Demo Mode — curated FINDIT2 test samples
Hidden by default · activate with Shift+D or?demo=1
Clean receipt
Low Risk · ~0%
True negative — small clean receipt; heatmap stays sparse.
Text imitation (IMI)
High Risk · ~99%
Product line redrawn in similar font. The paper itself cites this file.
Deletion (CUT)
High Risk · ~100%
Product line erased — different attack class than text edits.
Multi-region digit edit (CPI)
High Risk · ~99%
12 modified Total/Product regions — most visually striking heatmap.
Cross-document paste (CPO)
High Risk · ~99%
Content pasted from another receipt.
Hard case — model under-fires
Low Risk · ~15% (but actually forged)
Honest limit. Real CPI on Total/payment that the model misses; image-level discrimination is dataset-hard (paper F1 < 30 too).
VAT QR — clean Phase-1 invoice
QR check ✓ verified
Synthetic Saudi VAT QR with valid TLV, 15% rate, total matches OCR.
VAT QR — Phase-1 spec violations
QR check ✗ failed (format)
VAT# is malformed and VAT > total — both should fail format checks.
VAT QR — decimal-shift fraud
QR check ✗ failed (mismatch)
QR encodes a smaller total than the printed receipt (10× shift) — OCR cross-check should catch the discrepancy.
Real Saudia invoice (Phase-2)
QR ✓ (CNN over-fires)
Real Saudi Arabian Airlines invoice with 9-tag Phase-2 QR (includes ECDSA signature + cert). Total 479.55 SAR. QR check passes cleanly. The patch CNN false-flags this as high-risk because PDF-rendered Saudi invoices are out-of-distribution vs the FINDIT2 training set — this is exactly the regime where the structural QR signal earns its keep.
Real Saudia — decimal-shift fraud
✗ DISCREPANCY
Same Saudia receipt with the printed total scaled 10× (479.55 → 4795.50). QR untouched. Killer demo of structural verification.
Real Saudia — total replaced
✗ total mismatch
Printed total replaced with a different amount (not a decimal shift). Tests the generic 'QR total not found in receipt' branch.
Real Aldawaa pharmacy invoice (Phase-1)
QR caveats (CNN over-fires)
Real KSA pharmacy receipt. Implied VAT rate is 6.47 % (mixed-rate / zero-rated meds), correctly flagged as a warn not a fail. QR seller is "صيدلية الدواء" (Pharmacy Aldawaa) but the body prints "شركة الدواء الطبية" (Aldawaa Medical Company) — same brand, different legal name → soft seller warn. CNN over-fires for the same reason as Saudia.
Real Aldawaa — decimal-shift fraud
✗ DISCREPANCY
Aldawaa total tampered 37.99 → 379.90. QR cross-check catches it.
Real Aldawaa — VAT zeroed
VAT warn
Printed VAT amount blanked out. The QR's declared VAT is no longer findable in the OCR text → soft warn.
Tip: clicking a demo card reuses the engine's cache; click the same card twice to surface the duplicate-detection signal.
✓
Verdict
— Low risk
Looks clean
No regions exceeded the forgery threshold. No VAT QR present to cross-check.
Patch CNN
Low risk
forgery confidence 4%
VAT QR
No QR
no ZATCA QR detected
4%
CNN forgery confidence
Reason
Required for the audit trail. One line is fine.
Saudi VAT QR check — no QR
No ZATCA VAT QR detected.
Key findings
- No regions exceeded the model's forgery threshold.
- Showing the top 5 highest-confidence regions (highest score 70%). 7 of 73 text-bearing regions exceeded the model's threshold overall.
- Edit type predicted across the top 5 regions: 5 × deletions / erasures.
- Targeted fields: 4 × Product lines and 1 × Company / header info.
Document — original & heatmap
Original
🔍 Click to zoom
🔍 Click to zoom
Suspicion heatmap
🔍 Click to zoom
🔍 Click to zoom
Suspicious regions
The top 5 highest-confidence regions out of all 7 that exceeded the model's threshold. Hover or click any thumbnail to highlight that 128 × 128 region on the document on the left.
1
CUT
Product
2
CUT
Product
3
CUT
Company
4
CUT
Product
5
CUT
Product
Region breakdown table (5 rows)
| # | Coords | Score | Edit type | Field affected |
|---|---|---|---|---|
| 1 | (64, 669) |
70% | CUT 75% | Product 48% (low conf) |
| 2 | (0, 669) |
69% | CUT 76% | Product 48% (low conf) |
| 3 | (128, 669) |
49% | CUT 92% | Company 40% (low conf) |
| 4 | (128, 640) |
45% | CUT 91% | Product 39% (low conf) |
| 5 | (0, 640) |
44% | CUT 90% | Product 35% (low conf) |
Methodology, audit metadata & technical details
File:
X00016469676.png
SHA-256: ebf4a481c57b…
Size: 463 × 797 px
Analysed: 2026-05-11 22:22:51
Model: FraudX v2-multi · ResNet-18 · ep13 · thr=0.08
Patch precision
92.25% vs paper OH-JPEG 79.41%
Patch F1 / AUC
91.79 / 0.97
Image-level F1
29.66 vs paper ChatGPT-relaxed 28.39
Patches scored (this image)
84 · 73 text-bearing
Regions ≥ threshold
7 · thr 0.08
Top-region score
0.043
Approach. ResNet-18 patch classifier (128×128, stride 64) trained on FINDIT2 (Tornes et al., ICDAR 2023). Two auxiliary heads classify the modification technique and the document field; the binary backbone is frozen so the headline patch precision (92.25%) is preserved bit-for-bit while adding explainability. Image-level fraud score is the top-k mean of patch probabilities over text-bearing regions only (edge density ≥ 0.02) — keeps blank regions from poisoning the score.
Class accuracies on the FINDIT2 test set.
- Edit type: CPI 73% · CUT 100% · IMI 38% · PIX 55% · Other 14%
- Field: Total/payment 67% · Metadata 47% · Product 27% · Company 24%
Original technical findings (raw).
- Patch CNN flagged 7 of 73 text-rich patches (top score 0.70).
- Top 5 suspicious regions clustered around image coordinates (64,669), (0,669), (128,669), (128,640), (0,640).
- Predicted modification mix across top regions: 5× CUT.
- Predicted entity types: 4× Product, 1× Company.