# Get Full Documentation Access
Source: https://docs.sardine.ai/guides/public/getting-started/apiaccess
We provide a combination of both public and protected documentation. You are currently viewing our public page.
Our protected documentation includes:
* step-by-step integration guides
* API references
* SDKs
* sample apps
To access protected documentation, click "login" on the top right of the page.
If you don't have login to Sardine Dashboard already, please reach out to your Sardine Sales Representative, Account Manager or contact us at [risksupport@sardine.ai](mailto:risksupport@sardine.ai) to receive an invitation.
# Common Risk Problems
Source: https://docs.sardine.ai/guides/public/getting-started/common-risk-problems
Understand common risk areas including identity fraud, payment fraud, and account takeover threats.
**Identity Fraud, KYC & AML**
Identity fraud broadly refers to behavior in which a malicious actor hides their true identity by utilizing someone else’s identity, usually to obtain a financial gain or circumvent money laundering monitoring precautions. Our solution provides low-friction onboarding and anomaly detection during subsequent account access.
We also provide KYC, KYB, and Sanctions screening, both once-off and ongoing screening to alert you when your business is exposed to sanctioned, politically exposed, or persons with adverse media.
**Learn more about:**
[Identity Fraud, KYC & AML](/guides/public/risk/account-risk/account-risk)
**Payments**
Stolen cards and compromised bank accounts are commonly used to fund platform accounts. This product is designed to mitigate chargebacks, unauthorized returns, NSF, card disputes for issued cards, and detect and monitor transactions for AML alerts.
**Learn more about:**
[Payment Fraud](/guides/public/risk/funding-risk/funding-risk)
[Issued Card Risk](/guides/public/risk/card-spending-risk/card-spending)
[AML Transaction Monitoring](/guides/public/risk/transaction-monitoring/transaction-monitoring)
[ACH Indemnification](/guides/public/risk/funding-risk/ach-indemnification)
[Card Chargeback Guarantee](/guides/public/risk/funding-risk/card-indemnification)
**Login**
Data breaches, phishing sites and social engineering are all leading causes of Account Takeover. This product is specifically designed to effectively detect unauthorized account access, keeping your customers' data and assets safe.
**Learn more about:**
[Account Takeover](/guides/public/risk/account-risk/account-takeover)
# Getting Started With Risk
Source: https://docs.sardine.ai/guides/public/getting-started/getting-started
Get started with Sardine by understanding risk, requesting sandbox access, and setting up your account.
## Learn about common Risk problems
To familiarize yourself with the different types of risk your business can be exposed to and how Sardine solves in each of these areas, review the [Common Risk Problems](../getting-started/common-risk-problems).
## Review the integration process
We've made the integration process efficient and light-weight. Review the [Integration Overview](/guides/public/getting-started/integration-overview) to see each step of the process, and who is involved.
## Get a Sandbox Account
To get started with Sardine, request access to your sandbox dashboard account.
**Note**: Reach out to your Sardine representative to facilitate your access or [contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our sandbox, Integration Guides and API docs.
## Add Dashboard users
Once you have been issued a sandbox account, you will be able to manage user access from the dashboard. We provide different roles with varying levels of dashboard access and functionality. These roles are outlined on the Admin page mentioned in the steps below.
Perform the following steps to manage user access:
1. Log into your [Sardine sandbox dashboard](https://dashboard.sandbox.sardine.ai/).
2. Go to **Admin** and select **View Invitations**.
3. Select **Generate Email Invite** and follow the instructions.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo, and get access to our sandbox, Integration Guides and API docs.
# How Sardine Bills
Source: https://docs.sardine.ai/guides/public/getting-started/how-sardine-bills
This guide explains Sardine's billing process and how Sardine bills for different products and services
## Invoicing timing and procedures
In most cases, Sardine generates invoices and billing receipts on the first business day after the close of a calendar month.
We email invoices to the billing contact provided in the original contract. If you do not receive an invoice, please contact us at [billing@sardine.ai](mailto:billing@sardine.ai) to confirm we have the correct email address.
## Product specific billing
Monthly recurring charges are those that are billed to your account at regular monthly intervals and predetermined amounts. Sardine bills monthly recurring charges for the following products, some of which may not apply to your plan with Sardine:
* Platform fees (dashboard, rule editor, case management, and AI-fraud scoring)
* Premium support
* Monthly prepaid credit plans
* 3rd party dashboard fees, such as Coinbase Tracer
Usage charges are those that are billed based not only on the number of API calls made, but also takes into account the data posted in your API calls. The following table indicates the default methods for how Sardine determines whether to consider a call for billing.
