IRS TIN match
The org's federal EIN is matched against IRS records via the Tax Identification Number Matching Program. We don't accept the EIN at face value — the IRS confirms it's real and tied to the legal name on file.
Platform trust
Verified by default.Earned, not paid for.
Every Turtini org goes through a know-your-business pipeline before they can transact, accept payments, or appear as a verified counterparty in another org's CRM. Verification isn't a paywall — it's a foundation for every interaction across the platform.
The verification pipeline
Five checks before transact.
01 02 Secretary of State registration
For Middesk-verified orgs, we confirm the entity is registered in good standing with the relevant state. A real LLC has a registration; a bought-on-the-dark-web EIN doesn't. This is the single biggest improvement over plain TIN match.
03 Watchlist screening
Every verified org is checked against OFAC sanctions, terrorism lists, and other federal watchlists. A hit means the org cannot transact on the platform — period, no override.
04 Beneficial owner review
We look up the org's officers from public records. Knowing who runs an org is a basic credibility signal that compounds across the platform's other modules.
05 Ongoing monitoring
Verification isn't a one-time check. The org's Trust Score updates automatically as relevant signals change — MFA enrollment, holds, fraud blocks, moderation actions. Recomputed within minutes of any signal change.
What "Verified" means
Five facts about every verified org.
- The org's federal EIN is on file with the IRS and matches their legal name.
- Their LLC, corporation, or non-profit registration is current with at least one state.
- They are not on any federal sanctions or watchlist.
- Their owner has at least one form of multi-factor authentication enabled.
- They've attested to Turtini's Acceptable Use Policy.
Verification is a fraud-prevention floor, not a quality endorsement. A verified org has been confirmed as a real business — Turtini does not vouch for the quality of any specific product, service, or transaction.
What's hidden, and why
Owners see positive signals only.
Each verified org has a private Trust Score we use internally for fraud-prevention triage and platform safety. The org-facing view shows positive signals and recommended actions only. Penalties — fraud blocks, recent moderation rejections, watchlist hits — are kept private to avoid teaching bad actors what to game.
Public-facing verification is binary: an org is either verified or not. The headline number isn't published — only the underlying truth that the verification represents.
The network effect
Verified once.Trusted everywhere.
When a Turtini org adds a customer or vendor as an account in their CRM, the platform automatically checks if that EIN is already verified elsewhere on Turtini. If it is, the verification is mirrored across — the new account inherits the verified status, and no second verification fee is charged.
This is why being on Turtini compounds in value. The more orgs that verify, the bigger the share of any new org's CRM that arrives pre-verified — and the more the platform feels like a trusted network rather than a flat directory.
Open trust fabric
Beyond KYB:publicly verifiable credentials.
KYB confirms an org is real. Verifiable Credentials let anyone — a customer, a vendor, a journalist, an auditor, an AI agent — check that fact themselves, with no need to trust Turtini's word for it.
The green chip
A signal where it matters — at the moment of counterparty contact.
Every verified org carries a small green "Verified" chip next to its name, surfaced everywhere a counterparty appears on the platform. Click it and a popover lists every active Verified-by-Turtini credential — KYB, domain, 501(c)(3) status, professional license, identity — with a deep-link to the public verify page for each one.
- CRM account rows — see verified status next to any customer or vendor
- Marketplace — next to template + module authors
- Mutual Aid — next to orgs offering or asking for help
- Public-site floating bubble — visitors see "Hosted by [name] · Verified" before they decide whether to trust the page
- Setup Cockpit Neighborhood — a live feed of credentials just issued across the network
Silence is not a red badge. When an org has no credentials, the chip simply doesn't render — there's no scarlet letter, just an absence of public attestation.
Verify it yourself
Open protocol. Public keys. Offline verify.
Every credential is an Ed25519-signed payload aligned with the W3C Verifiable Credentials 2.0 spec. The public key set is published at a .well-known endpoint anyone can hit; the canonical bytes are reproducible with any JSON library; the signature is checkable by any standard cryptography library in any language. Turtini's verify endpoint is a convenience, not the source of truth.
// Fetch the public key set
GET /.well-known/turtini-trust/jwks.json
// Fetch one org's bundle of credentials
GET /.well-known/turtini-trust/orgs/{slug}.json
// Fetch + verify any single credential
GET /.well-known/turtini-trust/credentials/{id}.json
Visit any /trust/{credentialId} page and your browser re-verifies the signature locally, alongside the server-side check, so a "Verified" badge isn't a Turtini opinion — it's a cryptographic fact.
Discoverability is herd immunity
The same surface that helps honest orgs connect also denies bad actors their stranger-cover.
A scammer's leverage comes from being a stranger to their next victim. In a network where verified credentials are visible at every counterparty surface — and an unverified org sits right next to a verified one — that stranger move stops working. Fraud reduction isn't a feature; it's a byproduct of the same primitive that makes honest builders discoverable.
Build on a verified network.
Create your org, complete the foundation, and your verification is automatic. Stripe Connect alone gets you the badge — Middesk is there for orgs that want full KYB.