Sardine Technical Briefing

About Sardine

Sardine provides fraud prevention as a service. Technical briefing by Soups Ranjan & Aditya Goel.

Overview of briefing

00 – 1:00

Soups begins by explaining that Sardine is fraud and compliance API as a service for fintechs and crypto companies. They work with a variety of crypto onramps, crypto exchanges and neobanks to prevent fraud and take care of their anti-money laundering compliance. Sardine is like Stripe for high risk merchants such as crypto, NFTs, cross border commerce and cannabis processors. 

1:00 – 1:55

He explains how the founders have a decade of experience fighting fraud inside crypto companies and challenger banks. Soups used to head data science at Coinbase and then later Revolut. The other co-founder launched Revolut for the U.S. Their team realized one of the biggest things missing in the fraud prevention space is that the fraudsters are always innovating and on the fintech and crypto side, and we aren’t able to keep up. Sardine has built a product to prevent fraud in all sorts of scenarios built with the mindset of a fraudster. 

1:55 – 3:30 

Soups transitions to the product demo. He explains if a fraudster wanted to create an account at a challenger bank such as Chime or they wanted to buy crypto from Coinbase, they wouldn’t want to reveal their own IP address so they’d use a proxy or a VPN. They also wouldn’t want to reveal their own device profiles so they would use a mobile emulator. The example he uses in the demo is bluestacks. Bluestacks is typically used by kids without a mobile phone to play games on their computers, but there are a good 5-10% of fraudsters that use these mobile emulators. One of the other things fraudsters would do is use a stolen identifier that’s been purchased on the dark web. 

With Sardine, they track everything a customer does while creating an account with a fintech or crypto company such as how a customer types, taps, scrolls, moves the mouse, etc. 

3:30 – 4:20

He starts to sign up for an account as if he were a fraudster. He starts by saying again that he wouldn’t want to use his actual information so he would delete what is auto filled by the browser. He switches to a spreadsheet where he can drag over information that’s been purchased on the dark web such as name, address, a disposable email and a prepaid phone number. There would be a spot on the account creation page to connect a bank account via Plaid or manually with the account and routing number. Since Sardine is a single API for fraud and compliance they do both social security  numbers as part of that same API. 

He explains how the user behavior is different. Normal customers (aka non fraudsters) would enter their information (name or address) very fast because they type it out of long term memory. A fraudster would context switch, copy paste, or hesitate while typing.

4:20 – 6:00

Sardine also takes care of AML (anti-money laundering) transaction monitoring on the fiat and crypto side of things. On the crypto side, they have ties with Chainalysis and Coinbase Analytics. If a customer goes through the account sign up flow and decides to buy crypto then withdraw it, you’d get a response report on the back end.  

They use machine learning (supervised and unsupervised) to tell you whether the customer is high risk or not. For example, it would flag you letting you know that the crypto account that is being withdrawn to has been tagged by Coinbase Analytics as a scan address. Other risk factors it flags would be the email address being disposable or not. Sardine is tapped into telephone companies so it can tell if certain phone numbers are prepaid or not and if the name registered for the phone number is the same as the person signing up or not. 

Sardine also does full KYC with sanctions, PEPs (politically exposed persons) and SDN (suspect dead designation national) checks. It also does SSN verification as well. 

6:00 – 7:40

Soups elaborate on the secret sauce of Sardine. They look at the behavior of the customer. Again, a fraudster wouldn’t reveal their own device. Sardine can tell you that a fraudster was pretending to use Chrome on an android, but their true operating system was Mac which reveals they were using an emulator.They can detect whether you’re using a VPN or not. They give users a score based on how quickly they typed in their information. Did they context switch? Did they hesitate on information that should really be memorized? Did they delete field information? Users are then given a fraud score which maps to the level of risk. 

7:40 – 8:50

Soups transitions to the Sardine dashboard. You can click on a specific user. In this case, he clicks on the user profile he just created. You can see a little more information about them such as their social media profiles attached to them, location etc. For fraud prevention, they are correlating the identity at the teleco, social media, bureau, and KYC. They also monitor transactions then notify Coinbase Analytics to verify that this user is high risk. 

8:50 – FIN

Other features that can be done on the dashboard are to create rule typologies to catch fraud rings rather than just individual fraudsters for AML purposes. In this example, Soups shows a customer that has withdrawn to 10 different crypto addresses. There’s a no code rule editor to do name checks on the banks and IDs. You can combine rules as well related to phone numbers, emails, social media, etc. This is unique for the field of AML to have a more holistic profile for individual users.