**Keep in mind, this may not reflect custom structures that are set up in agreements.**
| Use Case | API Calls | How we charge |
| ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- |
| **Fraud** | | |
| Device Intelligence & Behavior Biometrics | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API (recommended) and [/devices](/guides/api-reference/device/get-device-information) API | Per API or per Monthly Active User. |
| Identity fraud (US & non-US): 1. Email enrichment and AI score. 2. Phone enrichment and AI score 3.Address verification | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API, when emailAddress, phone, or address is provided | Per unique email, phone, or address for a customer id. |
| Bank funding fraud | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API, when transaction object has bank\_accountNumber and bank\_routingNumber | Per transaction and/or per bank account. |
| Card fraud | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API when transaction object has payment method type = card | Per transaction and/or per card hash |
| Stolen/Unauthorized card use detection (for card issuers) | [/issuing/risks](/guides/api-reference/issuing-risk/realtime-risk-check-for-creditdebit-card-authorization-requests-for-card-issuers) API | Per card authorization attempt. |
| **Compliance** | | |
| Sanctions (SDN, OFAC), PEP & Adverse Media, Screening & Monitoring | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API when the checkpoint includes ‘AML’ and relevant customer data points (first name, last name, country, and dob *optional*) are provided. The Sanctions feature must also be enabled by Sardine. | Per unique dataset of first name, last name, country, and dob. |
| SSN Verification with Synthetic ID Detection | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API when taxid is provided | Per unique tax id for a given customer id |
| Documentary KYC with Selfie-Liveness Detection | [ /identity-documents](/guides/api-reference/document-verification/document-verification-using-web-link) API SDK: [/identity-documents/tokens](/guides/api-reference/document-verification/document-verification-token-to-be-used-in-native-sdks) | Per verification attempt (Billing is based on API success, not whether approve or decline is returned). |
| AML Transaction Monitoring for fiat | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API when checkpoint includes ‘AML’ and a transaction object is present with a payment method type other than crypto. | Per transaction |
| AML Transaction Monitoring for crypto, incl. Coinbase Analytics | [/customers](/guides/api-reference/customer/evaluate-customer-sessiontransaction-risk) API when checkpoint includes ‘AML’ and a transaction object is present with payment method type is crypto or recipient payment method type is crypto. | Per transaction |
## How usage charges are counted
* **Per MAU:** We charge for each unique `customer_id` during the month. If calls are made to either our devices API without a `userIdHash` or Customers API without a `customer_id`, we charge for the `device_id` (we consider these anonymous users).
* **Per Transaction:** We charge for every unique `transaction_id`, excluding API calls where configuration flags are set to bypass data processing.
* **Per Email, Phone, Bank Account, etc.:** We charge once for each unique email address, phone number, or bank account per `transaction_id` per year observed in API calls to the `/customers` endpoint.
# Integration Overview
Source: https://docs.sardine.ai/guides/public/getting-started/integration-overview
Visual overview of the Sardine integration timeline from sandbox setup to production deployment.
***
### Next Steps
* [Getting Started With Risk](/guides/public/getting-started/getting-started)
* [How Sardine helps you to identify and stop common risk problems](/guides/public/risk/overview)
# What Powers Sardine
Source: https://docs.sardine.ai/guides/public/getting-started/what-powers-sardine
Learn about the core technologies behind Sardine including device intelligence, ML models, and rules.
Learn more about the technology and data we use to provide state-of-the-art fraud and compliance risk prevention.
## Device intelligence & behavior biometrics Risk SDK
Our proprietary Risk SDK identifies risky devices and intrinsic behavior. Based on the data gathered, we can effectively flag suspicious devices and sessions used to create synthetic accounts, take over accounts, and fund accounts with stolen payment instruments. Our Risk SDK is available for both web and native apps.
## Machine Learning
Sardine uses a consortium approach to building supervised ML models around payments and onboarding fraud. By training models on rich datasets across our network, the models 'see' a diverse group of fraud patterns, and this benefits businesses because if there is a *modus operandi* that targeted one company, the model will help prevent it the next time it comes around to your company.
On the unsupervised front, Sardine also employs a few methods for anomaly detection that helps our customers identify new fraud trends with high precision.
