Skip to main content

Sardine

Active competitor

Behavior-infused fraud + compliance for fintech/crypto/neobanks. Markets 'True Location' via IP + device GPS self-reporting. Job Application Fraud Detection product (unproven, relevant for Deel).

sardine.aimaxim.mosinVerified 1mo ago
Compare
USEUGlobalFintechCryptoNeobanksHR-tech (job-fraud)#new-verticals#fraud#behavioural-biometrics#true-location#ip-only-geo#job-application-fraud#compete

Detection scorecard

How Sardine handles every spoofing technique we test for. Click any cell for findings.

Full matrix →
  • Detected
  • Partial
  • Missed
  • Not tested
CompetitorVPNProxyRemote accessFake GPS appGPS spooferEmulatorDevice farmJailbreak / RootResigned / tampered appSideload (PlayCover)Browser extensionMITM / replayTor

Strongest findings

Failed and partial test outcomes ranked for sales impact — what to lean on in a call.

No findings yet

Once tests land in updates/ with an outcome, they'll surface here.

All findings

Test results and intel tagged to Sardine.

Operator
Threat
No findings on file for this competitor yet.

Battle card

Talking points for a live sales call.

Sardine (San Francisco, founded 2020 by ex-Revolut team; ~500 employees, $145M+ raised at $660M valuation) is an AI risk + compliance platform for fintech, crypto, and neobanks. Differentiator is behavioural biometrics + device intelligence applied in millisecond-latency fraud decisions. They market "True Location" — a combination of IP geolocation, timezone mismatch, proxy/VPN detection, and mobile sensor data (accelerometer, gyroscope, network traffic) — claiming to pierce through VPNs to determine a user's real location. **The "True Location" claim is misleading for compliance.** Even when behavioural signals expose a VPN, the underlying location estimate is IP-derived and bounded by IP accuracy — presumed within a ~100km radius. Compliance requires deterministic binary jurisdiction enforcement; Sardine outputs probabilistic risk scores ("85% likely this is fraud"). OFAC certainty cannot be served by probability. Sardine's Job Application Fraud Detection product (announced March 2025) is relevant for Deel, Mattel, and other HR-tech procurement — an unrelated vertical but worth knowing about.

Watch out for

  • Behavioural biometrics: typing rhythm, scrolling patterns, screen pressure, tap dynamics. Real differentiator vs static identity checks.
  • Job Application Fraud Detection product — covers an emerging vertical (worker infiltration) where GeoComply doesn't compete directly.
  • Premium customer base: Blockchain.com, Wealthsimple, Brex, Ramp, Coinbase, MoonPay, Visa, Deel, Mattel, GoDaddy, Experian.
  • SardineX Consortium (Sonar) database — cross-customer fraud intelligence sharing.
  • Real-time scoring in milliseconds — fits modern instant-payments workflows.
  • RAT (Remote Access Tool) detection within their device intelligence SDK.

How we win

  • 'True Location' is IP-derived, bounded by ~100km radius — not compliance-grade. Cannot serve OFAC certainty requirements.
  • Probabilistic risk score output ('85% likely fraud') — not binary jurisdiction enforcement. Compliance requires deterministic pass/fail.
  • Job Application Fraud Detection is untested + unproven — no published statistics on detection rate or third-party verification.
  • No published metrics on VPN/proxy detection or residential-proxy hijacking detection.
  • Stores PII (Sardine acknowledges they 'cannot ensure or warrant the security of any information').
  • Behavioural-biometrics signals during interviews can be conflated with normal interview behaviour (e.g., minimising the call to look at notes vs scripted worker fraud).
  • Demo only shows Google Meets integration — no indication the product works with Zoom or Teams.
  • No GPS multi-signal fusion (Wi-Fi, Bluetooth, cell triangulation). No SDK-side geofencing.

Capability claims

What they say they do, grouped by category. Cross-check against the detection scorecard above — claims and tests don't always match.

Geolocation

How accurately and reliably the product determines a user's real location.

  • GPS / OS locationUses native device GPS or OS-level location services.
    Partialverifiedstale

    Mobile SDK collects accelerometer + gyroscope + network traffic location for geographic position estimation. Subject to GPS spoofing.

