--- title: RockWallet blocks device-based and large-scale fraud attacks with Sardine — Sardine Customer Story source_page: https://www.sardine.ai/customers/RockWallet canonical: https://www.sardine.ai/customers/RockWallet format: text/markdown description: See RockWallet use Sardine's device intelligence and behavioral biometrics to block bot attacks and maintain chargebacks below 1% on its crypto-to-fiat rails. --- **Quick links:** [Human page](https://www.sardine.ai/customers/RockWallet) · [Home](https://www.sardine.ai) · [Customers](https://www.sardine.ai/customers) · [Blog](https://www.sardine.ai/insights/blog) · [Demo](https://www.sardine.ai/demo) --- # RockWallet blocks device-based and large-scale fraud attacks with Sardine **Industries:** Fintech, Cryptocurrency, Payments **Products used:** Device and Behavior, Payments Fraud, Sanctions Screening ## Results - <1%: Chargeback rate maintained - 100s: Suspicious accounts blocked per month - Millions: Saved by blocking high risk transactions RockWallet is a mobile-first, self-custodial crypto wallet that helps customers buy, sell, store, send, receive, and swap digital assets. Designed to make crypto accessible to both new and experienced users, the platform combines a simple user experience with regulated fiat on-ramps, including card and bank transfers. That mix of ease of use, self-custody, and regulated payment flows makes strong fraud and compliance controls essential. Based on a customer referral, RockWallet selected Sardine to stand up an anti-fraud and compliance program from scratch. Using Sardine’s solutions, the team quickly reduced fraud across payments, identity verification, and chargebacks. Over time, RockWallet expanded its program to include rules-based scoring, device intelligence, behavioral biometrics, and sanctions screening to support growth without increasing risk. The challenge When RockWallet began adding fiat payment options to its crypto platform, the team was starting from scratch. Fraud prevention quickly became a priority. With contractual obligations to keep chargebacks below 1%, building an in-house fraud detection system was not a viable option. RockWallet needed a provider that could ensure clean, verified traffic through the payment flow and support a fast launch. In addition to chargeback risk, RockWallet needed stronger controls to detect device tampering, emulator use, and other high-risk behaviors during identity verification and card-funded transactions. RockWallet made a deliberate call not to launch fiat payment rails until fraud controls were in place. Sardine integration ran in parallel with the payment provider rollout, so the team could go live without leaving gaps. Why Sardine: Data insights and product breadth After a competitive analysis of fraud prevention tools, RockWallet chose Sardine for the ability to build on top of its controls and go beyond transaction-only signals. Sardine provided rich, end-to-end device and behavioral data for rule creation, along with ongoing monitoring and reporting across identity verification and payment flows. The program started with data sharing through APIs, and RockWallet has continued embedding Sardine’s SDK at key points in the customer journey, including transactions and KYC, as the program matures. The results Kept chargebacks below 1% Blocked bot-driven attacks using device intelligence Built a system of checkpoints to monitor account signups and suspicious transactions After integrating with Sardine, RockWallet quickly identified patterns of suspicious behavior. Fraud tactics change frequently, so the fraud and compliance teams implemented a responsive scoring system that could adapt to new attacks, including short-lived spikes and automated bursts that transaction data alone would have missed. By adjusting scores and rules, RockWallet could stop fraud based on specific risk scenarios. Fraud in this category is a cat-and-mouse game. RockWallet used Sardine to spot patterns early, then adjust scoring and group rules quickly as tactics changed. This agility proved essential when addressing region-specific fraud patterns. The team developed custom rules to intercept localized threats by combining geofencing with identity and payment signals, allowing RockWallet to isolate and block regional fraud rings without impacting legitimate users. Beyond these technical signals, the team implemented Sardine’s specialized rules that help protect vulnerable customers even in the absence of immediate risk signals. These allow RockWallet to proactively shield at-risk users, such as elderly customers, from social engineering and “guided” scams. By monitoring subtle behavioral cues that indicate a user may be acting under someone else’s direction, the system detects a scam in progress even when no immediate technical risk is present. To maintain this level of protection, Sardine provided RockWallet with a series of integrated checkpoints that monitor the full customer lifecycle. By capturing data across every touchpoint from account creation and funding to logins and payments, the system identifies account takeover attempts in real time. These checkpoints analyze over 6,000 risk signals, including behavioral biometrics that detect guided mouse movements or the use of remote access tools. This real-time, pre-authorization scoring ensures that if a fraudster bypasses one gate, the next checkpoint can detect the inconsistency before a transaction is finalized. Fraud responds to economic incentives, which is why RockWallet now focuses on increasing the cost of an attack through layered controls. The team codifies repeated patterns of suspicious behavior into formal rules. By layering these human-vetted gates rather than relying on single technical checks, RockWallet ensures that sophisticated attacks become too resource-intensive to sustain. A clear example of this approach occurred during a coordinated bot attack involving hundreds of accounts. While the attackers attempted to mimic legitimate registrations, Sardine’s Device Intelligence flagged subtle technical inconsistencies in the device telemetry that real customer hardware would not exhibit. After seeing the pattern recur, RockWallet codified the signal into a formal rule to block the emulator-driven automation before it could bypass the final payment gates. Since partnering with Sardine, the team has expanded its program to include sanctions and PEP screening. Moving forward Together, RockWallet and Sardine built a comprehensive fraud strategy that kept chargebacks below 1% while continuing to onboard new customers. Even when downstream partners notice a spike, RockWallet’s team is usually aware of the event in advance. Sardine helps keep the team in the know, so they can take a proactive approach rather than reacting after the fact.