## Real-time, no-Code Rule development
Sardine provides hundreds of out-of-the-box rules to protect your business from fraud and compliance risks from day 1. You will have access to hundreds of data points and features, including custom data points in our no-code Rule Editor. Rules are developed in real-time, therefore providing you the ability to stop fraudsters and fraud rings in their tracks. New rules can be launched in shadow-mode, which allows you to assess their efficacy and performance before making the rule live.
## All-in-one Dashboard
Sardine provides you the capability to Visualize, investigate potential threats, and monitor known bad actors from one unified, fraud, and compliance dashboard. Our customer-centric dashboard provides access to device and session data, ID verification results, checkpoints, and rules, the Rule Editor, reporting, anomaly detection, block, and allow list, queues for alert review and remediation, and full user management and access control. It is a one-stop-shop for your entire risk and compliance operation.
## Best-in-Class data providers
Sardine continues to A/B test data partners globally to ensure the highest quality of data and signals are used in our rules and machine-learning models. These processes have curated the best set of data partners who specialize in fraud and compliance and, when layered with our proprietary device intelligence and behavior biometrics, results in the best-in-class risk prevention for our customers.
### Next Steps
* [Getting Started With Risk](/guides/public/getting-started/getting-started)
* [Learn about Common Risk Problems](/guides/public/risk/overview)
# Identity Fraud, KYC & AML
Source: https://docs.sardine.ai/guides/public/risk/account-risk/account-risk
Learn how Sardine detects identity fraud, synthetic identities, and provides KYC and AML screening.
The best way to stop malicious actors before they can commit fraudulent activity is to prevent them from creating
an account in the first place. Therefore, having a robust risk monitoring tool that is integrated into
the account creation flow is paramount for any fraud program.
## Identity Fraud
The most common way to open a fraudulent account on a platform is through Identity Fraud, which broadly refers to behavior in which a malicious actor hides their true identity by utilizing someone else’s identity. This is done to obtain a financial gain or circumvent anti-money laundering precautions.
In the online world of crypto and fintech, regulations often dictate that organizations verify the true identity of their customers. This process is commonly known as “Know Your Customer (KYC)”.
In order to pass the KYC process, fraudsters may use different methods to commit identity fraud:
### Types of identity fraud
#### Stolen identity fraud
Also known as Identity Theft, this type of fraud occurs when a malicious actor uses some combination of pieces of personal information that belongs to someone else which were obtained through illegal means.
This information can include:
* name
* date of birth
* social security number or tax identification number
* picture of a government issued ID
* phone number
* address
#### Synthetic identity fraud
Synthetic Identity Fraud is similar to the use of stolen identities, but involves the malicious actor manipulating and stitching together pieces of information that might not belong to a real identity or that belongs to several identities to create an identity profile that simulates someone real.
#### Social Engineering
During the course of a social engineering attack, a malicious actor manipulates a victim to voluntarily divulge their identity information to an online platform - for example, to open an account - and then take control of the account. The manipulation occurs when the fraudster convinces the victim by pretending to be someone the victim can trust; for example: a customer support agent, law enforcement or government official, an online romantic partner, or an investment advisor.
## Compliance Screening - AML
Money laundering and financial crimes pose great risks for businesses. For the well-being of any business, it is crucial to take steps to actively prevent association and transactions with individuals who have been sanctioned. From a regulatory standpoint, failure to comply with these regulations can carry damaging penalties. Association with Politically Exposed Persons (PEPs), or individuals associated with Adverse Media (negative news), can also lead to financial impact and reputational loss for a business.
## How can Sardine help?
Sardine collects and analyzes a variety of data points and signals in order to proactively detect and prevent identity fraud. These include:
### Identity Fraud
Through the use of external data sources, Sardine validates that the provided phone and email match a given identity and they are of good reputation. This is helpful in determining the risk of stolen or synthetic identities being used.
### KYC
#### SSN Verification
Sardine can verify whether a provided Social Security Number is valid, and if it matches other pieces of information collected about an identity, like: name, date of birth, or address.
#### Document Verification
Through integrating with 3rd party services, Sardine can help verify whether an uploaded or scanned government issued ID is fake and the information on the ID matches the information provided by the online user.
