Demo Mode — curated FINDIT2 test samples
Hidden by default · activate with Shift+D or?demo=1
Clean receipt
Low Risk · ~0%
True negative — small clean receipt; heatmap stays sparse.
Text imitation (IMI)
High Risk · ~99%
Product line redrawn in similar font. The paper itself cites this file.
Deletion (CUT)
High Risk · ~100%
Product line erased — different attack class than text edits.
Multi-region digit edit (CPI)
High Risk · ~99%
12 modified Total/Product regions — most visually striking heatmap.
Cross-document paste (CPO)
High Risk · ~99%
Content pasted from another receipt.
Hard case — model under-fires
Low Risk · ~15% (but actually forged)
Honest limit. Real CPI on Total/payment that the model misses; image-level discrimination is dataset-hard (paper F1 < 30 too).
VAT QR — clean Phase-1 invoice
QR check ✓ verified
Synthetic Saudi VAT QR with valid TLV, 15% rate, total matches OCR.
VAT QR — Phase-1 spec violations
QR check ✗ failed (format)
VAT# is malformed and VAT > total — both should fail format checks.
VAT QR — decimal-shift fraud
QR check ✗ failed (mismatch)
QR encodes a smaller total than the printed receipt (10× shift) — OCR cross-check should catch the discrepancy.
Real Saudia invoice (Phase-2)
QR ✓ (CNN over-fires)
Real Saudi Arabian Airlines invoice with 9-tag Phase-2 QR (includes ECDSA signature + cert). Total 479.55 SAR. QR check passes cleanly. The patch CNN false-flags this as high-risk because PDF-rendered Saudi invoices are out-of-distribution vs the FINDIT2 training set — this is exactly the regime where the structural QR signal earns its keep.
Real Saudia — decimal-shift fraud
✗ DISCREPANCY
Same Saudia receipt with the printed total scaled 10× (479.55 → 4795.50). QR untouched. Killer demo of structural verification.
Real Saudia — total replaced
✗ total mismatch
Printed total replaced with a different amount (not a decimal shift). Tests the generic 'QR total not found in receipt' branch.
Real Aldawaa pharmacy invoice (Phase-1)
QR caveats (CNN over-fires)
Real KSA pharmacy receipt. Implied VAT rate is 6.47 % (mixed-rate / zero-rated meds), correctly flagged as a warn not a fail. QR seller is "صيدلية الدواء" (Pharmacy Aldawaa) but the body prints "شركة الدواء الطبية" (Aldawaa Medical Company) — same brand, different legal name → soft seller warn. CNN over-fires for the same reason as Saudia.
Real Aldawaa — decimal-shift fraud
✗ DISCREPANCY
Aldawaa total tampered 37.99 → 379.90. QR cross-check catches it.
Real Aldawaa — VAT zeroed
VAT warn
Printed VAT amount blanked out. The QR's declared VAT is no longer findable in the OCR text → soft warn.
Tip: clicking a demo card reuses the engine's cache; click the same card twice to surface the duplicate-detection signal.
✓
Verdict
— Low risk
Looks clean
No regions exceeded the forgery threshold. No VAT QR present to cross-check.
Patch CNN
Low risk
forgery confidence 30%
VAT QR
No QR
no ZATCA QR detected
30%
CNN forgery confidence
Reason
Required for the audit trail. One line is fine.
Decision history (1)
- approved by audit-bot at 2026-05-09 15:16:20
Saudi VAT QR check — no QR
No ZATCA VAT QR detected.
Key findings
- No regions exceeded the model's forgery threshold.
- Showing the top 5 highest-confidence regions (highest score 86%). 11 of 51 text-bearing regions exceeded the model's threshold overall.
- Edit type predicted across the top 5 regions: 3 × deletions / erasures and 2 × copy-paste edits.
- Targeted fields: 3 × Company / header info and 2 × Total / payment lines.
Document — original & heatmap
Original
🔍 Click to zoom
🔍 Click to zoom
Suspicion heatmap
🔍 Click to zoom
🔍 Click to zoom
Suspicious regions
The top 5 highest-confidence regions out of all 11 that exceeded the model's threshold. Hover or click any thumbnail to highlight that 128 × 128 region on the document on the left.
1
CPI
Total/payment
2
CUT
Company
3
CPI
Total/payment
4
CUT
Company
5
CUT
Company
Region breakdown table (5 rows)
| # | Coords | Score | Edit type | Field affected |
|---|---|---|---|---|
| 1 | (128, 0) |
86% | CPI 75% | Total/payment 58% |
| 2 | (335, 64) |
41% | CUT 93% | Company 62% |
| 3 | (335, 477) |
26% | CPI 76% | Total/payment 60% |
| 4 | (320, 64) |
21% | CUT 95% | Company 83% |
| 5 | (335, 128) |
16% | CUT 93% | Company 67% |
Methodology, audit metadata & technical details
File:
X00016469669.png
SHA-256: e7922674d724…
Size: 463 × 605 px
Analysed: 2026-05-11 22:22:59
Model: FraudX v2-multi · ResNet-18 · ep13 · thr=0.08
Patch precision
92.25% vs paper OH-JPEG 79.41%
Patch F1 / AUC
91.79 / 0.97
Image-level F1
29.66 vs paper ChatGPT-relaxed 28.39
Patches scored (this image)
63 · 51 text-bearing
Regions ≥ threshold
11 · thr 0.08
Top-region score
0.296
Approach. ResNet-18 patch classifier (128×128, stride 64) trained on FINDIT2 (Tornes et al., ICDAR 2023). Two auxiliary heads classify the modification technique and the document field; the binary backbone is frozen so the headline patch precision (92.25%) is preserved bit-for-bit while adding explainability. Image-level fraud score is the top-k mean of patch probabilities over text-bearing regions only (edge density ≥ 0.02) — keeps blank regions from poisoning the score.
Class accuracies on the FINDIT2 test set.
- Edit type: CPI 73% · CUT 100% · IMI 38% · PIX 55% · Other 14%
- Field: Total/payment 67% · Metadata 47% · Product 27% · Company 24%
Original technical findings (raw).
- Patch CNN flagged 11 of 51 text-rich patches (top score 0.86).
- Top 5 suspicious regions clustered around image coordinates (128,0), (335,64), (335,477), (320,64), (335,128).
- Predicted modification mix across top regions: 3× CUT, 2× CPI.
- Predicted entity types: 3× Company, 2× Total/payment.