08
Patch precision
92.25% vs paper OH-JPEG 79.41%
Patch F1 / AUC
91.79 / 0.97
Image-level F1
29.66 vs paper ChatGPT-relaxed 28.39
Patches scored (this image)
936 · 513 text-bearing
Regions ≥ threshold
374 · thr 0.08
Top-region score
0.998
Approach. ResNet-18 patch classifier (128×128, stride 64) trained on FINDIT2 (Tornes et al., ICDAR 2023). Two auxiliary heads classify the modification technique and the document field; the binary backbone is frozen so the headline patch precision (92.25%) is preserved bit-for-bit while adding explainability. Image-level fraud score is the top-k mean of patch probabilities over text-bearing regions only (edge density ≥ 0.02) — keeps blank regions from poisoning the score.
Class accuracies on the FINDIT2 test set.
- Edit type: CPI 73% · CUT 100% · IMI 38% · PIX 55% · Other 14%
- Field: Total/payment 67% · Metadata 47% · Product 27% · Company 24%
Original technical findings (raw).
- Patch CNN flagged 374 of 513 text-rich patches (top score 1.00).
- Top 5 suspicious regions clustered around image coordinates (384,512), (768,64), (896,1344), (256,960), (704,64).
- Predicted modification mix across top regions: 3× CUT, 2× CPI.
- Predicted entity types: 2× Total/payment, 1× Company, 1× Metadata, 1× Other.
- Document is an EXACT duplicate of a file already analysed in this session (resubmission).