Request access
RankShield Network · Financial

Business transaction verificationbefore the payment is final.RankShield Financial is a verifiable, pre-settlement platform for business transaction verification. It checks every transaction a company makes or processes — vendor and payroll payments, payouts, inter-company transfers, high-value customer moves — proves a human or an authorized AI agent approved it, and releases or holds it before settlement, without taking custody of funds.

ml-dsa-65 signedno custody of fundsagent-aware
RankShield Network · pre-settlement ledger
RTP $48,500 invoice · acct ••42anchored ✓
AGENT $1,200 ap_7f3 · vendoranchored ✓
WIRE $96,000 “CEO” call · livenessheld · deepfake
FEDNOW $7,310 payroll · acct ••08anchored ✓
USDC 500.00 0x9f…c1 → 0x2a…7eanchored ✓
AGENT $9,900 ap_1c8 · over-limitheld · authority
verified BEFORE settlementml-dsa-65 · anchored
01 // The transactions a business makes
Why now

Why do the transactions a business makes need verification before they settle?

They need verification before settlement because a business now sends and processes money on rails that do not reverse, and a wrong or manipulated payment is final in seconds. Accounts-payable runs, payroll, treasury moves, payouts, and inter-company transfers are exactly the payments a business-email-compromise scam, an altered vendor bank detail, or a hijacked payment agent targets, because they are large, routine, and often approved under time pressure. Once a real-time or on-chain transfer settles, there is nothing to claw back. Verifying the intent of each transaction before it is final — confirming the payee, amount, purpose, and the human or agent behind it — turns that irreversible moment into a checkpoint rather than a point of no return. The live ledger here shows intents arriving and resolving to a released, held, or denied verdict pre-settlement, which is the decision point RankShield inserts into a business’s own payment flow.

RankShield Network · pre-settlement ledger
RTP $48,500 invoice · acct ••42anchored ✓
AGENT $1,200 ap_7f3 · vendoranchored ✓
WIRE $96,000 “CEO” call · livenessheld · deepfake
FEDNOW $7,310 payroll · acct ••08anchored ✓
USDC 500.00 0x9f…c1 → 0x2a…7eanchored ✓
AGENT $9,900 ap_1c8 · over-limitheld · authority
verified BEFORE settlementml-dsa-65 · anchored
02 // Every outbound and internal move
Coverage

Which business transactions does RankShield Financial verify?

It verifies the full range of money a business moves and processes: outbound accounts-payable and vendor payments, payroll runs, treasury transfers, payouts and disbursements to customers or partners, inter-company transfers between legal entities, and high-value customer transactions. Each of these is reduced to one canonical intent — the same payer, payee, amount, and purpose model — so a single released, held, or denied verdict applies no matter how the money leaves. Because verification is rail-agnostic, a treasury team gets that one verdict model across RTP, FedNow, stablecoin, tokenized-deposit, CBDC, and on-chain rails, instead of a different control for each. The point is coverage without fragmentation: the outbound payment that funds a vendor, the internal sweep between subsidiaries, and the large payout to a partner all pass through the same signed, verifiable checkpoint before they are final, and all leave the same kind of evidence behind.

Accounts payable

vendor · supplier

Vendor and supplier payments are verified against what was approved before they settle, so an altered bank detail or a fake invoice is held, not paid.

Payroll and treasury

runs · sweeps

Payroll runs and treasury sweeps carry high value on a schedule; each is checked for intent and approver before an irreversible transfer is released.

Payouts and disbursements

customers · partners

Outbound payouts to customers and partners are verified one intent at a time, so a compromised payout instruction is held before value moves.

Inter-company and high-value

entities · large transfers

Transfers between subsidiaries and large customer transactions are the highest-value targets; verification and a signed record apply to every one.

03 // In the authorization path
Where verification sits

How does verification sit in a business’s payment flow?

