Verum gives fintech apps a single API call that returns a cryptographic, device-bound verification receipt. Phishing-proof. Post-quantum signed.
The attacks have outpaced the authentication method.
Attackers port your number, receive your OTP, drain the account. Your SMS code is the attack surface.
Credential stuffing turns leaked databases into account takeover campaigns at industrial scale.
Adversary-in-the-middle proxies capture and replay OTPs before the user even notices.
Designed around the threat model, not the convenience model.
WebAuthn assertions are cryptographically bound to your exact domain. A fake site gets a useless assertion that fails verification.
Every verification produces an ML-DSA signature — NIST FIPS 204 standardized, quantum-resistant — giving you immutable proof that survives cryptanalytic advances.
Biometric verification happens in the device's secure enclave. No biometric data, no passwords, no credentials ever reach Verum. Nothing to breach.
Start free. Pay only when you scale.
Significantly cheaper than SMS OTP at scale. No per-seat pricing.
Add biometric step-up auth to high-value transfers without adding friction to everyday banking.
Replace SMS OTP with phishing-resistant verification for transaction approval.
Protect withdrawals and address changes with cryptographically-bound proof of presence.
Collect biometrically-verified consent for loan agreements and policy changes.
Verify user presence at checkout to reduce first-party fraud and chargebacks.
Every transaction that slips through costs you more than the fraud itself — chargebacks, dispute ops, regulatory scrutiny. Verum closes the gap in an afternoon.
WebAuthn W3C standard
NIST FIPS 204 ML-DSA
Zero PII stored
REST API
Drop biometric fraud prevention into any existing flow.
Your backend calls the challenge endpoint with user ID and transaction context. Takes one line of code.
Pass the WebAuthn options to the browser. The user authenticates with Face ID or fingerprint — no app, no account required.
Send the credential assertion and challenge ID. Verum verifies the WebAuthn response and signs the transaction context with ML-DSA.
A post-quantum cryptographic receipt tied to the user's biometric and the exact transaction — immutable evidence for disputes and audits.
Verum verifies that the person holding the registered device — and who can authenticate with its biometric sensor — approved a specific transaction context. You send the context (amount, payee, action), and Verum returns a cryptographic receipt proving the user's biometric was presented for that exact context.
Standard WebAuthn proves authentication. Verum adds a post-quantum ML-DSA signature over the transaction context — tying the biometric event to a specific payload. That receipt is your dispute-proof evidence, independently verifiable without calling Verum.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a NIST-standardized post-quantum algorithm, finalized in FIPS 204. Unlike RSA or ECDSA, ML-DSA signatures remain secure against cryptanalytic attacks from quantum computers — ensuring your receipts hold up for years.
No. Biometric verification happens entirely within the hardware-backed secure enclave on the user's device. The biometric never leaves the device. Verum only sees the cryptographic assertion produced by the enclave.
Two API calls: POST /api/vouch/challenge with your transaction context to start the flow, then POST /api/vouch/verify with the WebAuthn assertion and challenge ID to complete it. The verify response contains the ML-DSA signed receipt.
The biometric + cryptographic audit trail supports Strong Customer Authentication (SCA) under PSD2/PSD3, FFIEC guidance on layered security, and provides the documented evidence trail required under CFPB dispute resolution rules.
Verifications vouched for
58