Sardine

Nacha’s new fraud monitoring rules are coming into effect in a few months. 3 things should be thinking about: 1️⃣ 𝗖𝗮𝗻 𝘆𝗼𝘂 𝗱𝗲𝘁𝗲𝗰𝘁 𝘀𝗰𝗮𝗺𝘀? This is one of the biggest changes. Nacha now explicitly requires monitoring for payments authorized under false pretenses. That means banks will need to detect scams like business email compromise, payroll impersonation, and account takeovers, even when the customer approved the payment. These scenarios have historically fallen outside Nacha’s fraud framework, but under the new rules, institutions are expected to identify behavioral and transactional red flags that suggest deception. 2️⃣ 𝗖𝗮𝗻 𝘆𝗼𝘂 𝗵𝗮𝗻𝗱𝗹𝗲 𝗶𝗻𝗱𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝘁 𝗳𝗿𝗮𝘂𝗱 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴? Many financial institutions have relied on their processors or upstream partners to handle fraud detection. Under Nacha’s new requirements, that won’t be enough. Both originating and receiving institutions must have their own risk-based procedures in place to identify ACH entries that are unauthorized or authorized under false pretenses. Nacha expects each participant to maintain documented processes and review them at least annually. 3️⃣ 𝗔𝗿𝗲 𝘆𝗼𝘂𝗿 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝘁𝗲𝗮𝗺𝘀 𝗿𝗲𝗮𝗱𝘆 𝗳𝗼𝗿 𝗱𝗼𝘄𝗻𝘀𝘁𝗿𝗲𝗮𝗺 𝗶𝗺𝗽𝗮𝗰𝘁𝘀? Traditionally, RDFIs have relied on originating banks to perform OFAC checks and have handled post-settlement screening through AML systems. As institutions begin implementing risk-based monitoring for inbound ACH credits, they may uncover risks that weren’t visible before. This will likely increase alert volumes and false positives, adding to compliance workload. Once AML alerts are triggered, compliance teams will need to ensure they’re reviewed and dispositioned properly. --- We’ve broken down the new changes & what they mean for banks in our latest blog: https://t.co/A232uMmyWw

We just launched a new AI Agent in our platform to assist in Customer Due Diligence (CDD) or Enhanced Due Diligence (EDD). Today, compliance officers spend hours cross-referencing details: - Business owner name vs. Company - Company names vs. addresses - Phone numbers vs. ownership records - Even re-running sanctions checks against open web sources. Our new AI CDD/EDD Agent does this instantly. It leverages LLMs and uses search as a tool to achieve the same thing that officers were doing manually. Behind the scenes, we are running all possible combinations of searches across the provided details until it finds satisfactory confidence level on Business and the Business Owner. - Gathers company registration and ownership data - Verifies addresses and contact info - Screens for restricted categories (cannabis, gambling, firearms, etc.) - Delivers a clear, compliance-ready report This is the latest in our suite of AI Agents, against our goal to help Compliance Officers do their jobs faster and more efficiently. We’ll be launching more Agents in the coming weeks/months. Let us know if there are other tasks where you are spending a lot of time?

Best-in-class builders integrating with Tempo and helping optimize Tempo include: Across, Agora, Alchemy, Allium, Artemis, Brale, Bridge, Chainalysis, Conduit, Crossmint, Farcaster, Fireblocks, Frax, LayerZero, Mesh, MetaMask, Phantom, Privy, QuickNode, Sardine, Tenderly, TRM Labs, Turnkey and Yellow Card

You file a SAR through BSA E-Filing and get the confirmation: received. After that, updates live inside the portal. If you want to know whether it was accepted, accepted with warnings, or rejected, you have to log in, search for the filing, and check the acknowledgments. For one or two SARs a month, that is manageable. For dozens or hundreds, it becomes a blind spot. And that blind spot can mean: ⚠️ Warnings sit unaddressed for weeks ⏳ Resubmission deadlines get missed 📂 Scramble to pull acknowledgment records The SAR Lifecycle Tracker eliminates that manual chase. It consolidates every FinCEN acknowledgment in one view so you can see the real-time status of each filing. Every step is time-stamped and tied to a complete audit trail you can hand to a regulator. From filing to follow-up, you always know exactly where things stand. Contact us if you’d like to see our case management in action.

SMS pumping is one of the fastest growing fraud attacks in fintech today. On the surface, it looks like new customer growth. In reality, fraudsters are exploiting OTP flows to trigger thousands of texts to premium-rate numbers they control. The result: fake traffic, real invoices, and businesses stuck footing the bill. The hardest part? Risk systems don’t flag it. There are no chargebacks, no customer complaints, no login failures. Everything looks clean until your SMS invoice suddenly spikes six figures. Who gets hit the hardest: - Fintechs and marketplaces, who absorb direct losses - CPaaS providers, who face churn when customers push back - Telcos, who lose trust in SMS as a channel - Fraud and risk teams, who get blamed for a blind spot they never had tools to see So how do you stop it? ✅ Limit velocity
Block OTP requests hitting endpoints at machine speed. ✅ Spot automation
Detect bot frameworks and emulators hiding behind clean traffic. ✅ Track completion ratios
Real customers verify. Pumping attacks send without completing. Full breakdown on how SMS pumping works and how to prevent it -> https://t.co/5J6WTO2Jqh

