High-risk payment identified
Your rules flag a payment that needs mutual authorization (first vendor, bank change, high value, rush, etc.).
CAST adds a mutual authorization step before payments are released. Vendors confirm exact details via a secure link. This creates a clear, verifiable record for both sides.
# Vendor confirms via passkey — the bilateral pivot
{
"event": "bilateral.confirmed",
"work_order": "wo_8fa2c1",
"payload_hash": "3a9f…e21b",
"signature": {
"method": "webauthn-p256",
"bound_to": "payload_hash",
"signer": "agent_riverdale"
},
"policy_version": "POL-v4.2",
"lineage_hash": "7c0d…b48a"
}
→ Posting blocked until signature verifies.
→ Posting carries lineage to this event. Forever.
Your team approves an invoice internally. The vendor only learns the final details when — or if — the money arrives.
This gap creates risk because the vendor has no formal role to confirm details before funds leave. Attackers can change bank details or submit fake invoices without the real vendor knowing. Rush payments and high-value transfers increase exposure — urgency leads teams to skip checks exactly when the stakes are highest.
The AP instantiation — Confirm & Pay — walks one invoice through the loop. Steps 1–5 are the entire prototype. The cryptographic chain is the product; the screens are its packaging.
Your rules flag a payment that needs mutual authorization (first vendor, bank change, high value, rush, etc.).
The vendor receives a simple browser link showing the amount, invoice, date, and bank details. No login or app required.
The vendor reviews and authorizes the payment details (or requests a change / disputes). This creates the binding authorization record.
The pivotOnly after mutual authorization does the payment release. A clear, verifiable record is created automatically.
Append-only by design. Mutual authorization is enforced before any high-risk posting. This creates verifiable proof without added complexity.
An immutable record of something that happened. Proposed events come from one side; mutual authorization events require confirmation from both parties.
A versioned, immutable rule set. Pinned to every event at the time it is processed. It governs triggers, auto-approve conditions, and how exceptions are handled.
The container that holds the full context and decisions for a payment. It tracks three parallel states (Authorization, Control, and Settlement) without collapsing them.
A journal-ready ledger entry created only after mutual authorization is complete. It carries the full history back to the original event.
A governed exception (dispute, non-response, budget breach, policy gap, etc.). Resolution events are added, but prior events are never changed or deleted.
Every posting is traceable back through the events, decisions, and policy version that created it. Because the chain is immutable, verifying a payment’s history becomes fast and reliable.
CAST eliminates the class of fraud that depends on one party acting without the other's knowledge. Collusion isn't eliminated — but it becomes documented and detectable rather than invisible.
The four layers don't change between use cases. Only event types, policy rules, and Work Order structures do. CAST sits alongside your ERP — not in place of it — and produces posting-ready exports with the lineage hash in the memo field.
// Any third party, no counterparty contact
const ok = await replay(eventId);
// Standard libs only — no proprietary verifier
- SHA256(canonicalize(payload, v1))
- ECDSA-P256 signature check
- X.509 chain validation
return {
valid: ok,
proves: "both parties confirmed",
at: "signed timestamp",
unmodified_since: true
};
It travels with the payment through every downstream system. That's what makes a transaction insurable, financeable, and survivable in audit.
CAST adds a mutual authorization step to AP payments. Vendors confirm exact details via a secure link before funds are released.
# Vendor confirms before payment release
{
"event": "bilateral.confirmed",
"work_order": "wo_8fa2c1",
"payment": {
"invoice": "INV-1048",
"amount": "47000.00",
"currency": "USD",
"pay_date": "2026-05-22",
"bank_last4": "4821"
},
"signature": {
"method": "passkey_or_verified_link",
"bound_to": "work_order_hash",
"signer": "vendor_contact"
},
"policy_version": "POL-v1",
"lineage_hash": "7c0d...b48a"
}
-> Covered payment blocked until vendor confirms.
-> Proof record retained for audit and review.
The payer approves an invoice internally. The vendor learns of the transaction only when money arrives, when it does not arrive, or when something is already wrong.
CAST adds one narrow control: before a covered payment is released, the counterparty confirms the payment details through a secure Trade Message.
Confirm & Pay is a pre-release AP control. It does not replace the ERP, create seller-side ledgers, or require vendors to adopt a new system.
Your rules flag a payment that needs mutual authorization (first vendor, bank change, high value, rush, etc.).
The vendor receives a simple browser link showing the amount, invoice, date, and bank details. No login or app required.
The vendor reviews and authorizes the payment details (or requests a change / disputes). This creates the binding authorization record.
Only after mutual authorization does the payment release. A clear, verifiable record is created automatically.
The vendor is a counterparty signer, not a full CAST tenant. They do not need an app, ERP connection, or account setup to confirm a payment.
Confirm only if these details match the payment you expect. Any change keeps the payment held.
Confirm & Pay focuses on the payments where one-sided approval creates the most risk.
A new vendor relationship should not receive funds without counterparty confirmation of the destination details.
Any destination-account change triggers confirmation. The vendor sees the bank last four before release.
Urgency increases scrutiny instead of bypassing controls. A rush payment still waits for confirmation.
Payments above your configured threshold require a bilateral event before proceeding.
Potential duplicate invoices are sent for confirmation or held for review before money moves.
If the vendor disputes or misses the deadline, the payment remains held and the exception is recorded.
Follow one invoice from payment intent to vendor confirmation to retained proof.
First payment, bank change, rush payment, duplicate-risk invoice, or threshold breach. Your team can see what is waiting, confirmed, disputed, or expired.
Confirm & Pay records who confirmed, what they confirmed, when they confirmed it, which policy governed the release, and which payment record the confirmation was bound to.
CAST works alongside existing AP and ERP systems. It creates the counterparty confirmation record those systems do not produce on their own.
Covered payments remain held until the vendor confirms the payment terms or an exception is reviewed.
Vendors receive one secure link and confirm in the browser. No vendor-side ERP connection is required.
Each confirmation creates a retained record of the terms, signer, timestamp, policy version, and payment reference.
CAST gives finance teams a bilateral proof layer before payment release, without replacing the ERP or asking vendors to adopt a new system.
See Confirm & Pay walk one payment from intent to vendor-confirmed proof. We’ll be in touch.
Or reach out directly · contact@digitalfinancehq.com
We’ve received your request and will reach out shortly.