Verify the moment,
not just the identity.
Identity verification proves who is acting. Transaction analytics scores what's being requested. Neither answers whether the person is acting freely. RTScale captures a cryptographically-signed affective signature at the moments that decide a hard-to-reverse transaction — and gives the institutions on the other end something they've never had: provable, hardware-rooted evidence of state of mind.
Three regulatory shifts are converging on the same gap.
Each one asks a question current fraud and identity stacks were never built to answer: was this person acting freely, with intact understanding, and free of coercion?
Authorized push payment scams now reimbursable by default.
Sending and receiving PSPs split liability 50/50 unless they can show the customer authorized the payment freely and with full understanding. Customer-friction defences only work if they're documented.
Elder financial exploitation outpaces fraud detection.
FINRA Rule 2165 lets firms place temporary holds on suspected exploitation — but only with documented reasonable belief. NASAA and 30+ state statutes now codify the same standard. Documentation is the bottleneck.
Human oversight has to be meaningful, not nominal.
High-risk AI systems must be designed so that natural persons can effectively oversee them. Black-box risk scores fail this test. Decisions affecting consumers need affective and contextual evidence a reviewer can read.
Four steps. One signed signature. Every consequential moment.
A SoM™ Signature is a cryptographically-signed multimodal capture — facial emotion, vocal prosody, microexpressions — produced on-device and bound to the underlying decision.
Sense
Mobile, desktop, or browser SDK runs a 3-second Quick Scan or 30-second Deep Scan, locally. Raw frames never leave the device.
Sign
Signature is sealed by hardware-backed crypto — TPM 2.0, Secure Enclave, StrongBox — and bound to the transaction or decision it accompanies.
Verify
Trust Cortex composes the signature with intent, context, and policy to produce an explainable recommendation — not a black-box score.
Audit
Dual-template report — one for the consumer, one for the reviewer or regulator. Cryptographic erasure on request satisfies GDPR Article 17.
Generic WebRTC pipelines destroy the very signal that matters — 60 to 80 percent of microexpression information is lost before it reaches a server.
We build for the moment a transaction becomes hard to reverse.
Wire transfers settle in minutes. Crypto transactions finalize on-chain. Deeds record. Beneficiary changes commit. AI agents execute on a user's behalf. Across every consequential surface, the gap is the same: the documents are valid, the signatures are real, and the consent — at the moment it was given — leaves almost no evidence behind.
RTScale builds for that gap. Not as a fraud-detection tool, not as a compliance add-on, but as a primitive: portable, hardware-rooted, cryptographically signed evidence of human consent at the moments that decide the transaction. We apply it where four conditions converge.
High stakes
The transaction has meaningful financial or legal consequence. Money moves; a deed records; a beneficiary changes; an agent acts.
Hard to reverse
Settlement is fast or final. No fraud-team clawback. No 60-day chargeback. No post-recording undo. Once it happens, it has happened.
Documented vulnerability
Social pressure, coercion, scams, undue influence, or impaired understanding are empirically observable loss vectors in this category.
Weak consent evidence
Current state of the art is a signed document, a checkbox click, or a valid token — none of which carry evidence of state of mind at the moment of consent.
When all four converge, you have a candidate for a SoM Signature. Five categories pass the test today. More will tomorrow.
See the solution portfolioBuilt for the moments that matter.
Five solution categories today. Different regulatory framings, different buyer personas, different worked examples — the same underlying signature primitive. Each category passes all four criteria from §03.
Was this push payment authorized—or coerced?
APP scams, RTP / FedNow / Pix fraud, high-value wires, in-branch teller alerts. The transaction looks legitimate; the customer looks like themselves; only the consent is in question.
Was this fiduciary decision freely made?
Elder exploitation, Reg BI care obligation, discretionary authorization, capacity-relevant decisions, beneficiary changes. The hardest questions in wealth share a common evidentiary gap.
Agents need a signature, not just a scope.
OAuth tokens prove an AI agent is allowed to call an API. They don’t prove a human authorized the underlying action. Consent provenance, bound to delegation, carried through every downstream call.
Your keys, your coins, your consent.
Hardware wallets prove who holds the keys. SoM Sig proves the key-holder is acting freely. Wrench attacks, pig-butchering, signed approvals you didn’t really agree to—defended at the signing surface.
Six figures wired. Deed recorded. Consent verified.
Closing-wire BEC, elder asset stripping, coerced quitclaim deeds, predatory refinances. The documents are valid; the signatures are real; the consent was the gap. Bank-side and title-side integrations cover the lifecycle.
More categories will qualify as the primitive matures. The criteria framework is what filters them in — not our roadmap.
Engineered for the questions regulators ask.
Built to survive procurement security review, model risk management, and the EU AI Act's explainability and oversight requirements — by design, not by document.
- CAPTURE On-device, hardware-backed. Raw frames stay on the device. Signatures are signed by TPM 2.0, Apple Secure Enclave, or Android StrongBox.
- FIDELITY Microexpression signal preserved. Generic WebRTC pipelines lose 60-80% of the signal that matters. RTScale captures at source.
- EXPLAIN Decomposed indicators, not a score. Trust Cortex outputs per-indicator variance a human reviewer can read, with cohort-normalized baselines.
- FAIRNESS ≤5pp demographic parity gap. Continuously measured across age, gender, ethnicity, and accent cohorts. Drift triggers retraining.
- PRIVACY Cryptographic erasure. Signature keys can be revoked, rendering captures unverifiable. Satisfies GDPR Article 17 by design.
- EVIDENCE Dual-template reports. One for the consumer or trusted contact. One for the reviewer or regulator. Same underlying signature.
"We can prove who the customer is. We can score the transaction. We still can't show a regulator what the customer was feeling when they pressed send. That's the evidence gap."
The 30-minute demo uses your scenarios, not ours.
Bring the case that keeps you up — the APP scam your reimbursement team is fighting, the elder exploitation that fell through 2165, the high-risk system your AI Act readiness review just flagged. We'll walk through capture, signature, adjudication, and the report a reviewer would read.