CUSTOMER STORY

Fintech, Cryptocurrency, Payments

RockWallet blocks device-based and large-scale fraud attacks with Sardine

Two interconnected modules labeled 'Sardine' and 'Rockwallet' on a circuit board background.

<1%

Chargeback rate maintained

100s

Suspicious accounts blocked per month

Millions

Saved by blocking high risk transactions

“The device data is extremely handy. The fraud attack started with us picking up device spikes. Then we started diving deeper and deeper with Sardine and were able to find something else happening.”

Saleha Sajid, Senior Vice President of Digital Payments, RockWallet

Content

Products used

Device and Behavior

Payments Fraud

Sanctions Screening

RockWallet is a mobile-first, self-custodial crypto wallet that helps customers buy, sell, store, send, receive, and swap digital assets. Designed to make crypto accessible to both new and experienced users, the platform combines a simple user experience with regulated fiat on-ramps, including card and bank transfers. That mix of ease of use, self-custody, and regulated payment flows makes strong fraud and compliance controls essential.

Based on a customer referral, RockWallet selected Sardine to stand up an anti-fraud and compliance program from scratch. Using Sardine’s solutions, the team quickly reduced fraud across payments, identity verification, and chargebacks. Over time, RockWallet expanded its program to include rules-based scoring, device intelligence, behavioral biometrics, and sanctions screening to support growth without increasing risk.

The challenge

When RockWallet began adding fiat payment options to its crypto platform, the team was starting from scratch. Fraud prevention quickly became a priority. With contractual obligations to keep chargebacks below 1%, building an in-house fraud detection system was not a viable option. RockWallet needed a provider that could ensure clean, verified traffic through the payment flow and support a fast launch.

In addition to chargeback risk, RockWallet needed stronger controls to detect device tampering, emulator use, and other high-risk behaviors during identity verification and card-funded transactions. RockWallet made a deliberate call not to launch fiat payment rails until fraud controls were in place. Sardine integration ran in parallel with the payment provider rollout, so the team could go live without leaving gaps.

Why Sardine: Data insights and product breadth

After a competitive analysis of fraud prevention tools, RockWallet chose Sardine for the ability to build on top of its controls and go beyond transaction-only signals. Sardine provided rich, end-to-end device and behavioral data for rule creation, along with ongoing monitoring and reporting across identity verification and payment flows.

The program started with data sharing through APIs, and RockWallet has continued embedding Sardine’s SDK at key points in the customer journey, including transactions and KYC, as the program matures.

The results

Kept chargebacks below 1%
Blocked bot-driven attacks using device intelligence
Built a system of checkpoints to monitor account signups and suspicious transactions

After integrating with Sardine, RockWallet quickly identified patterns of suspicious behavior. Fraud tactics change frequently, so the fraud and compliance teams implemented a responsive scoring system that could adapt to new attacks, including short-lived spikes and automated bursts that transaction data alone would have missed. By adjusting scores and rules, RockWallet could stop fraud based on specific risk scenarios.

Fraud in this category is a cat-and-mouse game. RockWallet used Sardine to spot patterns early, then adjust scoring and group rules quickly as tactics changed. This agility proved essential when addressing region-specific fraud patterns. The team developed custom rules to intercept localized threats by combining geofencing with identity and payment signals, allowing RockWallet to isolate and block regional fraud rings without impacting legitimate users.

Beyond these technical signals, the team implemented Sardine’s specialized rules that help protect vulnerable customers even in the absence of immediate risk signals. These allow RockWallet to proactively shield at-risk users, such as elderly customers, from social engineering and “guided” scams. By monitoring subtle behavioral cues that indicate a user may be acting under someone else’s direction, the system detects a scam in progress even when no immediate technical risk is present.

To maintain this level of protection, Sardine provided RockWallet with a series of integrated checkpoints that monitor the full customer lifecycle. By capturing data across every touchpoint from account creation and funding to logins and payments, the system identifies account takeover attempts in real time. These checkpoints analyze over 6,000 risk signals, including behavioral biometrics that detect guided mouse movements or the use of remote access tools. This real-time, pre-authorization scoring ensures that if a fraudster bypasses one gate, the next checkpoint can detect the inconsistency before a transaction is finalized.

Fraud responds to economic incentives, which is why RockWallet now focuses on increasing the cost of an attack through layered controls. The team codifies repeated patterns of suspicious behavior into formal rules. By layering these human-vetted gates rather than relying on single technical checks, RockWallet ensures that sophisticated attacks become too resource-intensive to sustain.

A clear example of this approach occurred during a coordinated bot attack involving hundreds of accounts. While the attackers attempted to mimic legitimate registrations, Sardine’s Device Intelligence flagged subtle technical inconsistencies in the device telemetry that real customer hardware would not exhibit. After seeing the pattern recur, RockWallet codified the signal into a formal rule to block the emulator-driven automation before it could bypass the final payment gates.

Saleha Sajid, Senior Vice President of Digital Payments, RockWallet

Since partnering with Sardine, the team has expanded its program to include sanctions and PEP screening.

Moving forward

Together, RockWallet and Sardine built a comprehensive fraud strategy that kept chargebacks below 1% while continuing to onboard new customers. Even when downstream partners notice a spike, RockWallet’s team is usually aware of the event in advance. Sardine helps keep the team in the know, so they can take a proactive approach rather than reacting after the fact.