Request access
RankShield Network · Financial

Rail-agnostic payment securityfor every instant rail at once.RankShield Financial delivers rail-agnostic payment security across instant payment rails — RTP, FedNow, stablecoin, tokenized deposit, CBDC, and on-chain. It normalizes each rail into one canonical intent, then runs a single pre-settlement verification, so the same proof protects money on whichever rail it moves.

six railsone canonical intentISO 20022 · EVM-style
rail normalizer · native → canonical intent
# native RTP instruction
debtor: acct-04f2
creditor: acct-1180
amount: 48500.00
ccy: USD
e2e: e2e-7c19a3
↓ normalize + de-identify
rs-fin-intent-v1|rail=rtp|amount_minor=4850000|payer=<commit>|payee=<commit>
digest
one canonical intent, one signature path — whichever rail the money moves on.
01 // Fragmenting rails
Why it matters

What does rail-agnostic mean, and why does it matter?

Rail-agnostic means the verification doesn’t care which network moves the money — it applies the same way to every rail. That matters because money movement is fragmenting: instant account-to-account rails, stablecoins, tokenized deposits, CBDCs, and raw on-chain transfers are all growing at once, and no one can name today which one dominates tomorrow. What is clear is the shape of the future rail — instant, irreversible, and tokenized. So the durable bet is on rail properties, not on a single ticker. A verification layer wired to one rail breaks the moment value shifts; a rail-agnostic one absorbs the shift and keeps protecting the payment wherever it lands. RankShield answers that by reducing every rail to one canonical intent, so a treasury team that runs RTP today and adds stablecoin settlement next year does not re-integrate a fraud control — the same signed check simply follows the money onto the new rail.

How pre-settlement verification works
6 rails
RTP, FedNow, stablecoin, tokenized deposit, CBDC, on-chain — one verification across all.
Properties
Bet on instant + irreversible + tokenized, not on which rail wins the race.
Final
Every covered rail settles with finality — the reason verification must precede release.
02 // One canonical intent
The canonical record

What is a canonical intent, and how does one form?

A canonical intent is the single normalized record every rail collapses into before RankShield verifies or signs anything. Whatever native message a rail speaks, RankShield extracts the same five fields — payer, payee, amount in minor units, purpose, and rail — and assembles them into one deterministic record. That record is hashed into a single digest, and the digest is what gets signed and sealed. The point of collapsing to a canonical intent is that verification stops being a per-network problem: instead of writing a distinct fraud rule for ISO 20022 pain.001 messages and a separate one for an EVM calldata transfer, you write one release decision that runs against the canonical intent. The normalizer to the right shows a native instruction from each rail being reduced to exactly this record, so you can watch six very different formats resolve to one digest that a single signature covers.

rail normalizer · native → canonical intent
# native RTP instruction
debtor: acct-04f2
creditor: acct-1180
amount: 48500.00
ccy: USD
e2e: e2e-7c19a3
↓ normalize + de-identify
rs-fin-intent-v1|rail=rtp|amount_minor=4850000|payer=<commit>|payee=<commit>
digest
one canonical intent, one signature path — whichever rail the money moves on.
03 // Rail coverage
Rail coverage

How does each rail normalize into one canonical intent?

Each rail speaks a different native format. RankShield parses all of them into the same canonical record — payer, payee, amount, purpose — so a single signature and pre-settlement decision covers every one. RTP and FedNow arrive as ISO 20022 instant messages, expressing value in a currency’s minor unit; on-chain and stablecoin transfers arrive as EVM-style instructions denominated to 18 decimals. RankShield converts both into one canonical integer amount so the digest is exact regardless of the rail’s native precision. Pick a rail in the normalizer above to watch a native instruction collapse into one canonical intent and digest.

RTPFedNowStablecoinTokenized depositCBDCOn-chain
RailNative formatAmount modelKey property
RTPISO 20022 instant messageMinor units (cents)Instant · irreversible
FedNowISO 20022 instant messageMinor units (cents)Instant · irreversible
StablecoinEVM-style token transfer18-decimal base unitsTokenized · final
Tokenized depositBank-issued token recordIssuer-defined unitsTokenized · settles fast
CBDCCentral-bank wallet transferMinor unitsInstant · tokenized
On-chainEVM-style native transfer18-decimal base unitsIrreversible · final

All six collapse to one canonical intent and a single digest — one signature path, whichever rail moves the money.

04 // Two message worlds
ISO 20022 and EVM

How do ISO 20022 instant rails and EVM-style rails differ under the hood?

