Sardine

It’s Fintech Devcon season! And Sardine has two speakers for you. Soups Ranjan will be taking the audience through the latest scam typologies and running an AMA on detection techniques at 11am CST on Thursday Simon Taylor is keynoting Thursday at 8:30am on what he learned from interviewing the founders of B2B Fintech companies Operator depth? You bet. See you there? Sam Maule Wade Arnold Brody Mulderig

Criminals exploit the three risk silos in business. Cyber security, Fraud and Compliance. Fixing these gaps is critical. These teams use different tools, processes and KPIs. There’s often very limited or poor communication between them. 🐟 For customers and criminals these silos don't exist Bot farms are considered bad by cybersecurity if they're breaking into accounts or creating a denial of service. But those same bots can commit fraud, money laundering and increasingly AI based scams. What appears in the CDN might be useful to the fraud team. 🐟 Consider the following: a bot farm is used for a credential stuffing attack. 👉 Some of those bots evade detection by the Intrusion Prevention & Detection systems deployed at the edge by security teams. 👉 Those same bots then go on to perform an account takeover of someone's account. They may then add a stolen card to that account to purchase something (stolen card fraud). 👉 Or they may use this shell account to move money (money laundering). You may ask why do all of this? First, aged accounts at any institution are way more valuable than a brand new one. Second, fraud and money laundering rely on “layering” ie creating hops so no one can trace the funds. If we share tools everyone’s lives get better. 🐟 If we bring the tooling together we get 👉 A complete picture of threats across the customer lifecycle (and attacker lifecycle) 👉 The ability to spot scams (which are rising faster than payment fraud) 👉 An escalation path from security teams to fraud ops team to compliance ops through to even SAR filling 👉 Spot possible Full CIP, progressive KYC, and perpetual KYC at any risk event (possible scam, possible fraud, possible money laundering) 👉 Nightly updates against sanctions lists, PEPs, adverse media etc Risk is connected. The tooling and people should be too.

Have you ever wondered how fraudsters find victims for scams? One common way is to try a list of telephone numbers during a bank or Fintech wallet onboarding flow. Assume the fraudster finds numbers and names on the dark web or elsewhere: 👉 If a number is not registered the app will default to a standard onboarding flow 👉 If the number is already registered the app likely displays a "Welcome back NAME" message. 👉 They can then call this number and pretend to be the bank with a fake customer support scam, pretending to need to open a new account to "protect them from fraud." This scam is now incredibly common. There are hidden tells to look for like 🐟 One device attempting multiple onboarding flows with multiple numbers 🐟 A group of devices behind a similar IP/Proxy/VPN 🐟 Clustering these high risk signals for anomaly detection

Data and AI is a superpower for risk management However, the best data for managing AML, credit, and fraud risk usually sits outside the organization that needs it. To make matters worse, accessing that data often involves significant legal, privacy, and regulatory challenges. That's why at Sardine, we've pulled together all the data sources (as well as proprietary ones) to make your ML models more efficient. We've also created Sonar so you can access 3rd party data from other banks, wallets, merchants, and payment networks. More data, better data, better risk management. 🐟

Why has Airbase gone Full Sardine? Because fraud and AML use the same data. Nayeem Mano - BBA, MBA explains why having fraud, transaction monitoring and case management together makes sense below 👇 #fraud #data #aml #transaction monitoring

Know Your Recipient (KYR) could solve scams. Before a wire, ACH, or Zelle payment is made, it is impossible to determine whether the recipient is a scammer who has tricked a good customer. Unless you screen the recipient first. The problem is the senders bank or wallet doesn't know who you're sending money to. Neither does the payments rail (like Zelle, ACH or TCH). The only way to solve this is with a cross-industry data sharing utility. That's why we continue to double down on Sonar

Fraud isn't something you can solve alone. The fraud squad knows that one fraudulent transaction is likely a predicate for money laundering, with money placed, layered and integrated across multiple accounts and payment types. If a payment starts on Zelle, moves to ACH, then to a Fintech wallet, then crypto, no single market actor or payment rail has complete visibility. The Sonar service is now live for this use case and has some of the largest payment wallets, rails, merchants, Fintech companies, and banks in production and testing. If you really want to solve this issue. Come take a look.

We can't solve scams with reimbursement. In a recent senate hearing, Senator Richard Blumenthal has called for an expansion of the Electronic Funds Transfer Act to require payment networks to reimburse scam victims. The Senators and many consumer advocates argue that amending EFTA's regulation E to include reimbursement for "authorized" payments (when a user has been tricked or socially engineered into scamming). While it's clear scam volumes are skyrocketing and the consumer harm is real, creating a reimbursement framework potentially makes scams MORE of an issue not LESS. As we see with chargebacks, friendly fraud, and first-party fraud are now the #1 issue. It's far easier to simply claim a payment was unauthorized, even if the user did it 100% on purpose. The only possible way to solve this is before the payment occurs. And the only way to solve that is to understand who the recipient of a payment is. If your organization has never seen the recipient before you can't do that as a bank, wallet or Fintech company. You need a cross-industry utility like Sonar

🎁 Fraud Squad Feature: Card to Name Match. Matching a users card to their name was impossible until now. Matching a user's card to the name they’ve entered can help screen out stolen cards quickly without additional friction. Sardine has this capability, and it’s one we’ve pushed our partners to be able to deliver because we focus on where the data science brings real value to e-commerce companies. As with all fraud rules, combining this check with 100s of others is important.

🤖 Advanced bot detection can save you from huge downstream issues Historically bot detection was left to the Infosec team, while the fraud team looked at payments. In the middle is a chasm of opportunity for conversion optimization and fraud detection. Advanced bots can steal item descriptions and images to create counterfeit pages, spiking chargebacks. Or they might rapidly create new accounts (new account fraud or NAF).