Your Vendor's Last Invoice Might Have Come From Someone Else
A registered business isn’t the same as a real business operating right now. That gap costs institutions Billions of dollars a year, and most of them don’t find out until the money’s gone.
Here’s how it usually plays out: you run a KYB check on a vendor. The registration comes back active. The business exists. You approve the wire, sign the contract, grant payment access. Then the business’s status changes (new ownership, a suspended license, a sanctions hit) and your approval is worthless. You never see the change happen. The registration you trusted was a timestamp, not a fact.
That timestamp problem gets worse as business impersonation gets worse. Fraudsters aren’t just redirecting payments anymore; they’re spoofing entire businesses. FinCEN’s analysis of Bank Secrecy Act filings puts false records as the second-largest fraud category, part of $212 Billion in suspicious activity. Business email compromise alone costs $3.1 Billion a year. Deepfakes of businesses and their executives hit more than 8 Million incidents in 2025, a category that barely existed three years ago.
A pass-or-fail KYB check can’t tell the difference between a business that’s operated for a decade and a shell registered last week. Both come back “verified.” The evidence behind that word is not remotely equal, and the single bit of output erases the difference.
Binding verification to the moment it matters
Proof and Enigma announced a partnership this week to launch Business Certificates: verified credentials that tie a current, continuously maintained business identity to the specific people and systems allowed to act on that business’s behalf.
Here’s how it works
Enigma maintains the business identity layer. It’s refreshed continuously across 100 Million+ U.S. legal entities, 75 Million key people, 33 Million brands, and 31 Million locations, pulled from government filings, state registries, federal records, sanctions watchlists, and beneficial ownership submissions. When a business’s status changes, Enigma knows it.
Proof issues the credential. A Business Certificate is cryptographically signed and bound to the moment of authorization, whether that’s a wire instruction, a vendor contract, an ACH change request, or an AI agent executing a transaction. The credential travels with the action and it isn’t just displayed somewhere, it’s used to sign. Every act becomes traceable back to a real, verified business and a real, authorized person or system acting right now, not one that was verified months ago and hasn’t been checked since.
That structure closes three specific gaps. On wire and payment fraud, a Certificate bound to a wire confirms the business is in good standing and that the receiving account actually belongs to the named vendor at the moment the money moves. On vendor impersonation, ACH changes and account-update requests signed with a Certificate stop the classic move where a fraudster poses as a supplier’s AP contact and asks you to reroute future payments. And on impersonation at the content layer, press releases, account statements, and vendor communications signed with a Certificate carry proof of where they actually came from, closing the gap that lets fraudsters publish under stolen letterheads.
Built for agentic commerce
The timing isn’t an accident. AI agents are starting to act on businesses’ behalf with less of a human in the loop at each step, and everything above gets harder to catch when the thing initiating a wire isn’t a person you can call and ask “did you really mean to send this?”
Both layers have to work together. KYA (Know Your Agent) verifies an agent is authorized and acting within scope. KYB verifies the business that agent represents or is interacting with. Get only one of those right and you still have a fraud problem, just a different-shaped one. Proof’s x401 protocol lets any website verify the identity and authorization behind an AI agent. Business Certificates, powered by Enigma’s continuously maintained KYB data, are the business-identity layer x401 carries into an agentic transaction.
Put together: verified agent authorization, verified business identity, and a signed record of the transaction itself is more proof than “the registration was active as of some Tuesday.”
Want to see it in action? Join us July 23 at 1 PM EST
Our CTO Ryan Green alongside Proof’s CTO Eric Fleischman and Senior Product Manager Abbie Kaiser to discuss enterprise identity for the age of AI fraud, unpack real use cases, how to plug verified business identity into your workflows, and answer any of your questions.