Pre-settlement paymentverification.RankShield Financial is a verifiable, pre-settlement payment verification platform. It reduces each payment to a canonical intent — payer, payee, amount, and purpose — signs it, proves a human or an authorized AI agent approved it, and returns a released, held, or denied verdict before funds settle on an irreversible rail.
Sign, verify, seal, anchor — before settlement.
Pre-settlement verification is a pipeline, not a score. Each payment intent is signed, checked against the approving identity and any agent authority, resolved to a verdict, and anchored to a tamper-evident record — all before the money is released to an irreversible rail.
Sign
The payment intent is reduced to a canonical record and signed with post-quantum ML-DSA-65.
Verify
Signature, identity, liveness and agent authority are checked against the granted mandate.
Seal
A release or hold decision is produced with a signed, independently verifiable attestation.
Anchor
The decision is sealed to a tamper-evident record on the RankShield Network — before settlement.
Why do irreversible rails demand verification before release?
Because on an irreversible rail there is nothing to claw back. Real-time and tokenized payments — RTP, FedNow, stablecoins, tokenized deposits — settle with finality in seconds. A scammer, a deepfaked executive, or a hijacked AI agent only has to be believed once, and the money is gone. Fraud tools built for card networks score a transaction and often evaluate it after authorization, which assumes a chargeback window that these rails do not have. Pre-settlement verification moves the decision to the only place it can still change the outcome: before the payment is released. RankShield reduces each payment to a canonical intent, signs it, and returns a released, held, or denied verdict at that moment. If the proof of authorization is missing or fails, the payment is held instead of settled — the difference between stopping fraud and documenting it.
A settled payment that can't be recalled
On RTP or FedNow, a released payment is final in seconds. Once it settles, no dispute, reversal, or chargeback exists to recover it — recovery becomes a legal problem, not a payments one.
An authorization no one can actually check
A conventional tool returns a risk score and moves on. When the payment is later disputed, there is a probability, not a record of who approved this exact payment.
What does the released, held, or denied verdict mean?
Pre-settlement verification returns a decision, not a score. Every payment intent resolves to exactly one of three states, and each is recorded with a signed reason.
The point of three states rather than a single fraud score is that a held payment is recoverable — it can be reviewed and released or denied — while a settled fraudulent payment is not. RankShield defaults to holding when proof is absent, so the burden is on the payment to demonstrate it was authorized, not on the victim to demonstrate it wasn't.
How is the intent signed and bound to payer, payee, amount, and purpose?
Verification is only meaningful if it covers the exact payment. RankShield binds the fields that define it, so the attestation cannot be reused for a different transaction.
Each payment is reduced to a canonical record that fixes the rail, payer, payee, amount, and purpose in a fixed order, then signed with composite ML-DSA-65 — the NIST FIPS 204 post-quantum signature — hybridized with a classical signature. The signature covers all of those fields at once. Change the amount, swap the payee, or alter the purpose and the digest changes, so the seal no longer verifies. That is what binds the attestation to this specific payment: it proves that this payer, paying this payee, this amount, for this purpose, was approved by a specific identity — not that some payment, somewhere, was fine. An attestation captured for a $48,500 invoice cannot be replayed against a $96,000 wire, because they produce different digests.
How does verification handle a payment approved by an AI agent?
Pre-settlement verification treats an authorized AI agent as a first-class signer, not a trusted script. Each agent has a signed identity and a constitution — an explicit set of bounds on what it may approve — and every agent-initiated intent is checked against it before a verdict is returned. The constitution fixes the maximum per-transaction value, the maximum rolling aggregate over a defined window, the allowed counterparties, the allowed purposes, and an expiry after which the authority lapses. It also carries a dead-man’s-switch heartbeat: if the agent goes silent or is hijacked, its payments are refused rather than released, so a captured agent cannot keep spending. An intent that stays inside every bound can be released; one that exceeds any of them is held or denied, with the specific violated rule recorded in the attestation. This is the same released, held, or denied model applied to non-human approvers, so an agent paying a supplier is held to a signed mandate rather than an assumption that it is behaving.