  • Wi-Fi triangulation
    Noverifiedstale
  • IP geolocation
    Yesverifiedstale

    'True Location' tracks IP geolocation, timezone mismatch, true IP, new cell-tower IP — bounded by ~100km IP radius.

  • IP-change detectionContinuously monitors IP and re-runs geolocation on Wi-Fi ↔ cellular or VPN swap (GeoComply MyIP equivalent).
    Yesverifiedstale

    Impossible-travel + timezone-mismatch detection.

  • Boundary / state-lineHandles users moving across regulated boundaries during an active session.
    Noverifiedstale
  • Near-border accuracyMulti-point aggregation + buffer-zone handling near regulated borders; measured as pass rate at 250m.
    Noverifiedstale
  • Pre-login pre-check
    Partialverifiedstale

    Risk score (Very High / High / Medium / Low / Very Low) — probabilistic, not deterministic.

  • Multi-jurisdictionSingle integration handling operators in multiple regulated states (GeoComply Multipass / Dynamic Boundaries equivalent).
    Noverifiedstale
  • Desktop plugin (PLC-class)Native desktop client / plugin required by PA, NJ, MS and most US iGaming regulators.
    Noverifiedstale
  • On-property BLE geofenceBluetooth Low Energy precision geofencing for tribal / on-property venues (PinPoint-class).
    Noverifiedstale

Anti-spoofing detection

Detection coverage for the spoof vectors tested by the Competitive Intelligence team. Cell values reflect SDK-level detection of the listed vector at the most recently tested operator.

  • VPN exit nodesDetects commercial VPN exit nodes (NordVPN, ExpressVPN, Surfshark, etc.).
    Partialverifiedstale

    VPN/proxy detection claimed; no published accuracy metric.

  • Proxy / residentialDetects datacenter and residential proxies — the harder class of IP obfuscation.
    Partialverifiedstale

    Claims residential proxy hijacking detection; unpublished accuracy.

  • Tor exits
    · Unknownrumorstale
  • Remote desktop (RDP)Detects AnyDesk, TeamViewer, FaceTime, Assistant, HopToDesk, iPhone screen mirroring, RustDesk and similar remote-control sessions.
    Yesverifiedstale

    Remote Access Tool detection in Device Intelligence SDK.

  • Fake-location appsDetects iAnyGo / Fake GPS / mock-location apps on iOS and Android.
    Noverifiedstale
  • Hardware GPS spooferDetects HackRF / BladeRF and GPS-simulator-device signal injection.
    Noverifiedstale
  • Emulator / VMDetects Xcode iOS Simulator, BlueStacks, Genymotion and similar virtual environments.
    Yesverifiedstale

    Emulator + rooted-device detection.

  • Device farm / VMOSDetects VMOS / virtualized Android device-farm environments used for multi-accounting.
    Yesverifiedstale

    Network graph linking users by SSN, device-id, email-address.

  • Jailbreak / rootDetects jailbroken iOS, rooted Android (incl. Magisk hidden root), and Frida / runtime-hook tampering.
    Yesverifiedstale

    Rooted device detection in SDK.

  • Resigned / tampered appDetects iOS apps that have been re-signed / Android apps that have been repackaged with injected code.
    · Unknownrumorstale
  • Sideload (PlayCover)Detects ARM-macOS iOS sideloading via PlayCover and equivalent hardware-abstraction loaders.
    · Unknownrumorstale
  • Browser extension spoofDetects Chrome / browser extensions that spoof location (Location Guard, Hola, etc.).
    · Unknownrumorstale
  • Session terminationTerminates session when location services are disabled mid-game or device leaves the jurisdiction.
    Yesverifiedstale
  • MITM / replay attackResists network-level interception, request tampering, and replay attacks against the SDK ↔ backend channel.
    · Unknownrumorstale

Identity & KYC

Document verification, biometric liveness, sanctions screening.

  • Document scan / OCR
    Yesverifiedstale

    KYC Verification product.

  • Biometric liveness
    Yesverifiedstale

    Behavioural-biometric video manipulation detection (deepfake / virtual camera).

  • Sanctions / PEP
    Yesverifiedstale

    Watchlist screening; real-time OFAC API.

  • AML / responsible gaming
    Yesverifiedstale

    Transaction Monitoring product.

