Regulatory Compliance
Credentis helps financial institutions meet a deeper compliance requirement: not simply proving that a customer accessed a channel, but demonstrating that a specific transaction was validly authorized, properly evidenced, and defensible under scrutiny.
Authorization alignment model
Authentication
Authentication is the access-control decision through which the institution grants entry to an account, session, or service channel. It remains a formal requirement, with risk-appropriate controls including two-factor authentication for customer access.
Authorization
Authorization is the assessment of whether a specific transaction or servicing instruction is validly approved. Within the Credentis framework, transaction initiation does not equate to authorization, and approval must be explicit, transaction-specific, channel-independent, and bound to the original context.
Validity
Validity is the institution’s capacity to demonstrate that a transaction was genuinely authorized, compliant, and evidentially substantiated during disputes, audits, or supervisory reviews.
Regulatory position
Credentis should not be understood as a secret-return model, an application-layer prompt variant, or simply as payment-time re-authentication. Its principal innovation lies in treating authorization as an independent control mechanism, where validity is defined through alignment rather than mere credential possession.
Credentis is built on two core principles: authorization capture must remain independent of the transaction initiation channel, and each authorization event must be single-use and strictly bound to a unique transaction context. Compromised sessions therefore do not automatically confer transaction authority.
Evidence position
The institution must be able to demonstrate that a disputed electronic fund transfer was genuinely authorized, not merely initiated during an authenticated session.
Credentis supplements existing authentication controls by helping preserve subscriber identity continuity at the point of authorization, while leaving standard access controls such as credentials and device registration in place.
Structured authorization evidence helps show which transaction was presented, which subscriber-side controls were applied, what decision was made, and what records remain available for reconstruction, dispute handling, audit, and regulatory review.
Institutional inquiry
By reinforcing authentication, preserving subscriber continuity, and separating authorization from access, it gives financial institutions a stronger basis for compliance in high-stakes digital environments.