### AML
#### Sanction, Politically Exposed Persons (PEPs) & Adverse Media Screening
Sardine can detect users who are on Politically Exposed Persons (PEP), Specially Designated Nationals (SDN) and global watchlists. We also screen for adverse media associated with individuals. We allow you to tweak the thresholds for fuzzy matches such that you can balance the trade-off between true positives and false positive alerts. Given that these lists are ever-changing, you can also enroll users for ongoing monitoring, which means that we'll alert you if any of your customers end up on one of these lists.
### Behavioral Biometrics and Device Signals
Through its proprietary SDK, Sardine collects hundreds of signals on the device that's being used in a session to pick up on predictive indicators of social engineering. These include whether a session is being controlled through a remote desktop tool (for example, TeamViewer) or whether certain fields during the sign-up flow are copied and pasted.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Account Takeover
Source: https://docs.sardine.ai/guides/public/risk/account-risk/account-takeover
Understand how Sardine prevents account takeover using device intelligence and behavioral biometrics.
## What is account takeover?
Account Takeovers happen when a malicious actor breaks into a victim’s online account. In the crypto and fintech world, this is generally with the purpose of:
* draining the funds in the account,
* obtaining a credit line in the name of the victim,
* moving funds through the account to obfuscate the flow of funds in order to circumvent money laundering controls,
* place market manipulative trades, such as spoofing or wash trading, in the case of crypto exchanges.
Malicious actors use a variety of methods to gain access to the online credentials of the victim, including: phishing, credential stuffing, malware, keyloggers, SIM-card swapping attacks to obtain SMS-based two factor authentication codes, and social engineering customer support agents.
Fraudsters then take steps to conceal their activity in the account. They do so by changing details on the account such as the address and the phone number to prevent the proper account owner from getting notifications of money movement, or spoof their device operating system and IP address to avoid being detected.
The best way to stop account takeovers in their tracks is to closely monitor account logins or risk account updates such as changes to email, password, or phone number, and check for anomalies in the device, IP, or network traffic characteristics of the activity. Changes in the type of device or IP address used or behavioral characteristics of the session, such as swiping and typing speed all might indicate a suspicious login.
Since fraudsters will want to drain funds in an account as quickly as possible after gaining access to the account to maximize their profit, checking for sudden changes in the transaction pattern - i.e. money movement - is also a great tool to ascertain risk of unauthorized activity. For example, withdrawal requests that come in quicker succession or in greater amounts compared to the standard baseline activity on the account can indicate presence of malicious actors.
## How can Sardine help?
Sardine’s Risk Solution combines three powerful tools to detect account takeovers in a single platform:
### 1. Device Intelligence
Our proprietary device intelligence product is an embedded SDK that collects and analyzes hundreds of signals, and compares them to known risky behavior to detect suspicious activity. Some of these include:
* presence of operating system emulators,
* rooted devices,
* proxy and VPN detection, and
* remote desktop control software.
### 2. Behavioral Biometrics
We collect and analyze behavioral signals such as anomalous copy-paste behavior, toggling between windows (distraction events), and mouse movement.
### 3. Anomaly detection
Our no-code rule engine can be used to alert when anomalous transaction behavior, such as uncharacteristic movement of funds, occurs. Since the definition of anomalous behavior is different for each platform, our rule engine offers a flexible way to adjust monitoring and catch complex typologies with great granularity.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Business Verification (KYB)
Source: https://docs.sardine.ai/guides/public/risk/account-risk/kyb
Verify business entities with Sardine's KYB solution using government data, EIN, and sanctions checks.
## Overview
Welcome to the Sardine Business Verification (KYB) integration guide and developer documentation. If you're interested in learning more about our Business Verification (KYB) offering, how it works, and how to integrate, you've come to the right place.
If you are a new or existing business interested in getting started or have questions, please reach out to your Sardine Account Manager.
### What is Business Verification (KYB)?
Sardine's Business Verification (KYB) allows businesses to verify and screen business entities for fraud and compliance risk.
### Why is Business Verification important?
Sardine customers have requested Business Verification support for the following purposes:
* Compliance: KYB practices help businesses comply with legal and regulatory requirements related to anti-money laundering (AML), counter-terrorist financing (CTF), and other financial crimes.
* Risk management: helps businesses identify, assess, and manage risks associated with their customers.
* Fraud prevention: helps businesses prevent fraud by verifying the identity and legitimacy of their customers.
### What signals does Sardine leverage for Business Verification?
Sardine offers a comprehensive verification product that leverages government data, web presence, address information, and government sanctions lists to provide a complete perspective on an application.
