Sardine
Active competitorBehavior-infused fraud + compliance for fintech/crypto/neobanks. Markets 'True Location' via IP + device GPS self-reporting. Job Application Fraud Detection product (unproven, relevant for Deel).
Detection scorecard
How Sardine handles every spoofing technique we test for. Click any cell for findings.
| Competitor | VPN | Proxy | Remote access | Fake GPS app | GPS spoofer | Emulator | Device farm | Jailbreak / Root | Resigned / tampered app | Sideload (PlayCover) | Browser extension | MITM / replay | Tor |
|---|
Strongest findings
Failed and partial test outcomes ranked for sales impact — what to lean on in a call.
No findings yet
Once tests land in updates/ with an outcome, they'll surface here.
All findings
Test results and intel tagged to Sardine.
Battle card
Talking points for a live sales call.
Sardine (San Francisco, founded 2020 by ex-Revolut team; ~500 employees, $145M+ raised at $660M valuation) is an AI risk + compliance platform for fintech, crypto, and neobanks. Differentiator is behavioural biometrics + device intelligence applied in millisecond-latency fraud decisions. They market "True Location" — a combination of IP geolocation, timezone mismatch, proxy/VPN detection, and mobile sensor data (accelerometer, gyroscope, network traffic) — claiming to pierce through VPNs to determine a user's real location. **The "True Location" claim is misleading for compliance.** Even when behavioural signals expose a VPN, the underlying location estimate is IP-derived and bounded by IP accuracy — presumed within a ~100km radius. Compliance requires deterministic binary jurisdiction enforcement; Sardine outputs probabilistic risk scores ("85% likely this is fraud"). OFAC certainty cannot be served by probability. Sardine's Job Application Fraud Detection product (announced March 2025) is relevant for Deel, Mattel, and other HR-tech procurement — an unrelated vertical but worth knowing about.
Watch out for
- Behavioural biometrics: typing rhythm, scrolling patterns, screen pressure, tap dynamics. Real differentiator vs static identity checks.
- Job Application Fraud Detection product — covers an emerging vertical (worker infiltration) where GeoComply doesn't compete directly.
- Premium customer base: Blockchain.com, Wealthsimple, Brex, Ramp, Coinbase, MoonPay, Visa, Deel, Mattel, GoDaddy, Experian.
- SardineX Consortium (Sonar) database — cross-customer fraud intelligence sharing.
- Real-time scoring in milliseconds — fits modern instant-payments workflows.
- RAT (Remote Access Tool) detection within their device intelligence SDK.
How we win
- 'True Location' is IP-derived, bounded by ~100km radius — not compliance-grade. Cannot serve OFAC certainty requirements.
- Probabilistic risk score output ('85% likely fraud') — not binary jurisdiction enforcement. Compliance requires deterministic pass/fail.
- Job Application Fraud Detection is untested + unproven — no published statistics on detection rate or third-party verification.
- No published metrics on VPN/proxy detection or residential-proxy hijacking detection.
- Stores PII (Sardine acknowledges they 'cannot ensure or warrant the security of any information').
- Behavioural-biometrics signals during interviews can be conflated with normal interview behaviour (e.g., minimising the call to look at notes vs scripted worker fraud).
- Demo only shows Google Meets integration — no indication the product works with Zoom or Teams.
- No GPS multi-signal fusion (Wi-Fi, Bluetooth, cell triangulation). No SDK-side geofencing.
Capability claims
What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.
Geolocation
How accurately and reliably the product determines a user's real location.
- GPS / OS locationUses native device GPS or OS-level location services.◐ Partialverifiedstale
Mobile SDK collects accelerometer + gyroscope + network traffic location for geographic position estimation. Subject to GPS spoofing.
- Wi-Fi triangulation○ Noverifiedstale
- IP geolocation● Yesverifiedstale
'True Location' tracks IP geolocation, timezone mismatch, true IP, new cell-tower IP — bounded by ~100km IP radius.
- IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).● Yesverifiedstale
Impossible-travel + timezone-mismatch detection.
- Boundary / state-lineHandles users moving across regulated boundaries during an active session.○ Noverifiedstale
- Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.○ Noverifiedstale
- Pre-login pre-check◐ Partialverifiedstale
Risk score (Very High / High / Medium / Low / Very Low) — probabilistic, not deterministic.
- Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).○ Noverifiedstale
- Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.○ Noverifiedstale
- On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).○ Noverifiedstale
Anti-spoofing detection
Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.
- VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).◐ Partialverifiedstale
VPN/proxy detection claimed; no published accuracy metric.
- Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.◐ Partialverifiedstale
Claims residential proxy hijacking detection; unpublished accuracy.
- Tor exits· Unknownrumorstale
- Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.● Yesverifiedstale
Remote Access Tool detection in Device Intelligence SDK.
- Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.○ Noverifiedstale
- Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.○ Noverifiedstale
- Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.● Yesverifiedstale
Emulator + rooted-device detection.
- Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.● Yesverifiedstale
Network graph linking users by SSN, device-id, email-address.
- Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.● Yesverifiedstale
Rooted device detection in SDK.
- Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.· Unknownrumorstale
- Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.· Unknownrumorstale
- Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).· Unknownrumorstale
- Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.● Yesverifiedstale
- MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.· Unknownrumorstale
Identity & KYC
Document verification, biometric liveness, sanctions screening.
- Document scan / OCR● Yesverifiedstale
KYC Verification product.
- Biometric liveness● Yesverifiedstale
Behavioural-biometric video manipulation detection (deepfake / virtual camera).
- Sanctions / PEP● Yesverifiedstale
Watchlist screening; real-time OFAC API.
- AML / responsible gaming● Yesverifiedstale
Transaction Monitoring product.
- Reusable identity· Unknowninferredstale
Platform coverage
Which surfaces the SDK / product runs on.
- iOS native● Yesverifiedstale
Native iOS SDK.
- Android native● Yesverifiedstale
Native Android SDK.
- Web / browser● Yesverifiedstale
Web JavaScript SDK.
- React Native· Unknowninferredstale
- Flutter· Unknowninferredstale
- Unity· Unknowninferredstale
- .NET / desktop· Unknowninferredstale
- Server-side API● Yesverifiedstale
API.
Compliance & certification
Regulatory coverage and certifications.
- US state-licensed (iGaming/sportsbook)○ Noverifiedstale
- US tribal / on-property· Unknowninferredstale
- Canadian provincial· Unknowninferredstale
- European (MGA/UKGC)● Yesinferredstale
- LatAm (Brazil SPA)· Unknowninferredstale
- SOC 2 Type II· Unknowninferredstale
- ISO 27001· Unknowninferredstale
- GLI-certified· Unknowninferredstale
Fraud & device intelligence
Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.
- Device fingerprint● Yesverifiedstale
- IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).◐ Partialverifiedstale
- Behavioral signals● Yesverifiedstale
Behavioural biometrics — core differentiator.
- Velocity / impossible travel● Yesverifiedstale
Velocity + aggregation across 50+ dimensions.
- Bot detection● Yesverifiedstale
- Account takeover● Yesverifiedstale
- Chargeback mgmt● Yesverifiedstale
Ops & integration
How easy the product is to integrate, observe, and operate.
- Self-serve onboarding· Unknowninferredstale
- Case management UI● Yesverifiedstale
- Webhook delivery● Yesinferredstale
- Real-time API● Yesverifiedstale
Millisecond-latency risk scores.
- Analytics dashboard● Yesverifiedstale
- Audit log export◐ Partialinferredstale
- Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).· Unknowninferredstale
- SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.· Unknownrumorstale
Commercial
Pricing model and go-to-market shape.
- Usage-based pricing● Yesverifiedstale
- Flat license / enterprise· Unknowninferredstale
- Free tier / trial· Unknowninferredstale
- Publicly listed pricing○ Noverifiedstale
- Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).● Yesverifiedstale
Resources
Briefings, source docs, and external links.
Talking points for displacement / co-sell deals
- "True Location" is misleading marketing. It's still IP-derived, bounded by a ~100km radius. Compliance requires sub-state precision — IP cannot deliver that.
- Probabilistic vs deterministic. Sardine outputs "85% likely fraud" — useful for risk teams, insufficient for OFAC. GeoComply outputs binary jurisdiction enforcement that's court-defensible.
- Job Application Fraud Detection is a different vertical (worker infiltration / IT-worker fraud). GeoComply doesn't compete here directly; if a prospect surfaces this product, the conversation is parallel, not displacement.
- No published accuracy on VPN/proxy detection, residential-proxy hijacking, GPS spoofing, or the Job Application Fraud product. Counter the "behavioural biometrics" pitch with "show us your numbers."
- PII storage exposure. Sardine's privacy policy acknowledges they cannot warrant the security of submitted information. GeoComply stores no PII — meaningful in privacy-conscious procurements.
Where they overlap with GeoComply
- Crypto / fintech: shared evaluation funnel for fraud + compliance stacks.
- HR-tech: Sardine's Job Application Fraud product is a Deel / Mattel / Brex play — adjacent to GeoComply but not directly competitive.