--- title: How a financial services company automates fraud prevention and scale operations — Sardine Customer Story source_page: https://www.sardine.ai/customers/how-a-financial-services-company-uses-real-time-device-intelligence-to-automate-fraud-prevention canonical: https://www.sardine.ai/customers/how-a-financial-services-company-uses-real-time-device-intelligence-to-automate-fraud-prevention format: text/markdown --- **Quick links:** [Human page](https://www.sardine.ai/customers/how-a-financial-services-company-uses-real-time-device-intelligence-to-automate-fraud-prevention) · [Home](https://www.sardine.ai) · [Customers](https://www.sardine.ai/customers) · [Blog](https://www.sardine.ai/insights/blog) · [Demo](https://www.sardine.ai/demo) --- # How a financial services company automates fraud prevention and scale operations **Industries:** Financial services **Products used:** Device Intelligence, Real-time Risk Scoring , Investigator Toolset ## Results - 90%+: Reduction in manual reviews - 1,200 down to 100 : Fraud reviews needed - 400+: Rules optimized in-house Fraud rings don't target banks anymore. They target the accounts people forget to worry about. Long term savings accounts fly under the radar precisely because they're long-term, low-activity, and deeply trusted. That makes them ideal targets. A financial services provider in the U.S., found itself facing a new wave of automated attacks designed to exploit that trust, and realized that manual reviews alone could never keep pace. That’s why they moved away from reactive vetting and toward a centralized intelligence platform powered by Sardine to modernize its protective measures without creating a wall of friction for the families these programs serve. Since the partnership began, they have replaced their batch-oriented approach with a real-time decisioning layer. Their fraud prevention team now uses automated risk signals to filter out low-risk sessions instead of relying on slow investigation steps. This gives the organization the speed required during peak enrollment periods when accuracy is mandatory. Challenge: The manual review bottleneck Prior to their partnership with Sardine, the fraud team faced a fundamental lack of visibility into the digital intent of their users. Without real-time risk signals, the organization was forced into a defensive posture where the only way to ensure safety was to manually vet 100% of all new account enrollments. This created an environment where security was entirely dependent on the speed of an analyst’s manual queue. This “review everything” model created an unsustainable operational burden that manifested in three specific ways: The manual review trap: Analysts were forced to manually process roughly 1,200 accounts during off-peak months. When enrollment season arrived, that volume at least doubled, inevitably turning into an administrative chore. The visibility gap: The team lacked device-level intelligence. They could not distinguish between a legitimate family opening a savings account and a coordinated bot attack. Reactive timelines: The operation remained batch-oriented. This meant fraud was often only identified after an account was already active and the damage had occurred. The solution: Real-time behavioral signals To break the cycle of manual work, they moved away from reactive vetting and toward a centralized intelligence platform. The integration of Sardine replaced the batch-oriented process with an immediate risk-scoring layer. By pulling in device-level signals at the front door, the team stopped relying on the unsustainable 100% manual review model. Automated risk scoring now filters out the vast majority of low-risk sessions, allowing for investigators to focus their time on the 10% of enrollments that actually show signs of risk. Our partnership focused on three core areas to modernize the defense: Behavior signal capture: Sardine monitors telemetry and infrastructure signals to detect automated activity before any money moves. This allows the fraud team to identify bot-driven behavior, such as copy & paste field entry or a device ID linked to suspicious activity elsewhere in the network. Onsite logic audit During a recent engagement, Sardine helped audited over 400 rules across nearly 20 separate checkpoints to identify where the system was causing unnecessary friction. By pushing rule recommendations directly into production, the teams saw an immediate drop in firing rates for rules that had carried false-positive rates close to 100%. Infrastructure-based network detection The team leverages Sardine’s shared hardware IDs to identify coordinated networks that use thousands of accounts to move stolen funds. Instead of waiting for a report to flag a historical fraud event, the team identifies the threat as it appears. The results: Precision at scale The transition to real-time risk scoring fundamentally changed the operational capacity of the fraud team. By automating the identification of low-risk sessions, manual review volume decreased by more than 90%, ensuring that human expertise is reserved for the cases that actually warrant it. Operational elasticity: By automating the identification of low-risk applications, fraud reviews decreased from around 1,200 to around 100. This efficiency allows the team to absorb surges without increasing headcount or creating a backlog for new savers. Precision-based investigations: Removing legacy rules with near 100% false-positive rates has eliminated the “noise” that previously led to analyst burnout. Investigators no longer spend their days clearing administrative errors; instead, every flag they review is now backed by meaningful behavioral evidence. Pre-emptive network defense: For the first time, legitimate human behavior and automated bot activity is able to be differentiated at the front door. By leveraging shared hardware IDs, the team now identifies coordinated networks before they can penetrate the ecosystem, shifting the goal from “detecting fraud” to “neutralizing threat infrastructure.” What’s next for the partnership with Sardine? The work doesn't stop at enrollment. Because the need to save for the future spans decades, the threat surface extends across every login, profile update, and distribution request a saver will ever make. The baseline of behavioral intelligence isn't a checkpoint, it's a foundation. The next phase of the partnership shifts focus from identity to intent: moving beyond stopping bot-driven signups to detecting the subtle behavioral changes that precede account takeover or unauthorized withdrawals. By extending the same device telemetry that protects enrollment to every subsequent interaction, they are continuing to build a system that knows what a legitimate long-term saver looks like, and notices immediately when something doesn't fit. These accounts represent years of disciplined saving. The defense protecting them should be just as durable.