---
title: "Inside the Cipher & Row Packet Scanner: How Automated Carrier Packet Verification Works"
description: "How the Cipher & Row Packet Scanner reads carrier packets, checks every field against FMCSA and Canadian registries, flags fraud, and seals a verifiable record."
author: John Nowlan
published: 2026-07-10
updated: 2026-07-10
category: Technology
canonical: https://www.cipherandrow.com/blog/cipher-row-packet-scanner-how-it-works
---

# Inside the Cipher & Row Packet Scanner: How Automated Carrier Packet Verification Works

By John Nowlan · Published 2026-07-10 · Cipher & Row Blog

Every brokered load starts with paperwork. A carrier setup packet, a rate confirmation, a certificate of insurance, a W9. The person reviewing that paperwork is usually doing it between phone calls, under time pressure, against documents that were designed to look right. That is exactly the gap freight fraud lives in. Stolen MC numbers, reincarnated carriers running under fresh authority, insurance certificates copied from another company's policy: none of it looks wrong at a glance, because looking right is the whole trick.

### Key takeaways

- The [Cipher & Row](https://www.cipherandrow.com/) Packet Scanner reads rate confirmations, setup sheets, and full carrier packets, PDF or image, one file or a batch.

- Every extracted field carries a confidence rating and a pin to the page it came from, so you can check the evidence instead of trusting a summary.

- Each field is verified against FMCSA and Canadian registry records plus fraud signals, producing one verdict with a trust score and the reasons behind it.

- Flags cover reincarnated authority, identity mismatches, re-brokering patterns, lapsed authority or insurance, and insurance policy numbers shared across carriers.

- Every reviewed scan seals into a tamper evident record with an immutable event log and a public verify link. A typical packet costs 3 credits, and the scanner ships on plans from $29 to $49 per month.

> The scanner does not ask you to trust it. Every flag points at the line that raised it, every field tells you how sure it is, and every decision you make goes on the record.

## What you can feed it

The scanner accepts the paperwork you already have: a rate confirmation, a setup sheet, or a full carrier packet, as a PDF or an image, one file at a time or in a batch. There is no template to force carriers onto first. That matters because the riskiest documents are precisely the ones that did not come through your standard onboarding flow: the packet forwarded from a load board conversation, the insurance certificate that arrived by email twenty minutes before pickup.

## Extraction you can check

First, the scanner reads the document and pulls the fields that matter: MC and DOT numbers, legal name, insurance details, contacts. Two design decisions separate this from generic document AI. Every field carries a confidence rating, and any field the engine is unsure about is marked so a human checks it before booking. And every field is pinned to the exact page and line it came from, so when something looks off you tap through to the evidence rather than rereading the whole packet. The output is grounded in the document, not a paraphrase of it.

## Checked against the registries, not just read

Extraction alone catches typos. The value is in what happens next: each extracted field is checked against the live registry record and fraud signals. The legal name on the packet is compared to the FMCSA record for that authority. For Canadian carriers, the check runs against provincial registries: Ontario's published carrier list, Quebec's safety watch list, British Columbia's bulletin, Manitoba's registry queried per lookup, with a cross border FMCSA merge when the carrier runs both sides of the border. Authority status and insurance are checked at scan time, not against a cached snapshot from onboarding season.

## The fraud checks

The scanner then looks for the patterns that make freight fraud work. We publish what the checks look for, not how they work, for the obvious reason that fraudsters read vendor blogs too. At the capability level:

Reincarnated authority: a DOT or MC that may trace back to a carrier whose authority was revoked, with the suspect predecessor named, so you are not just told there is a ghost, you are told whose. Identity mismatch: the legal name or authority on the packet does not match the registry record it claims. Re-brokering patterns: signals that the load is being brokered on behind your back, surfaced before you commit. Lapsed authority or insurance, flagged the moment you scan. Shared insurance policy numbers: the same policy number filed by another carrier recently, a sign the certificate may not be the carrier's own. And sanctions screening against OFAC, UN, and Canadian lists runs alongside the registry checks.

The result is one verdict: a 0 to 100 trust score, a PROCEED, CAUTION, or BLOCK recommendation, and the specific reasons behind it, each one pointing at the evidence that raised it.

## Decisions go on the record

A scanner that just emits warnings trains people to click past warnings. So the review step is built around dispositions: for every flag, the reviewer confirms it, acknowledges it, or clears it, with a recorded reason. Acknowledged risks stay visible on the verdict rather than disappearing. From the same screen you save the partner, put them on a watchlist, or block them. This is the part that turns a scan into a vetting decision, and it is recorded as one.