It sits as a check inside the business’s own authorization path, between the payment request and settlement, without taking custody of funds. When a transaction is initiated — from an ERP, an accounts-payable system, a treasury workstation, or an AI agent — RankShield Financial reduces it to a canonical intent record, signs it, confirms a real human or an authorized agent approved it, and returns a released, held, or denied verdict before the payment reaches the rail. Released transactions continue to settle on your existing flow untouched; held transactions route back to a human or a stricter quorum; denied transactions never leave. RankShield is not a processor and never moves the money — your banks and rails still do that. Because the checkpoint is structural and cryptographic rather than a downstream review, the safe default is to stop a payment that fails, not to chase it after the fact. That is the difference between a gate and an alert.

How agent payments are governed
Released
The intent matches what was approved and settles on your existing rail untouched.
Held
A failed intent, identity, or liveness check holds the payment before finality for review.
Denied
An out-of-authority or unverifiable transaction never leaves the authorization path.
04 // Sign, verify, seal, anchor
The verification pipeline

What happens between approval and settlement?

Between approval and settlement, each transaction moves through a fixed pipeline that resolves before value can move. The intent is reduced to a canonical record and signed with post-quantum ML-DSA-65. Its signature, the approver’s identity, any liveness challenge, and — for agent payments — the agent’s granted authority are verified against what was actually approved. Only then is the transaction released, held, or denied. The verdict and its reasons are sealed to a tamper-evident record and anchored on the RankShield Network, so the decision is independently verifiable after the fact. Nothing in this pipeline holds balances; it holds commitments and verdicts. For a finance team, that means a signed account of why every business payment was allowed or stopped, produced at the moment of decision rather than reconstructed from logs later. Change one field of a sealed intent and the signature breaks, which is what makes the record tamper-evident rather than merely stored.

01

Sign

The payment intent is reduced to a canonical record and signed with post-quantum ML-DSA-65.

02

Verify

Signature, identity, liveness and agent authority are checked against the granted mandate.

03

Seal

A release or hold decision is produced with a signed, independently verifiable attestation.

04

Anchor

The decision is sealed to a tamper-evident record on the RankShield Network — before settlement.

05 // Protecting outbound payments
Vendor and BEC fraud

How does it protect against vendor fraud and business-email compromise?

It protects against vendor fraud and business-email compromise by verifying the intent and the approver of an outbound payment before an irreversible transfer settles, which is exactly where these scams do their damage. In a BEC or altered-invoice attack, someone with apparent authority instructs a real payment to a fraudster’s account, so defenses that look for account takeover miss it. RankShield Financial checks that the payment intent matches what was actually approved and, where a business enrolls it, that a live human is present through a signed liveness challenge in the business’s own verified channel. A payment that fails these checks is held rather than released. This is a structural gate at the approval step, not a fraud score reviewed after the money is already gone.

The altered vendor detail

A supplier’s bank account is quietly changed

An attacker compromises a vendor mailbox and sends a routine update changing the payout account. The next accounts-payable run pays a large invoice straight to the fraudster.

RankShield: verifies the intent against what was approved before release; a mismatch holds the payment pre-settlement rather than clawing it back after.
Held, not chased
A failed intent or liveness check holds the payment before finality — the safe default is to stop, not to pay.
06 // No PII on the ledger
What we never hold

How does business and account data stay private?

Business and account data stays private because RankShield Financial verifies transactions without ever storing account numbers or PII. Account references are HMAC-keyed and de-identified under a secret pepper that is preimage-resistant, then stored as nonce-bound commitments, so the same account looks different on every transaction and is unlinkable to an outside observer, openable only with the key. The ledger holds commitments and verdicts, not account details. Signing keys live in an HSM, and releasing any payment requires an M-of-N quorum, so no single key — and no single insider — can move value. Being honest about the primitive: these are salted commitments, a zero-knowledge building block, not full zk-SNARK proofs. For a business, this means participating in verifiable transaction checks without handing a third party the vendor, payroll, and customer data it would otherwise have to protect.

