The integrity of the Graphite Network depends on the ability to verify the identity of every user and the legitimacy of every bank account. This document provides a comprehensive overview of the Graphite Security Waterfall—a multi-layered defense system designed to prevent fraud, automate trust, and secure the B2B payment lifecycle.
This guide explains how Graphite moves a supplier from "Unknown" to "Diamond Guaranteed" for customers who have paid for the feature.
Executive Summary
The following components represent the core pillars of Graphite’s security and verification ecosystem:
- Legacy Payment Data: The collection and utilization of historical payment data to seed network intelligence, verify legacy records, and detect fraud.
- Data Validation: Real-time foundational checks (Tax, Location, Bank Information, and Sanctions) performed instantly upon data entry to ensure information integrity.
- Security Infrastructure: Multi-layered architectural protection, including mandatory MFA and the "Security Fence" (the security protocols that protect sensitive data) for all banking modifications.
- Passive and Discrete Signals: Continuous automated monitoring of behavioral metadata and domain anomalies used to inform final risk evaluations.
- The Security Waterfall: A sequence of verification tiers (Network Protection, Beneficiary Check, and IDV) designed to find the most efficient path to account trust.
- Trust Tiers & System Statuses: The final classification of bank accounts into four reliability levels, defining payment eligibility and "Payment Guarantee" status.
- The Trust Center: A centralized transparency hub providing all customers at-a-glance visibility into connection and banking risk signals for any supplier.
Non-Responsive Suppliers: Automated enforcement protocols and administrative escalations for suppliers who fail to complete required security tasks.
Standard Workflow:
Diamond Guarantee Workflow:
Legacy Payment Data
As a standard, Graphite requires all onboarding customers to provide historical payment data as part of the legacy data import process. This data is de-identified and stored in a secure data warehouse used during security and verification processes throughout the supplier lifecycle.
Benefits and Utilization
- Legacy Data Verification: Uploaded legacy data is checked against Network Protection data to confirm verified accounts already active in the network. This allows historical data to be confirmed as open, valid, and verified using the most recent records.
- Fraud Detection: Any account uploaded that matches a known fraudulent record in the database triggers an instant notification, allowing for rapid remediation of historical risks.
- Network Intelligence: Every data set added to the warehouse strengthens the network by providing multi-source verification and helps prevent data from becoming stale.
Learn more by reading our Legacy Data & Network Protection article
Data Validation
As part of its services, Graphite provides field-level validation for many commercial fields at the point of entry and throughout the supplier lifecycle. While this article focuses on the Banking layer, the system performs validation across tax, location, banking, and sanctions data points to form a holistic risk profile.
- Tax Validation: Verifies the Tax ID (EIN, VAT, etc.) against official government records to confirm the legal existence of the entity.
- Location Validation: Confirms the physical presence of the business through address verification services and localized entity registries.
- Bank Validation: Ensures that the bank account format, routing logic, and branch details are valid and capable of receiving international or domestic payments.
- Sanctions & Watchlists: Screens entities against global watchlists, including OFAC and other international sanctions lists.
- Continuous Monitoring: Validation is not a one-time event. Any change to a "Protected Field" triggers a re-validation of the data and a re-initiation of the security waterfall for the user.
For more information, please view our Graphite Data Validation: Detailed Process & Services
Security Infrastructure: MFA and The Security Fence
Multi-Factor Authentication (MFA)
MFA serves as a mandatory secondary layer of defense. SMS and authenticator apps (such as Google Authenticator) are available for two-factor authentication in Graphite Connect. MFA is designed to prevent "data scraping" and accidental exposure of sensitive information by isolating it behind a verification layer. Additionally, MFA prevents unauthorized changes even if account credentials are compromised. Graphite, as a standard, does not allow email to be used as MFA method.
- Actions Protected by MFA: Accessing or modifying tax or bank documents, and bank account numbers (IBAN/DAN)
Security Fence Summary
The Security Fence acts as a tripwire for the most sensitive data in a supplier's profile. Because this data is critical to payment integrity, modifying protected data triggers the security waterfall to verify both the data and the user.
- Protected Data: Bank account numbers (IBAN/DAN), bank documentation, and bank account holder names (beneficiary).
For more information, view our Security Infrastructure: The Security Fence & Multi-Factor Authentication (MFA)
Passive and Discrete Signals: Fraud Detection
Beyond active verification steps, Graphite continuously monitors "Passive Signals" to detect anomalies that may indicate fraudulent intent. These automated signals range from domain age (flagging domains < 6 months) to behavioral IP metadata. While these signals may not block a user immediately, they are compiled as risk signals for internal teams and customers during the final Security Review phase.
For more information, view our Fraud Detection: Passive and Discrete Signals article
The Security Waterfall Overview
The waterfall is a sequence of checks designed to ensure data is valid and passes through increasingly stringent verification methods. The path a supplier takes depends on whether the customer is a paying subscriber to Graphite's premium security features.
Note: Graphite no longer provides manual video call backs as a standard security service.