## The sealed record and the public verify link

When review is done, the scan seals. The sealed report captures the document provenance, the recorded review actions with their dispositions, and a time stamped custody timeline from upload to decision. Sealing applies a tamper evident Ed25519 signature, and the event log becomes immutable: no edits after seal. Your company's records collect in a Compliance Vault, each with its decisions, seal timestamp, and signature.

Then the part we have not seen anywhere else in this market: every sealed record carries a public verify link. Anyone you hand it to, a shipper, an auditor, an insurer, can independently confirm that the record existed at the stated time and has not been altered since, without a Cipher & Row login. The verification recomputes from the stored record itself, so it does not depend on anyone keeping the original file. To be precise about what that gives you: a verifiable record of the verification you performed. It is not legal advice, and it does not make a decision right. It makes the facts of your diligence provable.

## How this differs from the other approaches

Most tools in this market either collect documents or route around them. Onboarding platforms gather packets efficiently and check the data the carrier enters; as of July 2026, none of the major ones advertise scanning the documents themselves for signs of fraud. Highway's published position is essentially that paper cannot be trusted at all, so it verifies identity through device and source data instead, and its own blog notes that documents can be forged. We think both halves are right and incomplete: identity verification matters, and the paper still exists, still gets emailed to your team at 4:50 on a Friday, and still deserves to be read by something that checks every line. A fuller comparison of who records what is in our [carrier vetting audit trails piece](https://www.cipherandrow.com/blog/carrier-vetting-audit-trails-2026-tms-highway-descartes-cipher-row).

## What it costs

Published pricing, no demo required. The scanner and the Compliance Vault are included on dispatcher plans from $49 per month and brokerage plans from $149 per month, and carriers get scanning of broker paperwork on the $29 Verified+ plan with 60 scan credits included. A typical packet costs 3 credits. Quick single lookups, without documents, are free at [cipherandrow.com/verify](https://www.cipherandrow.com/verify) with no signup. Annual billing takes 20 percent off, and plan details are on the [pricing page](https://www.cipherandrow.com/pricing).

## What we deliberately do not publish

You will notice this article describes what the scanner catches and what you receive, not the detection internals, model prompts, or scoring weights. That is intentional. Publishing the mechanics of fraud detection is a gift to the people it detects. What we do publish is everything you need to evaluate the output: the evidence pins, the confidence ratings, the reasons on every verdict, and a sealed record you can verify independently. Judge it on those.

## Quick answers

**What file types does it accept?** PDFs and images, single files or batches: rate confirmations, setup sheets, and full carrier packets.

**Does it work for Canadian carriers?** Yes. Checks run against Ontario, Quebec, British Columbia, and Manitoba registry data as well as FMCSA, with a cross border merge for carriers operating in both countries.

**What is a sealed scan report?** A record of the scan, the review decisions, and the custody timeline, signed with a tamper evident Ed25519 signature and locked against edits after sealing.

**Can someone outside my company verify a report?** Yes. Every sealed record carries a public verify link that independently confirms the record has not changed since sealing, no account required.

## Frequently asked questions

**What documents can the Cipher & Row Packet Scanner read?**

Rate confirmations, carrier setup sheets, and full carrier packets, as PDFs or images, uploaded one at a time or in batches. There is no required template.

**How does the Packet Scanner help catch double brokering?**

It surfaces re-brokering patterns before you commit to a load, traces DOT and MC numbers that may lead back to revoked authorities with the suspect predecessor named, and flags identity mismatches between the packet and the registry record.

**Does the Packet Scanner verify Canadian carriers?**

Yes. Fields are checked against Canadian provincial registry data for Ontario, Quebec, British Columbia, and Manitoba alongside FMCSA, with a cross border merge when a carrier operates in both countries.

**What is a sealed scan report?**

The permanent record of a scan: document provenance, review decisions with recorded reasons, and a time stamped custody timeline, protected by a tamper evident Ed25519 signature and an immutable event log that accepts no edits after sealing.

**Can a third party verify a Cipher & Row scan report?**

Yes. Every sealed record includes a public verify link that anyone can use to confirm the record existed at the stated time and has not been altered, without needing a Cipher & Row account.

**How much does packet scanning cost?**

A typical packet costs 3 credits. The scanner and Compliance Vault are included on dispatcher plans from $49 per month and brokerage plans from $149 per month, and the $29 carrier plan includes 60 scan credits for checking broker paperwork.

---

Read this article in your browser: https://www.cipherandrow.com/blog/cipher-row-packet-scanner-how-it-works

Cipher & Row verifies US and Canadian carriers and brokers, monitors them for changes, and seals every vetting decision into a verifiable record. Try a free lookup, no signup: https://www.cipherandrow.com/verify
