Sardine

Know Your Recipient (KYR) could solve scams. Before a wire, ACH, or Zelle payment is made, it is impossible to determine whether the recipient is a scammer who has tricked a good customer. Unless you screen the recipient first. The problem is the senders bank or wallet doesn't know who you're sending money to. Neither does the payments rail (like Zelle, ACH or TCH). The only way to solve this is with a cross-industry data sharing utility. That's why we continue to double down on Sonar

The bad guys don’t care about org charts. Although cyber, fraud and compliance teams tackle overlapping threats, they don’t often share the budget, tools or data with each other. Bad actors exploit these gaps, leading to greater compliance risk, fraud losses, and vulnerabilities. We can close these gaps. Our latest Risky Business webinar will feature two people with experience bridging this gap 👇👇👇 Sign up here: https://lnkd.in/ekn-jsWH Allison Miller, Founder of Cartomancy Labs, has worked at Google, Reddit, and Bank of America in Technology strategy, trust, and cybersecurity. Andrew Austin, Head of Fraud at Sardine, who worked across the US Army, and Fifth Third as in AML, followed by LendKey, WorldPay, and Carmax in fraud roles.

Why has Airbase gone Full Sardine? Because fraud and AML use the same data. Nayeem Mano - BBA, MBA explains why having fraud, transaction monitoring and case management together makes sense below 👇 #fraud #data #aml #transaction monitoring

Criminals exploit the visibility gap. One company, payment network or regulator can only see a fraction of their activity. The obvious solution is data sharing. What we're seeing at Sonar is now that we have the right regulatory and membership rule book in place we're able to unlock use cases like 1. Follow a user across ACH, Cards, Crypto and other rails 2. Identify fraud, money laundering or sanctions risks We're seeing financial institutions collaborating with companies outside their sector and delivering real results. What starts in e-commerce, marketplaces, gift cards, or even crypto can show up in banks or fintech companies. We're putting that picture together. Privacy first, in full view of the regulator, and it makes a huge difference.

🎁 Feature drop: Merchant Risk Scoring. Onboarding merchants as a PSP or marketplace should be automatic. So we automated it with AI ⚡ Standard KYB data pulls are valuable, but often weak signals like ensuring the website matches the business description are super useful in due diligence. We can pull things like 👉 The “TrueIndustry” of a merchant by pulling their state fillings and predict MCC & six-digit NAICS codes 👉 Analyze the professionalism of a website 👉 Provide ongoing monitoring of OFAC lists, and key merchant data with legal or state agencies There are entire categories of companies dedicated to this, and I take my hat off to them, its a much needed product. My challenge as a leader of a fraud and AML team was always making the tools work together. We’ve built this (and 1,000s of other) features to play well with your existing tech stack whether you’re an enterprise or startup.

The bad guys don’t care about org charts. Although cyber, fraud and compliance teams tackle overlapping threats, they don’t often share the budget, tools or data with each other. Bad actors exploit these gaps, leading to greater compliance risk, fraud losses, and vulnerabilities. We can close these gaps. Our latest Risky Business webinar will feature two people with experience bridging this gap 👇👇👇 Sign up here: https://lnkd.in/ekn-jsWH Allison Miller, Founder of Cartomancy Labs, has worked at Google, Reddit, and Bank of America in Technology strategy, trust, and cybersecurity. Andrew Austin, Head of Fraud at Sardine, who worked across the US Army, and Fifth Third in AML, followed by LendKey, WorldPay, and Carmax in fraud roles.

Reacting faster to a crisis is critical. Scammers never miss an opportunity. The fraud spike after the Crowdstrike outage show the need to push new controls live ASAP. Criminals used imposter attacks to pretend to be airline support. This “fake customer support” attack vector isn’t new. But its a classic example of how scam volume can dramatically increase along with customer support call spikes. AIrlines saw a massive influx of customer support issues, but so did the fake accounts setup as airlines on social media. Scammers then use this to collect data, or worse, install remote takeover softer It’s in the fraud squad’s DNA to react quickly. We can’t help it. But here’s what we’ve found works for our network to react faster. 🐟 Implement new rules quickly (like velocity checks, counts and aggregations) 🐟 Watch your real-time dashboard for any impact on conversion or good customers 🐟 Modify as necessary throughout the spikes.

It’s Fintech Devcon season! And Sardine has two speakers for you. Soups Ranjan will be taking the audience through the latest scam typologies and running an AMA on detection techniques at 11am CST on Thursday Simon Taylor is keynoting Thursday at 8:30am on what he learned from interviewing the founders of B2B Fintech companies Operator depth? You bet. See you there? Sam Maule Wade Arnold Brody Mulderig

Criminals exploit the three risk silos in business. Cyber security, Fraud and Compliance. Fixing these gaps is critical. These teams use different tools, processes and KPIs. There’s often very limited or poor communication between them. 🐟 For customers and criminals these silos don't exist Bot farms are considered bad by cybersecurity if they're breaking into accounts or creating a denial of service. But those same bots can commit fraud, money laundering and increasingly AI based scams. What appears in the CDN might be useful to the fraud team. 🐟 Consider the following: a bot farm is used for a credential stuffing attack. 👉 Some of those bots evade detection by the Intrusion Prevention & Detection systems deployed at the edge by security teams. 👉 Those same bots then go on to perform an account takeover of someone's account. They may then add a stolen card to that account to purchase something (stolen card fraud). 👉 Or they may use this shell account to move money (money laundering). You may ask why do all of this? First, aged accounts at any institution are way more valuable than a brand new one. Second, fraud and money laundering rely on “layering” ie creating hops so no one can trace the funds. If we share tools everyone’s lives get better. 🐟 If we bring the tooling together we get 👉 A complete picture of threats across the customer lifecycle (and attacker lifecycle) 👉 The ability to spot scams (which are rising faster than payment fraud) 👉 An escalation path from security teams to fraud ops team to compliance ops through to even SAR filling 👉 Spot possible Full CIP, progressive KYC, and perpetual KYC at any risk event (possible scam, possible fraud, possible money laundering) 👉 Nightly updates against sanctions lists, PEPs, adverse media etc Risk is connected. The tooling and people should be too.

Have you ever wondered how fraudsters find victims for scams? One common way is to try a list of telephone numbers during a bank or Fintech wallet onboarding flow. Assume the fraudster finds numbers and names on the dark web or elsewhere: 👉 If a number is not registered the app will default to a standard onboarding flow 👉 If the number is already registered the app likely displays a "Welcome back NAME" message. 👉 They can then call this number and pretend to be the bank with a fake customer support scam, pretending to need to open a new account to "protect them from fraud." This scam is now incredibly common. There are hidden tells to look for like 🐟 One device attempting multiple onboarding flows with multiple numbers 🐟 A group of devices behind a similar IP/Proxy/VPN 🐟 Clustering these high risk signals for anomaly detection