Title: Validate Integrity of Uploaded Documents to Prevent Tampering
Opened this issue ยท 0 comments
๐ User Story
As the team lead,
I want the system to validate the integrity of the uploaded documents,
So that I can ensure they have not been tampered with or altered via photoshop etc
And prevent any fraudulent applications.
Context:
If possible we want to review the documents to ensure that they have not been tampered with. Using Google AI it is possible to check the validity of the documents
Documents uploaded are:
BC Driver's License
Notice of Assessment
Property Assessment Notice
Speculation and Vacancy Tax Confirmation
Home Owner Grant declaration
ICBC Certificate of Insurance
Home Insurance Summary
Property Tax Notice
Utility Bill
Government or Crown Corporation official notice
Other proof documents (subject to review by registry staff)
๐ Business Rules
- The system must verify that the uploaded documents have not been altered from their original state
- If the document is altered, flag it as "Document Integrity Check Failed." and change the status to Full Review
- The system must flag any documents that cannot be verified for integrity as "Unable to Verify Document Integrity" and send them for "Full Review."
- If the integrity check passes, the system will flag the application as "Document Integrity Verified."
- Flags must appear in the Automatic and Provisional Approval Logic page https://www.figma.com/design/R9GF5wvwq2TrnbnsbhPfvV/STR-Application-Tickets?node-id=4871-7178&t=WHxOpgEGyaQBoRHV-4
๐ญ Story Scenarios
Scenario 1: Uploaded document passes integrity check
Given the application is flagged as "Not PR Exempt"
And a document is uploaded by the host
When the system verifies the documentโs hash and metadata (I"m not sure if this is the right approach or not
Then the system flags the document as "Document Integrity Verified."
Scenario 2: Uploaded document fails integrity check due to tampering
Given the application is flagged as "Not PR Exempt"
And a document is uploaded by the host
When the system detects that the document has been tampered with
Then the system flags the document as "Document Integrity Check Failed"
And sends the application for "Full Review."
Scenario 3: System unable to verify document integrity
Given the application is flagged as "Not PR Exempt"
And a document is uploaded by the host
When the system is unable to verify the document's integrity (e.g., unsupported file format or corrupted file)
Then the system flags the document as "Unable to Verify Document Integrity"
And sends the application for "Full Review."
Scenario 4: Multiple documents uploaded with one failing integrity check
Given the application is flagged as "Not PR Exempt"
And multiple documents are uploaded by the host
When the system verifies all documents
And one or more documents fail the integrity check
Then the system flags those specific documents as "Document Integrity Check Failed"
And sends the application for "Full Review."
Scenario 5: Partial integrity verification (some documents verified, others not)
Given the application is flagged as "Not PR Exempt"
And multiple documents are uploaded
When some documents pass the integrity check while others cannot be verified
Then the system flags the unverifiable documents as "Unable to Verify Document Integrity"
And flags the application for "Full Review."
๐ Post-Implementation Review
- Confirm that the integrity validation mechanisms (hashing, metadata checks) are functioning correctly and flagging documents as expected.
- Review the false positive rate of integrity failures and adjust algorithms if necessary.
- Ensure that the process for manually reviewing flagged documents is efficient and effective.