🤔 Are merchants mistaking AI agents for malicious bots? We tried to buy a $4 tube of toothpaste online (for pickup) with ChatGPT Agent mode. The checkout never made it past the fraud system. It wasn’t a payment issue. It wasn’t out-of-stock. The only “problem” was that the buyer was an AI agent. Old world: Spot the bot, stop the fraud.
New reality: The bot is the customer. This is an issue most merchants are racing to figure out. The ones that update their fraud toolkit for this new world will own the next era of commerce. But that will mean figuring out how to: - Authenticate agents as legitimate buyers - Bind user consent to agent actions - Detect compromised or malicious agents - Redesign step‑ups for non‑humans - Adapt risk scoring to mixed human/agent journeys We’ve laid out ways to adapt in our new whitepaper on agentic commerce.

🤔 Are merchants mistaking AI agents for malicious bots? We tried to buy a $4 tube of toothpaste online (for pickup) with ChatGPT Agent mode. The checkout never made it past the fraud system. It wasn’t a payment issue. It wasn’t out-of-stock. The only “problem” was that the buyer was an AI agent. Old world: Spot the bot, stop the fraud.
New reality: The bot is the customer. This is an issue most merchants are racing to figure out. The ones that update their fraud toolkit for this new world will own the next era of commerce. But that will mean figuring out how to: - Authenticate agents as legitimate buyers - Bind user consent to agent actions - Detect compromised or malicious agents - Redesign step‑ups for non‑humans - Adapt risk scoring to mixed human/agent journeys We’ve laid out ways to adapt in our new whitepaper on agentic commerce.

Your “verified” customer might not exist. Deep-Live-Cam lets fraudsters pass video-based KYC checks using real-time deepfake faces. They can blink, smile, turn their head, and match the photo on the ID they just uploaded. The whole session looks legitimate to an agent or automated system. This is not Photoshop. It’s just one example of AI Fraud-as-a-Service. These tools are sold on the dark web for anyone to use every day.
In our blog, we outline 13 of these tools. But there are many more just like them. Some of them get plugged up, but they operate like SaaS businesses and quickly ship updates, pivot to other exploits, and even offer customer support if a fraudster gets stuck. So how do you fight back? ✅ 𝗟𝗮𝘆𝗲𝗿 𝗱𝗲𝘃𝗶𝗰𝗲 & 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿 𝘀𝗶𝗴𝗻𝗮𝗹𝘀 𝗶𝗻𝘁𝗼 𝗹𝗶𝘃𝗲𝗻𝗲𝘀𝘀 𝗰𝗵𝗲𝗰𝗸𝘀 Flag mobile emulators, VPNs, unusual phone movements, and copy-paste from long-term memory fields. These patterns often reveal a fake before the face does. ✅ 𝗗𝗲𝘁𝗲𝗰𝘁 𝗿𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 𝗰𝗼𝗮𝗰𝗵𝗶𝗻𝗴 Watch for pauses, repeated entries, or mismatched typing patterns that suggest the user is being guided through verification by a fraudster. ✅ 𝗠𝗼𝗻𝗶𝘁𝗼𝗿 𝗮𝗰𝗿𝗼𝘀𝘀 𝘁𝗵𝗲 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗷𝗼𝘂𝗿𝗻𝗲𝘆 Link activity across devices, sessions, and channels so you can spot when a “verified” user is the same actor from a phishing or takeover attempt. Full breakdown on how these scam tools work and how to stop them → https://t.co/jcHWc51zuv

Traditional KYC causes up to 30% sign-up abandonment Why? Friction. It starts off easy — name, DOB, tax ID… But then: - "Please upload a photo of your passport or driver’s license." - The user fumbles around to find it. - Image not captured. Please re-upload. - Crooked? Blurry? Wrong file type? Try again. And if the customer happens to be named John Smith, good luck. Too many hits. Straight to the manual review pile. Now an analyst has to dig through DOBs, middle initials, address history, trying to guess which out of the 150 John Smiths this is. In the meantime, the customer’s been waiting for hours. Maybe days. If they were signing up for a time-sensitive promo or a quick stock trade, that window has long gone and they might never come back. So what’s the fix? ✅ eKYC that verifies identities in seconds ✅ Enriching identity with consortium data ✅ Using AI to resolves false positives instantly ✅ Passive risk scoring in the background with device & behavior Not only does this reduce friction, it also opens the door for interesting optimizations. Say if a user is low-risk, you can give them limited access to start transacting while your team reviews. That could mean: - Letting them buy up to $50 of stock - Offering them a product walkthrough - Showing app features without full activation Better data = Faster UX, less friction, fewer drop offs, and shorter time to value If you’re looking for a better way to manage global KYC, Sardine can help 👋🏼 👇 Link to breakdown in the replies