  • Reusable identity
    · Unknowninferredstale

Platform coverage

Which surfaces the SDK / product runs on.

  • iOS native
    Yesverifiedstale

    Native iOS SDK.

  • Android native
    Yesverifiedstale

    Native Android SDK.

  • Web / browser
    Yesverifiedstale

    Web JavaScript SDK.

  • React Native
    · Unknowninferredstale
  • Flutter
    · Unknowninferredstale
  • Unity
    · Unknowninferredstale
  • .NET / desktop
    · Unknowninferredstale
  • Server-side API
    Yesverifiedstale

    API.

Compliance & certification

Regulatory coverage and certifications.

  • US state-licensed (iGaming/sportsbook)
    Noverifiedstale
  • US tribal / on-property
    · Unknowninferredstale
  • Canadian provincial
    · Unknowninferredstale
  • European (MGA/UKGC)
    Yesinferredstale
  • LatAm (Brazil SPA)
    · Unknowninferredstale
  • SOC 2 Type II
    · Unknowninferredstale
  • ISO 27001
    · Unknowninferredstale
  • GLI-certified
    · Unknowninferredstale

Fraud & device intelligence

Device fingerprinting, IP intelligence, behavioral signals, account-takeover detection.

  • Device fingerprint
    Yesverifiedstale
  • IP intelligence DBMaintained DB of VPN / TOR / proxy / hijacked-residential IPs with documented refresh cadence (GeoGuard equivalent).
    Partialverifiedstale
  • Behavioral signals
    Yesverifiedstale

    Behavioural biometrics — core differentiator.

  • Velocity / impossible travel
    Yesverifiedstale

    Velocity + aggregation across 50+ dimensions.

  • Bot detection
    Yesverifiedstale
  • Account takeover
    Yesverifiedstale
  • Chargeback mgmt
    Yesverifiedstale

Ops & integration

How easy the product is to integrate, observe, and operate.

  • Self-serve onboarding
    · Unknowninferredstale
  • Case management UI
    Yesverifiedstale
  • Webhook delivery
    Yesinferredstale
  • Real-time API
    Yesverifiedstale

    Millisecond-latency risk scores.

  • Analytics dashboard
    Yesverifiedstale
  • Audit log export
    Partialinferredstale
  • Encrypted responseDetection flag names hidden from the end user (GeoComply uses encrypted XML; most challengers expose JSON flag names).
    · Unknowninferredstale
  • SDK hardeningSDK is signed, obfuscated, and license-bound — not findable / patchable to inject coordinates client-side.
    · Unknownrumorstale

Commercial

Pricing model and go-to-market shape.

  • Usage-based pricing
    Yesverifiedstale
  • Flat license / enterprise
    · Unknowninferredstale
  • Free tier / trial
    · Unknowninferredstale
  • Publicly listed pricing
    Noverifiedstale
  • Bundled with platformGeo is bundled inside a broader platform deal (OpenBet, GeoLocs/Mkodo, Playtech).
    Yesverifiedstale

Talking points for displacement / co-sell deals

  1. "True Location" is misleading marketing. It's still IP-derived, bounded by a ~100km radius. Compliance requires sub-state precision — IP cannot deliver that.
  2. Probabilistic vs deterministic. Sardine outputs "85% likely fraud" — useful for risk teams, insufficient for OFAC. GeoComply outputs binary jurisdiction enforcement that's court-defensible.
  3. Job Application Fraud Detection is a different vertical (worker infiltration / IT-worker fraud). GeoComply doesn't compete here directly; if a prospect surfaces this product, the conversation is parallel, not displacement.
  4. No published accuracy on VPN/proxy detection, residential-proxy hijacking, GPS spoofing, or the Job Application Fraud product. Counter the "behavioural biometrics" pitch with "show us your numbers."
  5. PII storage exposure. Sardine's privacy policy acknowledges they cannot warrant the security of submitted information. GeoComply stores no PII — meaningful in privacy-conscious procurements.

Where they overlap with GeoComply

  • Crypto / fintech: shared evaluation funnel for fraud + compliance stacks.
  • HR-tech: Sardine's Job Application Fraud product is a Deel / Mattel / Brex play — adjacent to GeoComply but not directly competitive.