Everything the ledger
makes possible.

Tokenization, fail-closed. Cardholder PANs become network tokens at the edge — tokenize, detokenize, validate, suspend, resume — HSM-backed, with a deterministic fail-closed path when the vault is unreachable.

• TOKENIZE / DETOKENIZE / VALIDATE / SUSPEND / RESUME
• HSM-backed (CipherStack), fail-closed fallback
• PAN masking via one canonical helper
• chaos- & fail-closed-tested

Network tokens & PAN custody. Visa, Mastercard MDES and Amex network tokens with a format-preserving option, plus a gated reveal-PAN path — so the PAN never crosses your stack and your PCI scope shrinks.

• network tokens: MDES · Visa · Amex
• format-preserving option (token length = PAN length)
• five-gate reveal-PAN with audit trail
• PCI-scope reduction by design (ADR-0017)

Two reconciled sides, one batch. Double-entry by construction: immutable journal entries routed by transaction-code rules, a trial balance computed live, isolated per institution. It closes only when both sides reconcile.

• immutable journal entries (write-once)
• transaction-code (AMMCRL-style) Dr/Cr routing
• live trial balance, per-institution isolation
• net payable derived, never a stored scalar

Decisioning as configuration. Authorization requests resolve into ordered chains of processors, matched on payment type, channel and per-issuer rules — change the chain without shipping code.

• rule CRUD: payment type · channel · priority
• per-issuer rules, first-match dispatch
• chains compose 100+ ledger processors
• DECLINE carries rule attribution

The full chargeback lifecycle. File, investigate, resolve, charge back and represent — with RDR, Ethoca alerts, CE3 evidence scoring and AI-assisted representment, auto-categorized by reason code, every event posted to the ledger.

• file → investigate → resolve → chargeback → representment
• RDR, Ethoca alerts, pre-dispute checks
• CE3 evidence scoring · auto-categorized
• decisioning is deterministic today (no ML backend yet)