Our business verification data includes:
* Secretary of State Searches
* EIN/TIN verifications
* Sanction Watchlists
* Address Analysis
### How can businesses leverage the business verification capability?
#### Business Verification via our Dashboard
Business verification can be performed via our dashboard through the business intelligence section.
To create a new verification, click New Verification and fill out the necessary fields for the specific report types.
In the future, we will support multiple report types to be created, including UBOs. We will also support the ability to run different report types on existing business entities (pre-fill).
#### Business Verification via our APIs
Business verification can be done through the Middesk or Sardine dashboard as well as via the async /businesses API.
Business verification updates require listening to async webhook events.
#### Configuring Rules to streamline Business Verification
Rules can be created around business entities through the rule engine.
### Why did Sardine decide to partner with Middesk for US Business Verification?
Middesk is the leading provider for US business verification services, given their unique partnership with the Secretary of State (SOS) in all US states, allowing them to reliably perform EIN/TIN (business TaxID number) verification. Middesk offers business entity verification services, including basic sanctions screening.
### Middesk offers basic sanction screening of US entities for the following lists:
**Office of Foreign Assets Control (OFAC)**
* Specially Designated Nationals
* Foreign Sanctions Evaders
* Palestinian Legislative Council
* Sectoral Sanctions Identifications
* Capta List
* Non-SDN Menu-Based Sanctions
* Non-SDN Iranian Sanctions
* Non-SDN Chinese Military-Industrial Complex Companies List
**Bureau of Industry and Security**
* Denied Persons List
* Entity List
* Unverified List
* Military End User
**Directorate of Defence Trade Controls**
* AECA/ITAR Debarred
**Bureau of International Security and Non-Proliferation**
* Nonproliferation Sanctions
### Key benefits of Sardine & Middesk integration
Businesses turn to Middesk to help them verify businesses for Know-Your-Business (KYB) requirements. Middesk offers a dashboard and API for businesses to manage the business verification and screening requests lifecycle.
* **Bidirectional Dashboard & API Sync** - Middesk makes business verification easy for small and large businesses through simple web dashboards and developer-oriented API experience. Through our partnership, Sardine and Middesk have worked together on a seamless integration and user experience.
* **SOS/TIN Verification** - Leading vendor with access to the secretary of state databases for reliable business verification.
* **Sanctions Screening** - Integrated sanctions screening and rule (“policy”) engine for OFAC and other relevant lists.
### What type of business verification and screening reports does Sardine support?
* **TIN Verification `live`:** Leverage a more lightweight verification report focused only on TIN verification. This type of screening is ideal for customers looking to perform KYB in bulk or not needing the full Identity Report which includes Secretary of State verification.
* **UBO Screening `live`:** Leverage a unique capability of Sardine, combining business verification (KYB) with customer verification (KYC/AML). Initially, Sardine will support accepting relevant information to verify a business as well as the information necessary to assess the compliance risk of related entities (eg. Sanctions). This capability is unique to Sardine and combined with our rules engine and network, allows for very unique alerting, investigation, and reporting workflows.
* **Lien-search `future`:** Lien Search is for lenders who need fast, accurate, quality liens data for smart decision-making on customers. Lien Search provides direct connections to government portals. The lien search product returns details from the UCC1 data for liens on an associate registered entity, including: the debtor, secured party, filing date, lapse date, file number, and status.
* **Corporate Documents `future`:** Leverage state-level repositories to source and provide formation documents for businesses. We can return Articles of Incorporation (for corporations), Articles of Organization (for LLCs), and Certificates of Good Standing \$5.00 per business where documents are ordered (additional to Identity Report)
***
# Business Risk
Source: https://docs.sardine.ai/guides/public/risk/business-risk/about-business-risk
Manage business risk across compliance, fraud, credit, and operations with Sardine's Business Risk OS.
Business risk in financial services refers to the potential financial loss or exposure a financial institution or payment processor faces due to the actions or failures of a business. This includes risks such as fraud (for example, using stolen cards or submitting fake transactions), chargebacks (when customers dispute and reverse charges), insolvency (where a business is unable to fulfill orders or refund payments), and non-compliance with legal or regulatory requirements. Effectively managing business risk involves robust onboarding, continuous monitoring, and using data-driven models to detect and mitigate anomalies.
There are many types of business risk, the key types that Sardine covers are:
* **Compliance Risk:** Legal/regulatory violations.
