RILLA ShieldRILLA ShieldBack to home
TRUST CENTRE

Security built for the Australian trades floor

Every invoice, email, and payment request is run through 8 independent verification layers before you transfer a dollar. Here is exactly how we protect you.

Live · updated every 30s
Last flag: moments ago
Fraud $ blocked
$0

Protected for Australian businesses, calculated on a conservative $4,200 average invoice value.

Scams blocked
0

High-risk invoices, emails, SMS and supplier requests caught before payment was sent.

8
Fraud-detection layers
100%
Australian data hosting
<2 min
Average scan time
0
Payment data retained

Real-time verification layers

Each layer runs independently. A single red flag is enough to pause a payment. Multiple green checks are required before we ever recommend "safe."

01LIVE

ABN Checksum & Format

Every ABN is validated against the official Australian Business Register checksum algorithm. Invalid or malformed ABNs are blocked immediately.

02LIVE

ASIC Entity Status

Connected to the ABR web service. We surface cancelled, deregistered, or wound-up entities that still pass the raw checksum.

03LIVE

Domain Age Forensics

Invoices from domains registered less than 30 days ago trigger an automatic HIGH risk flag. We query RDAP (Registration Data Access Protocol) in real time.

04LIVE

AI Prompt-Injection Defence

Before our AI reads any document, we strip zero-width characters and neutralise hidden instructions designed to manipulate the risk score.

05LIVE

Email Header & BEC Forensics

Reply-To mismatches, display-name spoofing, and failed DKIM/SPF/DMARC authentication are flagged as high-severity BEC indicators.

06LIVE

Cousin-Domain Detection

Levenshtein distance + homoglyph normalisation catches lookalike domains (e.g., rilla-shleld.com) registered to impersonate known suppliers.

07LIVE

PDF Metadata & Tamper Detection

We extract Producer, Creator, CreationDate and ModDate from the raw PDF bytes. Consumer word-processors, modification gaps, and stripped metadata are all flagged.

08LIVE

Behavioural Supplier Baselines

We compare each invoice amount against the supplier's own historical pattern. Amounts 200%+ above the mean trigger high-risk escalation.

09READY

Sanctions & PEP Screening

OpenSanctions integration checks supplier names against DFAT, OFAC, and global sanctions lists. Configurable on request.

10PLANNED

Confirmation of Payee (CoP)

Direct integration with Australian bank CoP APIs (Azupay / Monoova) to verify the account name matches the supplier before you transfer.

11PLANNED

Xero / MYOB Native Integration

Auto-scan invoices as they arrive in your accounting software. No manual upload required — friction drops to zero.

12PLANNED

WhatsApp / SMS Scan Inbox

Forward suspicious invoices via WhatsApp or SMS and receive an instant risk score reply. No app install needed for one-off checks.

ASD Essential Eight Alignment

Australian Cyber Security Centre baseline

Application control
Signed uploads only. File-type validation on every scan.
Partial
Patch applications
Dependency audit runs on every build. Auto-updates via CI/CD.
Aligned
Configure MS Office macro settings
Not applicable — we do not process Office macros.
N/A
User application hardening
Browser-only app. No local install, no admin rights required.
Aligned
Restrict administrative privileges
Role-based access control (RBAC) with least-privilege defaults.
Aligned
Patch operating systems
Cloud-hosted — managed by platform provider.
N/A
Multi-factor authentication
Supabase Auth with MFA support. Enforceable per organisation.
Aligned
Daily backups
Automated point-in-time recovery via Lovable Cloud / Supabase.
Aligned

Data residency & privacy

Australian-hosted

All data is stored in Australian data centres (Supabase / Sydney region). No offshore replication without explicit consent.

End-to-end encryption

All traffic is TLS 1.3. Database connections are encrypted at rest and in transit.

Retention limits

Scans are retained for the life of your subscription plus 30 days, then purged. You can delete earlier.

No payment data

We never see, store, or process your bank credentials, card numbers, or internet banking passwords.

No third-party AI training

Your invoice data is not used to train external AI models. Our LLM calls are stateless and anonymised.

SOC 2 Roadmap

We are actively preparing for SOC 2 Type II assessment. Current controls include:

  • RBAC with role separation (admin / moderator / user)
  • Rate-limiting & abuse prevention on all endpoints
  • Audit logging on every scan, login, and data change
  • Secure development lifecycle (CI/CD, secret scanning)
  • Penetration test scheduled (Q3 2026)
  • External auditor engagement pending

How we compare

RILLA Shield is the only fraud-detection platform built specifically for Australian trades that combines document forensics, email/BEC detection, and real-time regulatory data.

CapabilityRILLA ShieldEftsureXBertTrustmi
ABN validation Yes Yes No No
ASIC status check Yes Yes No No
Domain age forensics Yes No No No
AI prompt-injection defence Yes No No No
Email header / BEC forensics Yes Partial No No
Cousin-domain detection Yes No No No
PDF metadata tamper check Yes No No No
Supplier amount baseline Yes No No Yes
Sanctions screening Ready No No Yes
Confirmation of Payee Planned Yes No No
Built for tradie price point Yes No Yes No
Australian data hosting Yes Yes No No

Questions about our security?

If you're a finance team, builder, or procurement officer and need our full security questionnaire, incident-response plan, or penetration-test timeline, reach out directly.

Contact security team Start free trial