They differ in almost everything except the property that matters: finality. RTP and FedNow are ISO 20022 instant-payment rails — structured XML-style messages that carry rich, typed fields for debtor, creditor, remittance information, and a currency amount in minor units, cleared account-to-account in seconds. EVM-style rails — stablecoins and raw on-chain transfers — carry value as a token transfer in base units at 18 decimals, addressed to a wallet rather than an account, with the instruction encoded as calldata rather than a business message. One is a bank-network message; the other is a blockchain transaction. RankShield does not try to make a bank pick a side. It parses the debtor, creditor, amount, and purpose out of the ISO 20022 message and the from, to, value, and purpose out of the EVM instruction, then writes both into the identical canonical intent. From the verification layer’s point of view the two worlds are the same record, which is precisely why one signed decision can govern both.

ISO 20022 rails

RTP · FedNow · CBDC

Structured instant-payment messages with typed debtor, creditor, and amount fields in a currency’s minor unit, cleared account-to-account in seconds.

EVM-style rails

stablecoin · on-chain

Token transfers addressed to wallets, value carried in 18-decimal base units, the instruction encoded as calldata rather than a business message.

One canonical intent

both worlds, one record

Payer, payee, canonical amount, purpose, rail — extracted from either world and written into the identical record, hashed to one digest.

One signed decision

rail-agnostic verdict

The released, held, or denied verdict runs against the canonical intent, so the same signature governs an ISO 20022 message and an EVM transfer alike.

05 // Finality is the through-line
The through-line

Why is finality the through-line across every rail?

Finality is the single property every rail here shares — and the reason rail-agnostic verification exists. Instant, irreversible settlement means value clears in seconds with no reversal and no chargeback. That is what makes these rails useful for real commerce and unforgiving when a payment is fraudulent. Because the money can’t be recalled, the only effective control is one that acts before release. RankShield’s canonical-intent model turns that shared finality into a single advantage: verify once, before settlement, across all six rails. A fraud program tuned to the clawback windows of card and batch ACH simply has no equivalent lever here — there is no chargeback to file and no next-day reversal to request. Pre-settlement verification is not a nice-to-have on these rails; it is the only place a control can still change the outcome.

Instant

clears in seconds

RTP, FedNow, CBDC and on-chain transfers settle in seconds. Speed is the feature — and the reason there’s no time to review after the fact.

Irreversible

no chargeback

Once settled, there is nothing to claw back. A control that scores risk after authorization arrives too late on these rails.

Tokenized

programmable value

Stablecoins, tokenized deposits and CBDCs move value as tokens. The form changes; the need to verify intent before release does not.

One intent

canonical everywhere

Every native format reduces to one canonical intent and digest — so a single verification and signature covers the whole rail landscape.

06 // Reconcile the outcome
Closing the loop

How does RankShield confirm a released payment settled as attested?

It closes the loop with a settlement oracle that reports back what actually cleared, so a released verdict is not the end of the story. After RankShield releases a canonical intent, an enrolled settlement oracle returns a signed receipt for the transaction, and RankShield reconciles that receipt against the intent it signed. The reconciliation resolves to one of three states: settled as attested, when the on-rail outcome matches the signed intent; divergence, when the amount, payee, or rail differs from what was approved; or unauthorized settlement, when value moved without a matching released intent at all. Because the check compares a signed intent against a signed receipt, it catches a payment that bypassed the gate and a payment that settled for the wrong amount — the two failure modes that a pre-settlement verdict alone cannot see. On final rails, that after-settlement confirmation is how a bank proves the outcome matched the decision, not just that a decision was made.

settled_as_attested
The on-rail receipt matches the signed canonical intent — outcome equals decision.
divergence
Amount, payee, or rail differs from what was approved — flagged for review.
unauthorized_settlement
Value moved with no matching released intent — a bypass of the gate is caught.
07 // Per-rail detail
Go deeper per rail

Where can you go deeper on a specific rail?

Each rail carries its own fraud pattern, message format, and settlement behavior, so RankShield keeps a dedicated page for the ones customers ask about most. RTP and FedNow are the two ISO 20022 instant account-to-account rails in the US, and their pre-settlement fraud problem centers on authorized-push-payment scams that push irreversible value in seconds. Stablecoin and on-chain settlement are the EVM-style rails, where verification has to bind an intent to a wallet transfer and confirm the on-chain outcome against what was signed. Tokenized deposits sit between the two worlds — bank-issued tokens that settle fast but originate inside a regulated institution. Use the links below to read how the canonical-intent model and the released, held, or denied verdict apply to each rail specifically, then come back here for the property-level view that ties them together.

08 // One integration
Why one path wins

Why is one verification path better than a control per rail?

One verification path is better because it removes the tax that fragmentation imposes on every rail-specific control you would otherwise maintain. If verification is wired directly to a rail, adding a new rail means building, testing, and certifying a new fraud integration — and every rail you add multiplies the surfaces your security team has to reason about. RankShield collapses that to a single canonical intent, so onboarding a new rail is a normalization mapping, not a new fraud stack. The release decision, the ML-DSA-65 signing, the de-identified data handling, and the settlement reconciliation are written once and reused across all six rails. For a fintech or PSP adding stablecoin settlement alongside existing RTP volume, that means the same signed, quantum-safe verdict governs the new rail on day one, with the same evidence trail your compliance team already understands — instead of a second, unfamiliar control to audit.