* **Third Party Fraud:** Accounts based on stolen/synthetic identity.
* **First Party Fraud:** Valid ID used with intent to defraud.
* **Credit Risk:** Business insolvency or bankruptcy.
* **Reputational Risk:** Association with illegal activities.
* **Operational Risk:** Poor business practices or technical failures.
How can Sardine help?
Sardine's Business Risk OS Platform provides end-to-end business risk management through:
* KYB and compliance verification (TIN, UBO screening, OFAC checks)
* Web360 AI monitoring (site quality, traffic, reviews, bankruptcy)
* Real-time credit checks and fraud detection
* Document analysis and financial assessment
* Portfolio monitoring with configurable analytics
* No-code platform for workflows and rules
This unified approach helps manage business onboarding, ongoing monitoring, and risk mitigation using data-driven models to detect anomalies.
# Issued Card Fraud
Source: https://docs.sardine.ai/guides/public/risk/card-spending-risk/card-spending
Protect against issued card fraud with Sardine's ML models and configurable rules for card issuers.
Credit and debit card fraud, in which a malicious actor utilizes compromised card credentials to make unauthorized purchases is one of the most common forms of online fraud and causes billions of dollars in damage every year.
The losses associated with this type of fraud, however, are not usually passed down to the consumer, as major card networks facilitate the reversal of unauthorized transactions if the consumer disputes it with their issuer - these are usually called “chargebacks”.
Since credit card issuers absorb much of the liability associated with cards, they have a vested interest in implementing the tools and technologies to monitor the vast quantities of card transactions processed each day, and filter the ones that seem suspicious and pose an eventual reversal risk.
Preventing card transaction fraud as an issuer is usually done through a combination of machine learning models that are trained on hundreds of signals related to the transaction (for example, whether the card is being used physically or online, location, and amount of the charge, the historical fraud frequency associated with the business in question etc.) and static rulesets that are tweaked to catch baseline fraud patterns (for example, the card is used to purchase high value goods that are being shipped to a location that is far away from the usual shipping address used for that consumer).
## How can Sardine help?
Sardine has developed an ‘issuing risk’-specific machine learning model that is trained on historical card transaction & fraud data to assess the riskiness of a given card purchase, either online or offline.
This model can be combined with Sardine’s proprietary, no-code rules engine to pick up on granular and complex patterns and tuned over time to increase its detection accuracy to provide an optimal trade-off between stopping bad transactions while allowing good transactions to go through.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# ACH Indemnification
Source: https://docs.sardine.ai/guides/public/risk/funding-risk/ach-indemnification
Sardine can guarantee you against **fraud liabilities** on ACH debits. We can indemnify for only unauthorized returns (R05, R07, R10, R11 & R29).
## Overview
Existing bank verification products (Plaid, MX, Yodlee, Finicity, etc.) only verify authenticity of the bank credentials but do not detect if the person connecting the bank credentials is the true owner of the bank account. Sardine figures this out by building a full 360 profile of a customer by connecting their bank account to all other forms of identity (email, social media, phone number) and further by utilizing our cutting edge Device Intelligence to detect if someone is using a suspicious device (mobile device farm, emulator, virtual machine, proxy).
#### Indemnification Prerequisite
ACH fraud indemnification is an add-on to ACH funding risk and we usually require about 3 months worth of ACH transaction data before it can be considered and offered. Please speak to your Account Manager to discuss enabling this product.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Card Chargeback Guarantee
Source: https://docs.sardine.ai/guides/public/risk/funding-risk/card-indemnification
Learn about Sardine's card chargeback guarantee program that provides liability protection on transactions.
## Overview
Sardine can guarantee businesses against fraud liabilities on card transactions.
The losses associated with card fraud are not usually passed down to the consumer, as major card networks facilitate the reversal of unauthorized transactions if the consumer disputes it with their issuer - these are usually called “chargebacks”.
Since businesses absorb much of the liability associated with cards, they have a vested interest in implementing the tools and technologies to monitor the vast quantities of card transactions processed each day, and filter the ones that seem suspicious and pose an eventual reversal risk.
Sardine has developed proprietary card transaction fraud-specific machine learning models that assess the riskiness of a given card purchase, either online or offline.
This model can be combined with Sardine’s no-code rules engine to pick up on granular and complex patterns and tuned over time to increase its detection accuracy to provide an optimal trade-off between stopping bad transactions while allowing good transactions to go through.
