Demo Mode — curated FINDIT2 test samples
Hidden by default · activate with Shift+D or?demo=1
Clean receipt
Low Risk · ~0%
True negative — small clean receipt; heatmap stays sparse.
Text imitation (IMI)
High Risk · ~99%
Product line redrawn in similar font. The paper itself cites this file.
Deletion (CUT)
High Risk · ~100%
Product line erased — different attack class than text edits.
Multi-region digit edit (CPI)
High Risk · ~99%
12 modified Total/Product regions — most visually striking heatmap.
Cross-document paste (CPO)
High Risk · ~99%
Content pasted from another receipt.
Hard case — model under-fires
Low Risk · ~15% (but actually forged)
Honest limit. Real CPI on Total/payment that the model misses; image-level discrimination is dataset-hard (paper F1 < 30 too).
VAT QR — clean Phase-1 invoice
QR check ✓ verified
Synthetic Saudi VAT QR with valid TLV, 15% rate, total matches OCR.
VAT QR — Phase-1 spec violations
QR check ✗ failed (format)
VAT# is malformed and VAT > total — both should fail format checks.
VAT QR — decimal-shift fraud
QR check ✗ failed (mismatch)
QR encodes a smaller total than the printed receipt (10× shift) — OCR cross-check should catch the discrepancy.
Real Saudia invoice (Phase-2)
QR ✓ (CNN over-fires)
Real Saudi Arabian Airlines invoice with 9-tag Phase-2 QR (includes ECDSA signature + cert). Total 479.55 SAR. QR check passes cleanly. The patch CNN false-flags this as high-risk because PDF-rendered Saudi invoices are out-of-distribution vs the FINDIT2 training set — this is exactly the regime where the structural QR signal earns its keep.
Real Saudia — decimal-shift fraud
✗ DISCREPANCY
Same Saudia receipt with the printed total scaled 10× (479.55 → 4795.50). QR untouched. Killer demo of structural verification.
Real Saudia — total replaced
✗ total mismatch
Printed total replaced with a different amount (not a decimal shift). Tests the generic 'QR total not found in receipt' branch.
Real Aldawaa pharmacy invoice (Phase-1)
QR caveats (CNN over-fires)
Real KSA pharmacy receipt. Implied VAT rate is 6.47 % (mixed-rate / zero-rated meds), correctly flagged as a warn not a fail. QR seller is "صيدلية الدواء" (Pharmacy Aldawaa) but the body prints "شركة الدواء الطبية" (Aldawaa Medical Company) — same brand, different legal name → soft seller warn. CNN over-fires for the same reason as Saudia.
Real Aldawaa — decimal-shift fraud
✗ DISCREPANCY
Aldawaa total tampered 37.99 → 379.90. QR cross-check catches it.
Real Aldawaa — VAT zeroed
VAT warn
Printed VAT amount blanked out. The QR's declared VAT is no longer findable in the OCR text → soft warn.
Tip: clicking a demo card reuses the engine's cache; click the same card twice to surface the duplicate-detection signal.
!
Verdict
— High risk
Likely forged
Multiple regions show strong evidence of editing.
Patch CNN
High risk
forgery confidence 95%
VAT QR
No QR
no ZATCA QR detected
95%
CNN forgery confidence
Reason
Required for the audit trail. One line is fine.
Decision history (1)
- flagged by audit-bot at 2026-05-11 10:50:20
Saudi VAT QR check — no QR
No ZATCA VAT QR detected.
Key findings
- Multiple regions show strong evidence of editing.
- Showing the top 5 highest-confidence regions (highest score 100%). 76 of 263 text-bearing regions exceeded the model's threshold overall.
- Edit type predicted across the top 5 regions: 5 × copy-paste edits.
- Targeted fields: 2 × other fields and 1 × Date / store metadata.
Document — original & heatmap
Original
🔍 Click to zoom
🔍 Click to zoom
Suspicion heatmap
🔍 Click to zoom
🔍 Click to zoom
Suspicious regions
The top 5 highest-confidence regions out of all 76 that exceeded the model's threshold. Hover or click any thumbnail to highlight that 128 × 128 region on the document on the left.
1
CPI
Other
2
CPI
Metadata
3
CPI
Company
4
CPI
Product
5
CPI
Other
Region breakdown table (5 rows)
| # | Coords | Score | Edit type | Field affected |
|---|---|---|---|---|
| 1 | (576, 1600) |
100% | CPI 87% | Other 45% (low conf) |
| 2 | (512, 1600) |
100% | CPI 79% | Metadata 44% (low conf) |
| 3 | (256, 1600) |
95% | CPI 73% | Company 44% (low conf) |
| 4 | (512, 1472) |
92% | CPI 64% | Product 33% (low conf) |
| 5 | (384, 1600) |
86% | CPI 79% | Other 35% (low conf) |
Methodology, audit metadata & technical details
File:
X51005447851.png
SHA-256: f39fb23d4df8…
Size: 928 × 1771 px
Analysed: 2026-05-11 22:22:58
Model: FraudX v2-multi · ResNet-18 · ep13 · thr=0.08
Patch precision
92.25% vs paper OH-JPEG 79.41%
Patch F1 / AUC
91.79 / 0.97
Image-level F1
29.66 vs paper ChatGPT-relaxed 28.39
Patches scored (this image)
378 · 263 text-bearing
Regions ≥ threshold
76 · thr 0.08
Top-region score
0.946
Approach. ResNet-18 patch classifier (128×128, stride 64) trained on FINDIT2 (Tornes et al., ICDAR 2023). Two auxiliary heads classify the modification technique and the document field; the binary backbone is frozen so the headline patch precision (92.25%) is preserved bit-for-bit while adding explainability. Image-level fraud score is the top-k mean of patch probabilities over text-bearing regions only (edge density ≥ 0.02) — keeps blank regions from poisoning the score.
Class accuracies on the FINDIT2 test set.
- Edit type: CPI 73% · CUT 100% · IMI 38% · PIX 55% · Other 14%
- Field: Total/payment 67% · Metadata 47% · Product 27% · Company 24%
Original technical findings (raw).
- Patch CNN flagged 76 of 263 text-rich patches (top score 1.00).
- Top 5 suspicious regions clustered around image coordinates (576,1600), (512,1600), (256,1600), (512,1472), (384,1600).
- Predicted modification mix across top regions: 5× CPI.
- Predicted entity types: 2× Other, 1× Metadata, 1× Company, 1× Product.