Network Protection (NP) - Premium Feature
This proprietary check identifies if a Bank Account has already been successfully paid by other trusted members of the Graphite Network. This data is collected and maintained as described in the Legacy Payment Data section above.
- Logic: The bank account number is queried against our NP data warehouse to determine "Does this Bank Account have payment history in our Network Protection data warehouse?"
- Outcome: Premium subscribers receive a high-confidence match that bypasses high-friction manual checks (IDV) and automatically flags the account as Diamond Guaranteed.
-
Learn More: Legacy Data & Network Protection article
Beneficiary Check - Premium Feature
This is a real-time inquiry into banking databases, supporting global bank account verification.
-
Logic: Risk is triangulated through four core data points:
- Account Status: Confirms if the account is open, valid, and able to receive payments.
- Name Match (Ownership): Matches the bank's record against the Legal Entity Name and declared DBAs.
- Confidence Score: Evaluates long-term account longevity and historical fraud signals.
- Account Tenure: Measures the age of the bank account to identify high-risk "new" accounts.
-
Coverage: The automated Beneficiary Check operates across an extensive global footprint covering primary international trade hubs. For a current matrix of regionally supported banking registries, please reach out to your customer representative to reference our Supported Jurisdictions.
- Note on Regional Redundancy: In instances where a supplier’s banking region sits outside of automated coverage networks or returns a 'No Data' signal, the Security Waterfall automatically triggers secondary verification layers (such as advanced Identity Verification or specialized review protocols) to ensure account integrity is established regardless of geography.
- Outcome: Paying customers receive high-confidence matches which bypass IDV and receive the Diamond Guarantee status. Non-subscribers skip this step and move directly to IDV.
-
Learn More: Bank Beneficiary Check: Detailed Status Codes and Ownership Logic
Identity Verification (IDV)
When bank-level data is insufficient, or if the customer is not a premium subscriber, Graphite shifts the burden of proof to the individual user through IDV, providing a non-repudiable link between a physical person and the provided banking information.
- Order of Operations
-
Telecom Check
- Logic: Matches user-provided metadata against mobile carrier records to verify the name associated with the phone number.
- Coverage: Supported in US, CA, UK, AU, and DE. Provides a low-friction "first-tier" identity match.
-
Government IDV
- Logic: The user is prompted to provide credentials from a trusted IDV provider or scan a government-issued photo ID (Passport, Driver’s License, or National ID) and perform a biometric "liveness" check (a brief video or selfie sequence). AI-driven detection evaluates the ID for authenticity and matches the biometric data to the photo on the document.
- Coverage: Global coverage utilizing a multi-provider verification network.
-
Verified Callback (Premium only)
- Logic: A proprietary outreach process where Graphite’s Security and Validations team confirms banking information directly with a verified contact at the supplier organization.
- Coverage: Global manual and automated outreach. Note: This method is deprecated for non-subscribers.
-
Telecom Check
- Outcome: Provides a high-assurance user verification level where Network Protection or bank checks are inconclusive or not available.
-
Learn More: Identity Verification (IDV): Detailed Methods & Outcomes
Trust Tiers and Security Review (Premium Feature)
The internal Security Review and detailed Trust Tiers are premium features available to paying subscribers. Accounts that cannot be fully automated or contain discrete signals are routed to a managed security team that evaluates all signals to assign one of four tiers.
For non-paying customers, a failure in the standard IDV waterfall results in a halt to the onboarding process. Premium features allow for automated acceleration via direct banking network queries, while standard paths utilize robust Identity Verification (IDV) to establish equivalent baseline trust.
| Status | Definition | Impact on the Connection |
| No Data | The supplier has not shared any banking data with your company. This can also be displayed during the response phase, while the supplier is still answering questions. | No impact, but there is no payment data that can be used for payment processing. |
| Pending | The account has been entered but is awaiting final results from asynchronous bank checks (JPMC) or is currently in the queue for a manual Security Review. | Active Processing: Connection is paused. Banking data is visible to customers but cannot be synced to the ERP or approved until a final Tier is assigned. |
| Verified: Payment Guaranteed | Passed the security waterfall or review with zero blocking signals. | Auto-approves the second approver task. The bank account is eligible for Graphite’s Payment Guarantee. |
| Valid | Confirmed Validity. The account passed a security waterfall check but may have had minor passive or discrete signals (e.g., a Partial Name Match or a domain younger than 6 months). This status can be manually or automatically assigned by a security review when passive or discrete signals are detected. Additionally, this status will be displayed for DG accounts to non-paying customers. | The supplier’s bank account is cleared for payment, but is not eligible for the Payment Guarantee. |
| Action Required | Client Policy Exception. High-risk flags are present, or the IDV has failed or was declined. The system stops the onboarding process, requiring an authorized Client Policy Exception. | The Blocker: The customer must consciously accept the risk via a manual override to proceed with the supplier. |
| Customer Override | Customer Overrode IDV and Security Requirements. Even with security risks present, the custom has decided to bypass security to allow their connection to the supplier to continue. | The normal blocking IDV task for the supplier (the final step of the security waterfall) is bypassed, which allows the connection to move from Response to Review. |
| Security Block | Fraud or Hard Fail. Confirmed ownership mismatch, JPM fraud detection, or known fraudulent activity. | The Wall: The bank account is globally restricted and cannot be used or shared within the Network. |
For more information, please refer to our Trust Tiers, Security Review & The Trust Center article
The Trust Center
The Trust Center is available to all customers and serves as the centralized hub for reviewing a supplier's security posture. It provides at-a-glance visibility into risk signals, allowing users to make informed decisions about supplier engagement.