Which rails does pre-settlement verification cover?
Pre-settlement verification covers six rails by normalizing all of them into one canonical intent before signing. RTP and FedNow are ISO 20022 instant bank rails; stablecoin, tokenized deposit, and CBDC are tokenized value; on-chain settlement is EVM-style. Whatever the rail, RankShield reduces the payment to the same fixed-order record — rail, payer, payee, amount, purpose — so the released, held, or denied model applies identically wherever value moves. That matters because the alternative is re-implementing fraud controls separately for each rail and hoping they agree. Here, the intent is verified once, at the authorization step, and the same signed verdict covers an instant bank payment and a tokenized or on-chain settlement alike. As new rails come online, they normalize into the same canonical intent rather than requiring a new gate. The rail is a field in the record, not a separate product.
Can you verify the attestation without trusting us?
Yes. Anyone can claim a payment was approved — RankShield lets you check it. The intent below is reduced to the same canonical record used in the platform and hashed in your own browser. Sign and attest it, then change a single field and verify: the digest shifts and the match fails, exactly as it would hold a real payment. Nothing here is faked.
How does RankShield reconcile against what actually settled?
A gate at the front isn't enough if the rail can be bypassed or the amount changed after release. RankShield checks the verdict against a signed settlement receipt.
After a payment is released, an enrolled settlement oracle returns a signed receipt for what settled. RankShield compares that receipt against the attested intent and resolves it to one of three states. Settled_as_attested means the receipt matches the released intent exactly. Divergence means the settled amount or details differ from what was attested — the classic after-release amount change. Unauthorized_settlement means a payment settled with no matching attestation at all, catching a rail that was bypassed entirely. Because the receipt is signed by an enrolled identity, the reconciliation is itself verifiable rather than a trust-me report. This closes the loop between what was authorized and what happened, so verification is a two-sided check, not a one-time gate.
Where does pre-settlement verification sit in your stack?
RankShield sits in the authorization path, not the custody path. It is not a wallet, custodian, or payment processor, and it never takes custody of funds. It is a verification and attestation layer that returns a released, held, or denied verdict — and a signed record of why — which your bank, processor, or settlement system enforces on its own rails. Your existing infrastructure moves the money; RankShield proves the payment was meant to happen. Because it normalizes RTP, FedNow, stablecoin, tokenized-deposit, CBDC, and on-chain transfers into one canonical intent, the same verification applies wherever value moves, so you are not re-implementing controls per rail. The output is evidence — signed attestations and reconciliation records — that produces evidence to support compliance, rather than replacing your payment systems.
Authorization path
RankShield issues a released, held, or denied decision and a signed record of why — it does not hold or move funds.
Your rails settle
Your bank, processor, or settlement system enforces the verdict on its own rails. RankShield never becomes the money-movement layer.
Evidence out
Signed attestations and reconciliation records produce evidence to support compliance — not a compliance guarantee.
How is a verified verdict different from a fraud score?
A fraud score is a probability produced by a model; a verified verdict is a cryptographically checkable decision bound to the exact payment. Some fraud platforms do claim pre-settlement timing, so timing alone is not the difference. What we are not aware of another platform combining is verifiable cryptographic proof, identity binding of the actual approver, in-channel liveness, and quantum-safe signing in one pre-settlement gate.
Pre-settlement payment verification — questions, answered.
What is pre-settlement payment verification?
What do the released, held, and denied verdicts mean?
How is a payment intent signed and bound?
How does settlement reconciliation work?
Does RankShield Financial hold or move my money?
Is it quantum-safe?
How does this handle a payment from an AI agent?
Which rails does pre-settlement verification cover?
See your payments verified before they settle.
RankShield Financial is rolling out with design partners on instant and tokenized rails. Request access and we’ll map it to your settlement flow.