No PII stored
the ledger holds commitments and verdicts, not account numbers
Unlinkable
the same account looks different on every transaction
HSM · M-of-N
keys never leave hardware; no single key releases a payment
Quantum-safe
ml-dsa-65 signing, crypto-agile — quantum-safe by construction
07 // Evidence for finance and audit
Signed evidence

What evidence does this produce for finance, audit, and disputes?

It produces a signed, tamper-evident record of every released, held, or denied verdict, anchored on the RankShield Network, that finance and audit teams can present as evidence of pre-settlement verification. To be precise: RankShield produces evidence to support compliance and audit — it does not make you compliant, and the determination stays with your program. Because each record is cryptographically signed and independently verifiable, an auditor or a counterparty is not asked to trust an internal log; the artifact can be checked on its own. In a dispute over whether a payment was authorized, that record shows exactly what intent was approved, by which human or agent, and when it was released or held. That turns an internal control narrative into demonstrable, per-transaction proof — evidence produced at the moment of decision rather than reconstructed under pressure later.

CapabilityLog-and-review approachRankShield-verified business
TimingReviewed after settlementVerdict before settlement
Approver identityAssumed from a session or emailSigned human or authorized agent
Agent paymentsNot modeledSigned identity + spend governance
Data heldAccount numbers and PIIDe-identified commitments, no PII
SigningClassical or noneml-dsa-65, quantum-safe by construction
Audit evidenceInternal logs to trustSigned, independently verifiable record
08 // Check the proof yourself
The proof

How is a verifiable verdict different from a fraud score?

A verifiable verdict is different because a fraud score is a probability produced alongside or after the payment, while RankShield Financial produces a cryptographically verifiable, identity-bound verdict before settlement. Some platforms do act pre-settlement, so timing alone is not the whole story. What we are not aware of another platform combining is verifiable cryptographic proof, identity binding of the actual approver, in-channel liveness, and quantum-safe signing in one pre-settlement gate. A score tells you a transaction looked risky; a signed attestation binds this exact payer, payee, amount, and purpose so anyone who needs to can independently confirm it was approved by this principal. Change one field and the seal breaks. Recompute the digest yourself in the panel here — nothing is faked, which is the whole point of a verifiable model over a black-box score.

Attestation verifier · run it yourself
canonical: rs-fin-intent-v1|rail=RTP|payer=acct-04f2|payee=acct-1180|amount=4850000|purpose=invoice-2261|nonce=e2e-7c19a3
09 // Attestation vs scoring
A different category

Why is verifiable attestation the right model for business payments?

Verifiable attestation is the right model for business payments because the transactions a company makes are large, routine, and increasingly irreversible, so the cost of a wrong answer cannot be reversed. Merchant fraud platforms such as Accertify are built for card and e-commerce commerce, optimized for probabilistic real-time scoring and post-hoc chargeback and dispute workflows — a valuable job, but a different one. Accertify was carved out of American Express to Accel-KKR in May 2024 and serves a large share of major retailers on that scoring-and-chargeback model. RankShield sits in a different category: verifiable cryptographic proof of what was authorized, before irreversible settlement, plus quantum-safe signing, agent governance, and rail-agnostic coverage. For outbound AP, payroll, treasury, and inter-company transfers, a signed verdict you can hand to an auditor is worth more than a better score you have to trust. That is the category RankShield Financial is defining and leading.

RankShield vs Accertify, honestly compared
FAQ

Business transaction verification — questions, answered.