How the signing stays quantum-safe across rails
09 // Honest status
Honest status

Rolling out with design partners.

The canonical-intent model and the verification are real and proven, but there is no live production rail hookup yet — real-rail integration is rolling out with design partners. That is the honest picture. If you run payments on RTP, FedNow, stablecoins, tokenized deposits, CBDC, or on-chain, request access and we’ll map the normalization to your settlement flow as integration lands.

Built
canonical-intent model and verification are proven
No live hookup
real-rail integration is not yet connected in production
Design partners
rolling out alongside partners on instant + tokenized rails
Quantum-safe
every intent signed with composite ML-DSA-65, by construction
FAQ

Rail-agnostic payment security — questions, answered.

What is rail-agnostic payment security?
Rail-agnostic payment security is verification that applies the same way no matter which rail moves the money. RankShield Financial normalizes each rail — RTP, FedNow, stablecoin, tokenized deposit, CBDC, and on-chain — into one canonical payment intent, then runs a single pre-settlement check against it. Instead of a control wired to one network, the same signed verification protects value everywhere it moves, so the protection survives when your traffic shifts to a new rail.
Which payment rails does RankShield cover?
Six: RTP and FedNow (instant account-to-account rails carried as ISO 20022 messages), stablecoin and on-chain transfers (EVM-style value movement), tokenized deposits, and CBDC. Each rail speaks a different native format, and RankShield reduces all of them to one canonical intent — payer, payee, amount, purpose — so a single verification and signing path covers every rail rather than a separate integration per network.
Why bet on rail properties instead of one rail?
Because no one can name today which rail wins tomorrow, but the properties of the winning rail are already clear: it will be instant, irreversible, and tokenized. Money is fragmenting across networks, and a control tied to a single ticker breaks the moment volume moves. RankShield bets on those durable properties — finality and tokenization — not on a specific rail, so the verification layer holds as the mix keeps shifting.
How do different rails normalize into one canonical intent?
Each rail is parsed from its native format into a shared canonical record: payer, payee, amount in minor units, purpose, and rail. RTP and FedNow arrive as ISO 20022 instant-payment messages; on-chain and stablecoin transfers arrive as EVM-style instructions denominated to 18 decimals. Whatever the source, the fields collapse to one canonical intent and a single digest, so the same signature and pre-settlement release decision apply identically across all six rails.
How does RankShield handle amount precision across rails?
Amounts are normalized to integer minor units so no rail carries floating-point rounding into the signed record. ISO 20022 rails such as RTP and FedNow express value in the currency’s minor unit — cents for USD — while EVM-style on-chain and stablecoin transfers express value in wei-style base units at 18 decimals. RankShield converts each into a single canonical integer amount before signing, so the digest is exact and reconciliation can compare what settled against what was attested down to the smallest unit.
Is RankShield live on these rails today?
Not with live production hookups. The backend is built and proven, and real-rail integration is rolling out with design partners — there is no live rail connection yet. That is the honest status: the canonical-intent model and verification are real, and we are wiring them to live rails alongside partners. If you run payments on any of these rails, request access and we will map the normalization to your settlement flow.
Why is finality the through-line across all rails?
Finality is what makes these rails valuable and dangerous at once. Instant, irreversible settlement means value clears in seconds with no chargeback — great for legitimate payments, unforgiving for fraud. Every rail RankShield covers shares that property, which is exactly why verification has to happen before release rather than after. Finality is the reason a pre-settlement, rail-agnostic check exists at all.
How does a settlement oracle confirm the payment landed as attested?
After a payment is released, an enrolled settlement oracle returns a signed receipt for the transaction and RankShield reconciles it against the canonical intent. The receipt resolves to one of three states: settled as attested, divergence, or unauthorized settlement. Because the reconciliation compares the signed intent — payer, payee, canonical amount, rail — against what actually cleared, it catches a payment that bypassed the gate or that settled for a different amount than was approved, closing the loop between the pre-settlement verdict and the on-rail outcome.
Does the same quantum-safe signing cover every rail?
Yes. The canonical intent is signed once with composite ML-DSA-65 under NIST FIPS 204, hybridized with a classical signature and crypto-agile so the scheme can rotate to ML-DSA-87 or SLH-DSA over time. Because all six rails collapse to one canonical record before signing, the same quantum-safe signature protects an RTP message and an on-chain transfer identically. It is quantum-safe by construction, not quantum-proof: a cryptographically relevant quantum computer does not exist yet, but harvest-now-decrypt-later collection is a present risk the signing is built against today.
Verify, then settle

See your payments verified before they settle.

RankShield Financial is rolling out with design partners on instant and tokenized rails. Request access and we’ll map it to your settlement flow.

Request accessHow it works