Backend systems prove receipt.
We prove execution.
The device-bound evidence layer for multirail digital payments. Signed inside the payment journey, verified inside your infrastructure, with no YinkoShield backend required.
Cryptographically signed evidence — independently verifiable, and tied to the device and execution sequence.
external voice · cio, tier-1 bank
“When I need user identity I use Zscaler. When I need device identity I use YinkoShield.”
CIO of an African Tier-1 bank running YinkoShield in production since 2022, across millions of endpoints. Anonymised, not invented; said unprompted in an architecture review. Name available on request.
in production
Tier-1 South African retail bank deployments since 2019. 30M+ endpoints. Reference available on request.
- scale
- 30M+ mobile endpoints in production
- device fragmentation
- ~13,000 Android hardware configurations handled
- geography
- 2 offices UAE · South Africa
- in production since
- 2019 a Tier-1 South African bank
What happens inside the execution your backend never sees?
A customer may repeatedly attempt a payment inside a banking app, while a merchant may repeatedly attempt to accept one through a terminal or mobile device. In both cases, application, network or rail failure can stop the journey before a valid backend record exists.
The backend sees nothing. The customer or merchant experiences the impact.
YinkoShield preserves signed execution evidence inside the software journey. The operator can verify that evidence inside its own infrastructure and use it within its existing systems.
without EEI
with EEI
The same principle applies beyond payments: authentication, beneficiary changes, OTP flows, identity checks, refunds, key operations, kiosk sessions, offline workflows — and increasingly, autonomous agent actions.
Once verified, the same evidence can support the operator's dispute investigation and resolution, automated servicing, fleet-stability monitoring, fraud investigation and audit processes.
YinkoShield produces and signs the evidence. The operator verifies it and retains control of every policy, decision and action.
A new category in payment trust.
policy stays with you
Conditional policy. Not a binary toggle.
Vendor-coupled tools give you a switch per check — enable, disable, or monitor. The check fires the same way regardless of what the user is trying to do.
Execution evidence inverts that. We supply signed signals; your policy engine combines them with business context. Allow a balance check on a rooted device. Refuse to add a new beneficiary on the same device. The signal is the same; the response is conditional on what's at stake.
vendor-coupled · rasp
Per-check switch: enable, disable, or monitor. In monitor mode, the vendor hands you an event handler — your team writes the policy logic against it. No way to make the check context-aware without rebuilding the vendor's engine.
decoupled · eei
Signed signals delivered to your policy engine. If rooted device and action is add beneficiary: refuse. If rooted device and action is view balance: allow. Conditional, contextual, written by you.
Two infrastructure primitives.
A trusted runtime that signs what happened — and the evidence layer that carries it. Together: a new category.
Trusted Runtime Primitive
A platform-portable execution environment that observes what the runtime actually does and signs it with a hardware-bound key. Same evidence guarantees across mobile, POS, SoftPOS, and SST estates — across ~13,000 hardware configurations.
Without the runtime, there is no consistent evidence.
READ →Execution Evidence Layer
The signed, hash-linked record of what actually happened on the device. Travels with the transaction. Verifiable with a public key alone. Replayable from the local ledger when a deeper investigation is needed.
Without the evidence, the runtime is just another runtime.
READ →Six journeys. One signed substrate.
Network. Fraud. Experience. Integrity. Operations. Autonomous. Pick the one your customers, fraud team, or operations team will name out loud.
- payments in constrained networks
Payments survive the partition.
“My terminals run on cellular and 2G/3G. Transactions fail in dead zones. I can't tell retries from duplicates.”
See the journey → - fraud, malware, and adversarial integrity
Adversarial behaviour, observable at the moment of execution.
“Mobile malware is getting better. My fraud models drown in operational noise that looks like fraud but isn't. I need clean signals.”
See the journey → - approval-rate and customer-experience integrity
False declines stop being the conservative default.
“My approval rate erodes in places I can't fully explain. App restarts, retries that look like duplicates, latency spikes. My customers blame me.”
See the journey → - execution and key integrity
Cryptographic guarantees about what executed.
“I need verifiable proof that the device-side execution is what the spec describes. I need to see when keys rotate. I need to know which tokens were rejected and why.”
See the journey → - forensics and proactive operations
See incidents coming. Investigate when they don't.
“I want to know what's about to break before my customer calls. When something does break, I want forensics without sending an engineer.”
See the journey → - agentic payments and autonomous execution
When the system acts on its own, the substrate it acted on becomes the audit.
“AI agents are about to initiate transactions. I need to prove which agent acted, in what runtime state, on which device, in what sequence — without parsing millions of logs.”
See the journey →
Mobile, POS, SST. One signed format across all of them.
The same Trusted Runtime Primitive ships across every estate. The evidence comes out in the same shape, verifiable the same way — by your stack, your dispute platform, your regulator, your partners.
Same Evidence Token format across estates; runtime coherence checks calibrated per platform.
- mobile →
Mobile banking, fintech, and superapps
Mobile environments run outside controlled infrastructure. The threats that matter there don't get blocked at the edge — they become signed execution evidence your own systems can independently verify and act on.
- Overlay & accessibility-service abuse, observable
- SIM swap & device compromise, signed inline
- Identity continuity across the user journey
- Merchant acceptance · POS · mPOS · SoftPOS →
Merchant acceptance and acquiring estates
Merchant acceptance no longer lives only on certified terminals — it runs across POS, SoftPOS, ordinary phones and merchant apps. Device state, execution integrity and payment context become observable at the software boundary.
- Deterministic onboarding across the fleet
- Offline integrity continuity in dead-zone networks
- Verifiable evidence at the moment of execution
- self-service terminals →
SST and bank self-service estates
Unattended terminals running long sessions across critical journeys — payments, account opening, identity verification. Runtime coherence is the substrate that makes those flows defensible.
- Long-session execution provenance
- Smart-ID and national-identity adjacency
- Physical-access threat boundary observable
Designed for African and emerging-market payments.
- ·01 property
~200 bytes
tiny header, big information
JWS-compact ES256 token, inline with each request. Substantial signal payload at minimal bandwidth cost — designed for cellular and 2G/3G estates.
- ·02 property
offline by design
the ledger does not depend on connectivity
Evidence is generated and signed at execution time, against a local append-only hash-linked ledger. Partition is an operating condition, not an exception. Records flush when connectivity returns — in order, signed, intact.
- ·03 property
reverse-billing compatible
works under zero-rated DNS
Compatible with mobile network operator zero-rating arrangements through the platform's network module. Customers in low-data conditions stay protected without the operator carrying the data cost.
Operators should never depend on us to verify.
YEI-001 is the specification. Reference verifiers in Python, JavaScript, Go, and Java. Any party with a public key can verify evidence independently. Currently available on request.
Request access to the specification{
"eid": "8f1e3a90-2b4c-4f81-b6d7…",
"seq": 1044,
"tctx": "01J0T8VQ4F",
"event": "payment.initiated",
"ts": 1714323105421,
"did": "did:yks:Z2gXf…",
"kid": "k.2025-Q2.r3",
"sig_ref": {
"url": "yks-ledger://…",
"hash": "0x9c4a…"
}
} We brief payment networks, schemes, processors, and tier-1 banks on EEI by request.
No sales pitch. A clear technical conversation about whether execution evidence is the right substrate for the problem you are trying to solve.
Request a briefingCette page existe en français.