What is business transaction verification with RankShield Financial?
It is a pre-settlement layer that verifies each transaction a business makes or processes before it becomes final. RankShield Financial reduces the transaction to a canonical intent record — payer, payee, amount, purpose — confirms a real human or an authorized AI agent approved it, and returns a released, held, or denied verdict. It never takes custody of funds. The verdict and its reasons are signed and sealed to a tamper-evident record, so finance, audit, and dispute teams keep independently verifiable proof of exactly what was authorized.
Which business transactions can it verify?
It verifies outbound and internal money movement: accounts-payable and vendor payments, payroll runs, treasury moves, payouts and disbursements to customers or partners, inter-company transfers between entities, and high-value customer transactions. Each is normalized into one canonical intent, so the same released, held, or denied model applies whether the payment leaves on RTP, FedNow, a stablecoin, a tokenized deposit, a CBDC, or on-chain. The verification is rail-agnostic, so a treasury team gets one verdict model across every rail its business actually uses.
How is this different from a fraud score on a business payment?
A fraud score is a probability produced alongside or after the payment; RankShield produces a cryptographically verifiable, identity-bound verdict before settlement. Some platforms do act pre-settlement, so timing alone is not the whole story. We are not aware of another platform that combines verifiable cryptographic proof, identity binding of the actual approver, in-channel liveness, and quantum-safe signing in one pre-settlement gate. A score says a payment looked risky; a signed verdict lets an auditor independently confirm this exact transaction was approved by this principal.
Does RankShield take custody of the money we move?
Never. RankShield Financial is a verification and attestation layer, not a wallet, custodian, or payment processor. It sits in your authorization path and returns a verdict; your existing rails, banks, and treasury systems still move the money. No balances pass through RankShield, and account references are stored only as de-identified commitments rather than account numbers, so there is nothing there to custody, expose, or breach.
How does it govern AI agents that make payments for the business?
Each AI payment agent carries a signed identity and a constitution: a maximum per transaction, a rolling aggregate limit over a window, allowed counterparties, allowed purposes, an expiry, and a dead-man’s-switch heartbeat. Before any agent-initiated transaction settles, RankShield checks the intent falls inside that authority and the agent is still alive. An agent that exceeds a limit, pays an un-permitted counterparty, or goes silent has its payments held automatically, so a hijacked or drifting agent cannot drain an account one under-threshold payment at a time.
What evidence does it produce for finance, audit, and disputes?
For every transaction it produces a signed, tamper-evident record of the released, held, or denied verdict and its reasons, anchored on the RankShield Network. Because each record is cryptographically signed and independently verifiable, an auditor or counterparty does not have to trust an internal log; the artifact can be checked on its own. This produces evidence to support compliance and audit; it does not make you compliant, and the determination stays with your program. In a dispute, you can show exactly what was authorized, by whom, and when.
What signing protects the transaction records, and is it quantum-safe?
Every intent is signed with composite ML-DSA-65 from NIST FIPS 204, hybridized with a classical signature, in a crypto-agile design that can rotate to ML-DSA-87 or SLH-DSA. Transport uses hybrid post-quantum TLS where available. This is quantum-safe by construction, not quantum-proof: a cryptographically relevant quantum computer does not exist yet, but harvest-now-decrypt-later collection is a present risk, so a signed authorization record made today is built to the current post-quantum standard rather than a classical one that could be broken later.
How does our transaction data stay private on the ledger?
Account references are HMAC-keyed and de-identified under a secret pepper, then stored as nonce-bound commitments, so the same account looks different on every transaction and is unlinkable to an observer, openable only with the key. The ledger holds commitments and verdicts, not account numbers, so it carries no PII. Signing keys live in an HSM, and releasing a payment requires an M-of-N quorum, so no single key or insider moves value alone. Honestly stated, these are salted commitments, a zero-knowledge primitive, not full zk-SNARK proofs.
Is business transaction verification available to deploy today?
The backend is built and proven, and the product is rolling out with design partners; there is no live rail integration yet. So the honest answer is that a business can request access to join the design-partner program rather than buy an off-the-shelf integration. During that engagement we map the released, held, and denied model to your accounts-payable, payout, treasury, and inter-company flows, and to the evidence your finance and audit teams require.
Verify, then settle

Verify every business transaction before it is final.

RankShield Financial is rolling out business transaction verification with design partners across AP, payroll, treasury, payouts, and inter-company transfers. Request access and we’ll map the released, held, and denied model to your payment flow.

Request accessPre-settlement verification