The Trust Center aggregates two primary data categories:
- Connection Data: Highlights signals pertinent to the supplier’s overall presence and behavior (e.g., verifying that the supplier’s public or marketing domain is legitimate and free of security issues). In future enhancements, this will also contain data about the validity and security of the initial connection process.
- Banking Data: Surfaces critical risk signals derived from shared banking information. This section displays a generalized status based on the most severe risk identified across a supplier's accounts. For example, if one bank account is "Verified" but another is "Pending Review," the overall banking status will reflect "Pending Review" to ensure maximum visibility of potential threats.
Deep-Dive Functionality
Both data sections can be expanded to reveal granular information. The Banking section expands into a comprehensive table—mirroring the view on the supplier’s Connection Profile—where users can select specific bank accounts to review all data points captured during the security waterfall.
For more information, please refer to our Trust Tiers, Security Review & The Trust Center article
Non-Responsive Suppliers
If a supplier fails to complete a required security step (such as IDV) or ignores a "Customer Decision" block, the connection remains in a pending state.
- Automated Notification Sequence: The system executes a series of automated notifications and email reminders sent to the supplier over a seven-day window to encourage task completion.
- Administrative Escalation for Inactivity: If no action is taken by the vendor within the designated timeframe, the system automatically creates an administrative task and assigns it to the designated customer task owner for internal review and manual intervention.
- Learn More: Understanding the Nonresponsive Vendor Verification Process
FAQs
Q. What specific checks are included in the "Security Waterfall" to verify a supplier?
The waterfall includes behind-the-scenes checks, 2FA and telecom verification, Network Protection using data from 700,000+ suppliers, bank beneficiary ownership verification, identity verification, and independent call-backs when necessary.
Q. What is the process for customers who are not paying subscribers?
For non-subscribers, the security waterfall is limited to high-friction IDV (Telecom/Gov ID) and excludes premium checks like Network Protection, Beneficiary Check, and Verified Callback. If a supplier fails IDV, the onboarding process stalls at the Response phase until the supplier corrects their status or the customer manually bypasses security entirely for the supplier. Graphite has deprecated its manual video callback as a standard service.
Q. How do Bank Beneficiary Checks prevent fraud?
We match supplier-submitted bank account data to a global database of known accounts that is continually being expanded into new geographies.
Q. For paying customers, what happens if a supplier's information cannot be verified automatically?
When automated checks are insufficient—which happens in about 3% of new supplier invitations—Graphite’s dedicated validations team performs manual call-backs to independently verify identity, address, and other data, removing manual work from your team.
Q. What happens if a supplier shares a bank account verified by premium services with a non-subscriber?
If an account was previously verified through Graphite’s paid, premium security measures (e.g. Network Protection or Beneficiary Check), then the bank account will appear as “Valid” with no details of the checks other than the status of “Network Validation.” The customer will not be able to see the detailed results of the checks, such as bank tenure or partial name matches.
Q. Why does Graphite allow "Partial Name Matches" for DBAs?
Automated bank records often lack entity suffixes (LLC, Inc) or use trade names. These are routed to the security review team as passive risk signals rather than blocked immediately, ensuring legitimate businesses aren't penalized for administrative naming differences.
Q. What if a customer refuses or is unable to provide legacy payment data?
Legacy data is highly encouraged for its mutual, network benefits. If a customer is unable or unwilling to provide it, they may be subject to a service charge for the manual legacy data load.
Q. What happens if a customer overrides security measures for a specific supplier?
If a customer determines that identified risk signals align with their internal security requirements, they can bypass Graphite’s security measures through the Trust Center (located on the Supplier and Connection Overview pages). Once enabled, all current and future security checks are bypassed for that supplier, removing any active process blocks. This bypass remains in effect until disabled, and the decision can be rescinded at any time within the Trust Center.
Q. Does a Graphite "Security Block" affect the whole supplier profile?
No. To ensure Account Isolation, blocking one fraudulent bank account does not automatically block other verified accounts on the same profile, unless the fraud is determined to be entity-wide. The security team has a process to determine if a bank account should be deleted or the full supplier profile should be removed from the network.
Q. What exactly does the Diamond Guarantee cover, and are there limits?
Each supplier account is independently evaluated based on dozens of criteria to determine whether the account can be trusted for payments.
Q. How do we know which supplier accounts are actually guaranteed?
Prospects will need to know how this is surfaced in the product. Accounts that qualify for the guarantee are clearly marked with a diamond visual in the platform. Each account provides clear details on the criteria met and when the guarantee was created.