Stop Invoice Fraud with
Cryptographic Verification

Attestiv provides a verified, encrypted registry of vendor banking details and cryptographic invoice signing. Verify any invoice or payment instruction in seconds with zero-knowledge security.

See How It Works View API Docs
$2.7B+
Lost annually to business email compromise and invoice fraud
65%
Of organizations experienced payment fraud attempts in 2024
43%
Of fraud involves falsified or manipulated invoices

How Attestiv Works

Three integrated systems work together to prevent invoice and payment fraud at every step.

1 Invoice Signing

Vendor Uploads Invoice (PDF/Image) SHA-256 Generate File Hash Ed25519 Digital Signature Attestiv Store Signed Record Verified
1. Upload
Vendor uploads invoice file to Attestiv
2. Hash
SHA-256 hash creates unique fingerprint
3. Sign
Ed25519 signature binds vendor identity
4. Store
Immutable record with timestamp

2 Invoice Verification

Customer Receives Invoice via Email Attestiv Upload or Provide Hash Lookup Find Matching Signature Verify Cryptographic Validation Vendor Identity Confirmed
1. Receive
Customer gets invoice via any channel
2. Submit
Upload file or provide hash to verify
3. Match
Find corresponding signed record
4. Confirm
Cryptographically verify vendor identity

3 Secure Banking Registry

Vendor Banking Details Client-Side XChaCha20-Poly1305 Encryption Attestiv Server Zero-Knowledge Storage Encrypted Blob Server cannot decrypt or read contents Customer Access Request Client-Side X25519 Key Exchange + Decryption Vendor grants access via encrypted key share
End-to-End Encryption
Banking details encrypted on vendor's device before upload
Zero-Knowledge Storage
Server stores only encrypted blobs it cannot read
Secure Key Exchange
X25519 enables vendors to grant customer access

Verification Methods

Multiple ways to verify invoices and banking details, designed for any workflow.

Web Portal

Simple drag-and-drop interface for anyone to verify invoices instantly. No account required.

  • Upload PDF, PNG, JPEG, TIFF
  • Instant verification result
  • View vendor details & history

REST API

Integrate verification directly into your ERP, accounting, or payment systems.

  • JWT authentication
  • Verify by file or hash
  • Webhook notifications

AI Integration (MCP)

Model Context Protocol server enables AI assistants to verify invoices automatically.

  • Claude, GPT compatible
  • Automated verification
  • Natural language queries

Security Architecture

Built with cryptographic best practices. Your data is protected by the same algorithms used by secure messaging apps and government systems.

Cryptographic Primitives

Ed25519 Signatures

Elliptic curve digital signatures provide 128-bit security with fast signing and verification. Used for invoice attestation.

XChaCha20-Poly1305

Authenticated encryption with 256-bit keys. Banking details are encrypted client-side before transmission.

X25519 Key Exchange

Elliptic curve Diffie-Hellman enables secure key sharing between vendors and customers without exposing secrets.

Argon2id Key Derivation

Memory-hard password hashing protects encryption keys derived from user passwords against brute-force attacks.

Security Principles

Zero-Knowledge Architecture

The Attestiv server never sees plaintext banking details. All sensitive data is encrypted client-side before upload. We cannot read your data even if compelled.

Client-Side Key Generation

Private keys are generated on your device and never transmitted. Only public keys are stored on our servers for signature verification.

Immediate Key Revocation

Compromised keys can be revoked instantly. Verification checks key validity at signing time, ensuring revoked keys cannot be used.

Audit Trail

All verification attempts are logged with timestamps. Complete audit trail for compliance and forensics.

Constant-Time Operations

Cryptographic comparisons use constant-time algorithms to prevent timing attacks that could leak information.

Data Protection at Every Layer

Client Device Private Keys (never leave device) Client-side Encryption Signature Generation TLS 1.3 Encrypted Attestiv Server Public Keys Only Encrypted Blobs (unreadable) Signature Verification Encrypted at Rest Database AES-256 Encrypted + Double Encryption for Banking

Simple API Integration

Integrate invoice verification into your systems with just a few lines of code.

Sign an Invoice 
curl -X POST https://attestiv.io/api/v1/invoices/sign/ \
  -H "Authorization: Bearer $TOKEN" \
  -F "file=@invoice.pdf" \
  -F "key_id=sk_abc123" \
  -F "metadata={\"invoice_number\": \"INV-001\"}"

# Response
{
  "id": "inv_xyz789",
  "file_hash": "sha256:a1b2c3...",
  "signature": "ed25519:...",
  "signed_at": "2026-01-19T12:00:00Z",
  "verify_url": "https://attestiv.io/v/inv_xyz789"
}
Verify an Invoice 
curl -X POST https://attestiv.io/api/v1/verify/invoice/ \
  -F "file=@invoice.pdf"

# Response
{
  "verified": true,
  "vendor": {
    "name": "Acme Corp",
    "domain": "acme.com",
    "verified_since": "2025-03-15"
  },
  "signed_at": "2026-01-19T12:00:00Z",
  "key_status": "valid"
}

Frequently Asked Questions

Common questions about invoice verification and banking security.

How does Attestiv prevent invoice fraud?
Attestiv uses cryptographic signatures to bind vendor identity to every invoice. When a vendor signs an invoice, we create a unique digital fingerprint (SHA-256 hash) and sign it with their private key. Anyone can verify this signature against the vendor's public key, confirming the invoice is authentic and unmodified.
What happens if an invoice is modified after signing?
Any modification - even a single pixel or character - completely changes the file's hash. The verification will immediately fail because the modified file's hash won't match the signed record. This makes tampering cryptographically impossible to hide.
Can Attestiv access my banking details?
No. Banking details are encrypted on your device before being sent to our servers. We use a zero-knowledge architecture where encryption happens client-side with XChaCha20-Poly1305. Our servers only store encrypted blobs that we cannot decrypt. Only authorized parties with the proper keys can access the data.
What if a vendor's signing key is compromised?
Vendors can instantly revoke compromised keys through our API or dashboard. Once revoked, any verification attempt will warn that the signing key has been revoked. We also check key validity at the time of signing, so previously signed invoices remain valid while new fraudulent signatures are rejected.
How do I integrate Attestiv with my existing systems?
Attestiv offers multiple integration options: a REST API for ERP/accounting systems, a web portal for manual verification, and an MCP server for AI assistants like Claude or GPT. Our API uses JWT authentication and supports both file uploads and hash-based verification.
What file types are supported?
Attestiv supports PDF, PNG, JPEG, and TIFF files up to 10MB. Since we hash the raw file bytes, any file format can be verified - but we optimize our processing for common invoice formats.

Ready to Eliminate Invoice Fraud?

Join organizations using cryptographic verification to protect their payment processes.

Register as Vendor Read the Docs