Skip to main content
CertNode
Evidence Vault

A cryptographic audit trail
at every Stripe payment.

Up to six evidence points captured at payment time — 3D Secure, AVS, CVC, device fingerprint, IP, authentication result (device + IP need collect.js on your checkout) — sealed with a 2-layer cryptographic timestamp (CertNode HMAC-SHA256 integrity seal + RFC 3161 TSA token from FreeTSA). The RFC 3161 timestamp is verifiable against FreeTSA independently of CertNode or Stripe. Built to the FRE 902(13)/(14) self-authenticating standard for digital evidence.

Built for finance, compliance, and ops teams at high-volume merchants who need every payment provably attested at the moment it happened — for audit, regulatory review, internal dispute resolution, or chargeback defense.

Install on StripeDocumentation

Who Vault is for

Stripe stores payment data but doesn't sign it, doesn't timestamp it independently, and doesn't make it portable. For teams that need the proof later, that's a gap.

Without Vault

  • Stripe holds the payment record — no independent attestation
  • 3DS, AVS, CVC results scattered across charge objects, no durable bundle
  • Device fingerprint and IP — captured only if you wire them yourself
  • No cryptographic proof of when evidence was collected
  • Audit ask "show me proof this happened with these attributes" = manual export

With Vault

  • Every payment sealed and timestamped at capture time
  • Up to six evidence points bundled into one receipt per payment
  • RFC 3161 timestamp re-verifiable against FreeTSA, independently of CertNode or Stripe
  • 2-layer timestamp proves the moment the evidence was collected
  • Designed for FRE 902(13)/(14) self-authenticating digital evidence

Up to six evidence points, one sealed receipt

Every payment Vault captures bundles these attributes into a single cryptographically sealed receipt (device fingerprint + IP need collect.js on your checkout). The receipt is what an auditor, regulator, or court reviews — not the underlying scattered charge data.

3D Secure

Authentication result and version. Proves cardholder verified the purchase.

AVS

Address verification status. Confirms billing address matches card.

CVC

Card verification code check. Proves card was physically present.

Device Fingerprint

Browser, OS, screen resolution, timezone. Ties purchase to specific device.

IP Address

Customer's IP at time of payment. Shows geographic consistency.

2-Layer Timestamp

CertNode HMAC-SHA256 integrity seal + RFC 3161 TSA token (FreeTSA-verifiable). Independent proof of when evidence was collected.

Simple Pricing

$0/month
$0.03 per transaction
No monthly fee, only pay for evidence captured
$5/month minimum (waived if no transactions)
Reflex users: $0.02/transaction (33% discount)
Cancel anytime, no contracts

At 1,000 payments/month, Vault costs $30 — about 50× cheaper than the cost of one missing audit-trail attestation when it's asked for. No setup fee, no monthly minimum until you transact.

How It Works

1

Install

Install Evidence Vault from the Stripe App Marketplace. Enable in Settings. Add collect.js to your checkout for device + IP capture.

2

Capture

On every successful payment, up to 6 evidence points are captured and sealed (CertNode HMAC-SHA256 integrity seal): capture + integrity seal is sub-second; the RFC 3161 TSA timestamp lands shortly after.

3

Verify

Anyone with the receipt ID can verify the proof layers and the moment of capture — the cryptographic integrity seal and timestamps, no account needed. The full attribute set (3DS, AVS, CVC, device, IP) and the raw RFC 3161 token — which re-verifies against FreeTSA independently of CertNode or Stripe — are in the merchant's export, the package an auditor, regulator, or court reviews.

Use cases

The same per-payment receipt serves several teams at the same merchant. Install once; pull the proof when any of these come up.

Compliance audit trail

SOC 2, PCI, internal audit, or regulatory review asks for evidence that a specific payment ran with specific attributes (3DS authentication, AVS match, device fingerprint). Vault produces a signed receipt per payment — pre-bundled, not reconstructed.

Customer dispute resolution

Customer claims the payment didn't happen, or that authentication wasn't performed. Send them the verifiable receipt URL. They can check it independently without trusting your records.

Chargeback evidence

Pre-dispute evidence captured at payment time, with cryptographic proof the collection pre-dated the dispute. Pairs with Reflex for automated defense, or attach manually to Stripe dispute responses.

Forensic / fraud investigation

Investigating a series of suspicious transactions. The signed device fingerprint + IP per payment, with collection time provable, gives the forensic team a durable artifact instead of best-effort log reconstruction.

Pairs with Reflex

Vault captures the receipt at payment time. Reflex uses those receipts to defend chargebacks automatically when they arrive. Reflex users get a 33% discount on Vault ($0.02 per payment instead of $0.03).

Learn about CertNode Reflex →

Where Vault doesn't help

Vault captures the evidence that already exists at payment time — it doesn't create authentication that wasn't there. If your checkout doesn't run 3D Secure, the 3DS field will be empty even with Vault installed. If you don't add the collect.js snippet to your checkout page, device fingerprint and IP won't be captured. Vault makes the evidence durable and provably pre-dispute; the underlying authentication is your checkout's job. Install collect.js (~5 minutes) to unlock the full evidence stack.

100%
30-day capture rate (most recent internal audit)
~1,000
payments/mo for our highest-volume merchant (last 30 days)

Start the audit trail today

Install Vault on Stripe in under five minutes. The next payment your merchant processes gets a signed, timestamped receipt automatically.

Install Evidence Vault