The implicit-trust perimeter still exists in finance
Most payment controls assume that an instruction originating inside the organization — from a known email, an approved user, a familiar vendor record — is trustworthy. That is the perimeter model. Business Email Compromise is simply an attacker crossing the perimeter once and inheriting all the trust inside it.Never trust, always verify — extended from packets to payments. No covered payment is trusted because of who submitted it. It is trusted only after the counterparty independently co-authors the terms through a cryptographically bound channel.
Three zero-trust properties CAST inherits
Identity-bound action
WebAuthn ties each confirmation to a hardware-backed key — not a password, not an inbox an attacker can capture.
Least-privilege verification
The vendor sees only their own confirmation record. Buyer GL codes, budgets, and other vendors are never exposed across the counterparty surface.
Continuous validation
A bank-account change re-triggers the gate. Trust is not granted once and inherited forever — it is re-established at every covered event.
Separation of decision and execution
The actor that proposes a payment is never the sole authority that releases it.