Identity Fraud, KYC & AML
The best way to stopping malicious actors before they can commit fraudulent activity is to prevent them from creating an account in the first place. Therefore, having a robust risk monitoring tool that is integrated into the account creation flow is paramount for any fraud program.
Identity Fraud
The most common way to open a fraudulent account on a platform is through Identity Fraud, which broadly refers to behavior in which a malicious actor hides their true identity by utilizing someone else’s identity. This is done to obtain a financial gain or circumvent anti-money laundering precautions.
In the online world of crypto and fintech, regulations often dictate that organizations verify the true identity of their customers. This process is commonly known as “Know Your Customer (KYC)”.
In order to pass the KYC process, fraudsters may use different methods to commit identity fraud:
Types of Identity Fraud
Stolen Identity Fraud
Also known as Identity Theft, this type of fraud occurs when a malicious actor uses some combination of pieces of personal information that belongs to someone else which were obtained through illegal means.
This information can include:
- name
- date of birth
- social security number or tax identification number
- picture of a government issued ID
- phone number
- address
Synthetic Identity Fraud
Synthetic Identity Fraud is similar to the use of stolen identities, but involves the malicious actor manipulating and stitching together pieces of information that might not belong to a real identity or that belongs to several identities to create an identity profile that simulates someone real.
Social Engineering
During the course of a social engineering attack, a malicious actor manipulates a victim to voluntarily divulge their identity information to an online platform - for example, to open an account - and then take control of the account. The manipulation occurs when the fraudster convinces the victim by pretending to be someone the victim can trust; for example: a customer support agent, law enforcement or government official, an online romantic partner, or an investment advisor.
Compliance Screening - AML
Money laundering and financial crimes pose great risks for businesses. For the well-being of any business, it is crucial to take steps to actively prevent assocation and transactions with individuals who have been sanctioned. From a regulatory standpoint, failure to comply with these regulations can carry damaging penalties. Association with Politically Exposes Persons (PEPs), or individuals associated with Adverse Media (negative news), can also lead to financial impact and reputational loss for a business.
How can Sardine help?
Sardine collects and analyzes a variety of data points and signals in order to proactively detect and prevent identity fraud. These include:
Identity Fraud
Through the use of external data sources, Sardine validates that the provided phone and email match a given identity and they are of good reputation. This is helpful in determining the risk of stolen or synthetic identities being used.
KYC
SSN Verification
Sardine can verify whether a provided Social Security Number is valid, and if it matches other pieces of information collected about an identity, like: name, date of birth, or address.
Document Verification
Through integrating with 3rd party services, Sardine can help verify whether an uploaded or scanned government issued ID is fake and the information on the ID matches the information provided by the online user.
AML
Sanction, Politically Exposed Persons (PEPs) & Adverse Media Screening
Sardine can detect users who are on Politically Exposed Persons (PEP), Suspected Designated National (SDN) and OFAC lists internationally. We also screening for adverse media associated with individuals. We allow you to tweak the thresholds for fuzzy matches such that you can balance the trade-off between true positives and false positive alerts. Given that these lists are ever-changing, you can also enroll users for ongoing monitoring, which means that we’ll alert you if any of your customers end up on one of these lists.
Behavioral Biometrics and Device Signals
Through its proprietary SDK, Sardine collects hundreds of signals on the device that’s being used in a session to pick up on predictive indicators of social engineering. These include whether a session is being controlled through a remote desktop tool (e.g. TeamViewer) or whether certain fields during the sign-up flow are copied and pasted.
Next Steps
Contact us to schedule a demo and get access to our Integration Guides and API docs.