Skip to main content
CertNode
Evidence Vault

A cryptographic audit trail
at every Stripe payment.

Six evidence points captured at payment time — 3D Secure, AVS, CVC, device fingerprint, IP, authentication result — signed with a 3-layer cryptographic timestamp (CertNode signature, RFC 3161 TSA, Bitcoin OpenTimestamps anchor). Each capture is independently verifiable forever, without trusting CertNode or Stripe. Designed for FRE 902(13)/(14) self-authenticating digital evidence.

Built for finance, compliance, and ops teams at high-volume merchants who need every payment provably attested at the moment it happened — for audit, regulatory review, internal dispute resolution, or chargeback defense.

Install on StripeDocumentation

Who Vault is for

Stripe stores payment data but doesn't sign it, doesn't timestamp it independently, and doesn't make it portable. For teams that need the proof later, that's a gap.

Without Vault

  • Stripe holds the payment record — no independent attestation
  • 3DS, AVS, CVC results scattered across charge objects, no durable bundle
  • Device fingerprint and IP — captured only if you wire them yourself
  • No cryptographic proof of when evidence was collected
  • Audit ask "show me proof this happened with these attributes" = manual export

With Vault

  • Every payment automatically signed and timestamped at capture time
  • Six evidence points bundled into one verifiable receipt per payment
  • Independently verifiable forever — no trust in CertNode or Stripe required
  • 3-layer timestamp proves the moment the evidence was collected
  • Designed for FRE 902(13)/(14) self-authenticating digital evidence

Six evidence points, one signed receipt

Every payment Vault captures bundles these six attributes into a single cryptographically signed receipt. The receipt is what an auditor, regulator, or court reviews — not the underlying scattered charge data.

3D Secure

Authentication result and version. Proves cardholder verified the purchase.

AVS

Address verification status. Confirms billing address matches card.

CVC

Card verification code check. Proves card was physically present.

Device Fingerprint

Browser, OS, screen resolution, timezone. Ties purchase to specific device.

IP Address

Customer's IP at time of payment. Shows geographic consistency.

3-Layer Timestamp

CertNode ES256 signature, RFC 3161 TSA token (FreeTSA), and Bitcoin OpenTimestamps anchor. Three independent proofs of when evidence was collected.

Simple Pricing

$0/month
$0.03 per transaction
No monthly fee, only pay for evidence captured
$5/month minimum (waived if no transactions)
Reflex users: $0.02/transaction (33% discount)
Cancel anytime, no contracts

At 1,000 payments/month, Vault costs $30 — about 50× cheaper than the cost of one missing audit-trail attestation when it's asked for. No setup fee, no monthly minimum until you transact.

How It Works

1

Install

Install Evidence Vault from the Stripe App Marketplace. Enable in Settings. Add collect.js to your checkout for device + IP capture.

2

Capture

On every successful payment, 6 evidence points are captured and 3-layer timestamped (CertNode instant + RFC 3161 + Bitcoin OpenTimestamps), automatically, in under a second.

3

Verify

Anyone with the receipt ID can verify the payment's attributes and the moment it was captured — auditor, regulator, customer, court. Verification is computed from the receipt; no trust in CertNode or Stripe required.

Use cases

The same per-payment receipt serves several teams at the same merchant. Install once; pull the proof when any of these come up.

Compliance audit trail

SOC 2, PCI, internal audit, or regulatory review asks for evidence that a specific payment ran with specific attributes (3DS authentication, AVS match, device fingerprint). Vault produces a signed receipt per payment — pre-bundled, not reconstructed.

Customer dispute resolution

Customer claims the payment didn't happen, or that authentication wasn't performed. Send them the verifiable receipt URL. They can check it independently without trusting your records.

Chargeback evidence

Pre-dispute evidence captured at payment time, with cryptographic proof the collection pre-dated the dispute. Pairs with Reflex for automated defense, or attach manually to Stripe dispute responses.

Forensic / fraud investigation

Investigating a series of suspicious transactions. The signed device fingerprint + IP per payment, with collection time provable, gives the forensic team a durable artifact instead of best-effort log reconstruction.

Pairs with Reflex

Vault captures the receipt at payment time. Reflex uses those receipts to defend chargebacks automatically when they arrive. Reflex users get a 33% discount on Vault ($0.02 per payment instead of $0.03).

Learn about CertNode Reflex →

Where Vault doesn't help

Vault captures the evidence that already exists at payment time — it doesn't create authentication that wasn't there. If your checkout doesn't run 3D Secure, the 3DS field will be empty even with Vault installed. If you don't add the collect.js snippet to your checkout page, device fingerprint and IP won't be captured. Vault makes the evidence durable and provably pre-dispute; the underlying authentication is your checkout's job. Install collect.js (~5 minutes) to unlock the full evidence stack.

Live on 9 Stripe merchants. Highest-volume merchant captures 1,300+ payments per month; aggregate 30-day capture rate is 100% as of the most recent internal audit.

Start the audit trail today

Install Vault on Stripe in under five minutes. The next payment your merchant processes gets a signed, timestamped receipt automatically.

Install Evidence Vault