Sardine can offer liability protection against fraudulent card charges to businesses and help businesses smooth out the variability in cost associated with card chargebacks.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Payment Fraud
Source: https://docs.sardine.ai/guides/public/risk/funding-risk/funding-risk
Detect payment fraud including card chargebacks, bank fraud, and ACH returns using Sardine's platform.
Payment fraud is the risk that a funding payment gets reversed. If a customer has already spent or withdrawn provisional funds by the time the reversal arrives, the business covers the loss.
In fintech and crypto, funding fraud typically starts with stolen card or bank credentials, or bank accounts with no real balance. The fraudster deposits funds into an online account, then withdraws them to a wallet or account they control.
The victim or their bank eventually disputes or reverses the transaction, clawing the funds back from the business.
Card networks call these chargebacks; the ACH network (the primary US bank-to-bank transfer network) calls them returns; other contexts call them disputes. The outcome is the same; the business loses the original amount plus penalties.
Unchecked, these losses compound fast. Visa, Mastercard, ACH, and other networks cap the reversal rate a business can sustain. Exceeding that cap means losing access to the network entirely, which cuts off revenue collection.
Managing funding risk means blocking bad transactions without blocking good ones. Any risk solution needs to let you tune the filtering thresholds to match your business model and risk appetite.
## Types of payment fraud
### Card Fraud
Card funding covers credit and debit card payments for online purchases or wallet top-ups.
The core risk is a chargeback, the payment reverses, and the business absorbs the loss. Chargebacks fall into two types:
* Friendly fraud: the customer authorizes the payment, then disputes it and files a chargeback to force a refund. Also called first-party card fraud.
* True fraud: a fraudster uses stolen card credentials to fund an account or make a purchase. The legitimate cardholder disputes the transaction. Also called third-party fraud.
### Bank Fraud
Bank funding covers interbank transfers used for online purchases or wallet deposits.
A fraudster with stolen online banking credentials can move funds from the victim's account onto a platform account and redistribute them.
### ACH Fraud
ACH (Automated Clearing House) is the primary US interbank transfer network. ACH funding risk falls into two categories:
#### Non-sufficient funds (NSF)
When a bank account lacks the balance to cover a funding request, the bank issues a Non-Sufficient Funds (NSF) return with code R01.
ACH transfers take around two business days to settle. If the account runs short before the request reaches the holder's bank, it triggers an NSF return.
The ACH network has no real-time balance check at initiation. Third-party open banking providers fill that gap with a point-of-transaction balance lookup.
Even with a balance check, funds can leave the account during the two-day window, so NSF returns remain possible at settlement.
#### Unauthorized Returns
When a fraudster initiates an ACH transfer without the account holder's authorization, the holder reports it to their bank and the transfer returns as unauthorized. Return codes R05, R07, R10, R11, and R29 all flag this, with R10 being most common. The usual cause is stolen account details.
### APP fraud
In Authorized Push Payment (APP) fraud, the victim sends the money themselves. A fraudster deceives or coerces them into authorizing a transfer to an account the fraudster controls. Card fraud and unauthorized ACH returns involve transactions the account holder never approved. APP fraud involves a transaction they did approve, which is what makes it hard to catch.
APP fraud is most common on real-time networks like the UK's Faster Payment System (FPS), where funds settle in seconds and are gone once sent.
Common typologies: investment scams (high-return promises, often crypto or precious metals), purchase scams (goods never delivered), romance scams (fabricated relationship used to solicit money), and impersonation scams (fraudster poses as a bank, government agency, or law enforcement to redirect funds).
Detecting APP fraud means combining behavioral signals with transaction data. Long session pauses, copy-pasted payment entries, typing patterns consistent with phone coaching, and remote-access tools in the background all suggest a fraudster guiding a victim through a transfer. These signals, layered on first-time payee flags, unusual amounts, and out-of-pattern timing, produce reliable detection. Device intelligence and behavioral biometrics on both the sending and receiving account give firms coverage that transaction checks alone miss.
Mule accounts on the receiving side are a critical vector. Fraudsters recruit holders or fabricate accounts to collect proceeds, then layer and withdraw the funds. Blocking synthetic and stolen identities at onboarding, before they can receive funds, matters as much as controls on the sending side.
**The UK's Payment Systems Regulator (PSR)** now requires payment service providers to reimburse APP fraud victims up to £85,000 per claim, with liability split equally between the sending and receiving firm. The split is significant: the receiving institution is now a financially responsible party, not a bystander. Whether £85,000 is high enough is contested, since many investment and impersonation scams exceed that figure. The reimbursement mandate turns APP fraud from a customer-experience problem into direct P\&L exposure for PSPs on both sides of the payment.
**Confirmation of Payee (CoP)** is live across UK payment firms as a front-line control. Before authorizing a payment, CoP checks whether the name the payer entered matches the name on the receiving account. It does not eliminate APP fraud: fraudsters can coach victims to override mismatch warnings or open mule accounts in their own name. But it reduces impersonation and misdirected-payment cases, and firms that skip it face greater liability under PSR rules.
## How can Sardine help?
Sardine's machine learning models pull device data and behavioral signals from the business's platform and combine them with consortium data on the specific bank account or card. Those risk scores run through a no-code rule editor you configure to catch complex fraud patterns at whatever granularity your business requires.
For card, bank, and ACH funding events, Sardine queries dozens of third-party data providers to verify account validity, ownership match, and likely settlement balance. Combined with device and behavioral signals, those checks produce an accurate reversal-risk score.
For APP fraud, Sardine's Device Intelligence and Behavioral Biometrics (DIBB) layer captures how a user interacts with the app during a payment: typing cadence, hesitation, copy-paste behavior, and remote-access tool signatures. Phone-coached sessions produce distinct behavioral patterns. Sardine scores those patterns in real time, before the payment leaves the sending firm.
On the receiving side, Sardine's identity fraud detection catches synthetic and stolen identities at onboarding, before a mule account can accept funds. Bank account validation checks ownership and risk at the moment of linking. AML transaction monitoring and network graph tooling track how proceeds move across accounts, so compliance teams can map and shut down fraud rings.
For high-risk sessions, Sardine triggers step-up friction: OTP, video verification, or a cooling-off delay. This keeps approval rates intact while stopping coerced payments.
Sardine's support and data science teams work directly with clients to tune detection models to their specific fraud risk profile.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Overview
Source: https://docs.sardine.ai/guides/public/risk/overview
Browse Sardine's risk categories including account risk, business risk, funding risk, and AML monitoring.
# Transaction Monitoring
Source: https://docs.sardine.ai/guides/public/risk/transaction-monitoring/transaction-monitoring
Monitor transactions for AML compliance with Sardine's behavioral profiling and suspicious activity detection.
Most fintech and crypto businesses worldwide are subject to strict anti-money laundering (“AML”) and sanctions monitoring and reporting regulations, to battle shared threats such as terrorism financing, arms trading, human trafficking, and corruption. The goal is to prevent online platforms from being used during the commission of a financial crime - particularly to make it look like that proceeds from a crime upstream are legitimate or from being used by sanctioned entities.
Sardine enables you to perform both an initial screening and an ongoing daily OFAC Sanctions, PEP, and Adverse Media screening, ensuring screening on both existing and new customers.
In order to catch such movements of funds and report to the authorities, businesses are often required to implement an automated and scalable transaction monitoring system.
Transaction monitoring includes creating behavioral profiles of customers based on their historical transaction (i.e. deposits, inter-account or peer-to-peer transfers, withdrawals) history and interactions with an online platform, and comparing that profile to known money laundering typologies (for example, placement, layering, integration). This usually also includes an assessment of whether a certain transaction was anomalous with respect to the historical behavioral baseline of the customer, customer cohort or an online business. For example, if a customer, whose historical average transaction amount is \$100 per week, suddenly starts depositing \$10,000 per week, this can be flagged as a potentially suspicious case.
Any business at risk of helping money laundering must ensure it meets the legal requirements imposed by authorities. When it comes to the thresholds at which transactions must be monitored, they are set by various national regulators.
**How can Sardine help?**
Sardine can digest transaction data from our clients’ platforms through its flexible APIs, extract statistical insights and run them through our proprietary no-code rule editor to pick up anomalous behavior of almost arbitrary complexity. Through our partnership with 3rd party consortiums, we also offer a Sanctions screening built directly into our platform.
## Next Steps
[Contact us](https://www.sardine.ai/contact) to schedule a demo and get access to our Integration Guides and API docs.
# Home
Source: https://docs.sardine.ai/home
Sardine documentation hub for fraud prevention, compliance, and risk management platform integration.
Manage Risk with Sardine
Learn how to manage risk across the customer journey with Sardine's Tech Docs