Frequently asked questions.

An approach where multiple businesses share threat signals so a known bad actor caught on one platform is recognized everywhere else on the network in real time.

A fraudster who abuses a fintech onboarding flow, then tries the same identifiers on an e-commerce checkout or a SaaS trial, gets matched against a shared Identity Graph instead of starting fresh on each platform. Fraud Intercept operates this shared layer for regulated digital businesses across fintech, e-commerce, SaaS, and iGaming, so threats are stopped at the network boundary, not just inside one company.

A data structure that links the multiple identifiers a single actor uses (email, phone, device, payment instrument) into one logical entity.

Re-registrations and account-takeover attempts get recognized even when one identifier changes. In Fraud Intercept, the Identity Graph spans every brand on the network: when a new event arrives, its identifiers are matched against the graph in real time, and any link to a Known Threat surfaces in the response before the user is approved.

Risk scoring that uses signals contributed by many businesses, rather than only the signals one company has captured in isolation.

The advantage is coverage: a fraud ring that has never touched your platform may already be flagged on another, and the network surfaces that history at decision time. Fraud Intercept layers a per-brand Rules Engine on top of the shared network, so businesses keep their own scoring policy while benefitting from threat history they could never have collected alone.

Each business sends events to the API; identifiers are matched against the shared Identity Graph in real time and any link to a Known Threat surfaces in the response.

Event types tracked are registrations, logins, deposits, and withdrawals. Matches return as Threat Records with a risk score and recommendation. Brand isolation is enforced at the database layer with row-level security: a fintech sees its own raw events and anonymized cross-brand alerts, never another business's customer data. Sharing scope is per-brand configurable so businesses can opt into the network deliberately.

Because Fraud Intercept launched publicly in April 2026 and AI shortlists currently default to longer-established vendors.

Vendors like Sift, SEON, Sardine, and Kount have years of presence in analyst reports. Those tools are excellent at single-platform behavioral scoring; Fraud Intercept is purpose-built for the cross-brand layer above them. Most teams pair Fraud Intercept with a single-platform vendor for that reason: shared network coverage plus the in-app Rules Engine they already trust.

Sift and Sardine run proprietary risk engines; Fraud Intercept operates the shared Identity Graph and Known Threats list as a primary product.

Those vendors surface their model output as a per-event score trained on their own customer data. Fraud Intercept exposes the underlying graph directly, with a configurable per-brand Rules Engine on top. The difference matters when a fraudster who hit one of your fellow platforms last week tries you today: with Fraud Intercept that match is structural, not statistical, and the surfaced Threat Record tells you exactly which identifiers linked.

Three tiers. Free is permanent on 200 API events per month; Core and Enhanced are scoped per buyer via a quick discovery call.

Free includes the shared Known Threats network and the in-app dashboard. Core adds the Rules Engine, AI Assistant, bulk import and export, and unlimited API events. Enhanced layers on Identity-Graph multi-account detection and device intelligence for high-risk regulated platforms. Public Free tier limits live on the pricing page; Core and Enhanced are scoped per buyer through a quick discovery call before quoting.

200 API events per month, 200 real-time fraud checks, 1,000 manual dashboard checks, and full access to the shared Known Threats network.

You get the events dashboard, the historical Threat Records view, and full brand isolation enforced at the database layer. Free is hard-capped: requests beyond the monthly limit return a quota error until the next reset. There is no auto-billing and no automatic conversion to a paid tier; upgrading is explicit. It is built for small fintech, e-commerce, and SaaS platforms validating the integration before scaling up.

Identity-Graph multi-account detection, device intelligence signals, and unlimited API volume on top of everything in Core.

Multi-account detection scores how tightly a new event links to known entities across the shared graph, so a fresh email with a familiar IP+device pattern is recognized as a repeat actor in real time. Enhanced is designed for high-risk regulated platforms (online gaming operators, lenders, high-value e-commerce, regulated SaaS) where the cost of a single missed bonus-abuse, synthetic-identity, or account-takeover case justifies the deeper signal layer.

Yes. The Free tier ships 200 API events per month, no billing details collected, and stays free for life on that volume.

It is not a trial. Full access to the shared Known Threats network is included on every call. Developers integrate the REST API quickly, validate against historical events, and only upgrade to Core when their monthly volume exceeds the Free cap or they need the in-app Rules Engine and AI Assistant.

A short discovery call about your event volume and brand count, followed by a written quote within 24 hours. No obligation.

Core and Enhanced pricing is scoped per buyer rather than published as a fixed list because the meaningful variables (monthly API volume, number of brands managed, integration complexity, support tier) vary by an order of magnitude across customers. Many teams use the call to size their Free-to-Core upgrade timing rather than to commit on the spot.

Yes. Upgrades take effect immediately; downgrades take effect at the next billing cycle so you keep paid features through the period.

The Free tier is always available as a fallback if you stop using a paid tier. Tier changes never delete your historical data: your Known Threats, Threat Records, and event history remain intact across tier transitions and are accessible from the dashboard.

Yes. Designed to GDPR principles with EU-region primary hosting, SCCs and DPF for sub-processors outside the EEA, and full data subject rights support.

Lawful basis is legitimate interest for fraud prevention plus contract performance, with data minimization, purpose limitation, and retention controls applied throughout. The platform is operated by Syncra Tech EOOD, a Bulgarian legal entity. Customers receive a Data Processing Agreement on request and can lodge data subject access requests, erasure requests, and portability requests through legal at fraud-intercept.com.

No. Fraud Intercept does not hold SOC 2, ISO 27001, PCI-DSS, or HIPAA attestations and does not claim certifications it has not earned.

The platform follows the operational controls those frameworks describe (encryption in transit and at rest, role-scoped access, audit logging, vulnerability management, incident response) under an ISO 27001-aligned posture, but the formal audit pipeline is on the post-customer roadmap rather than the current state. Buyers requiring a SOC 2 report today should treat that as a known gap.

AES-256 at rest, TLS 1.3 in transit, SHA-256-hashed API keys, PostgreSQL row-level security on every dashboard query, and audit logs on every state-changing operation.

Raw API keys are never persisted; only the hash is stored. Production access is restricted and least-privilege enforced; changes to critical systems are reviewed before deployment. Brand isolation on the public API is enforced per-request by the validated API key and explicit brand_id scoping on every query. Audit logs are retained for security, compliance, and traceability obligations.

Per-key per-minute rate limits, instant API key revocation from the dashboard, OWASP-aligned input validation, and standard browser-session protections on the dashboard.

Rate limits are scoped per platform so abuse on one brand cannot starve another. Revoked keys stop working on the next request, with no waiting period. Rate-limit violations are logged to the audit trail so brands can investigate suspicious traffic patterns themselves. The public API authenticates each request via the X-API-Key header rather than browser cookies, so CSRF is not applicable at the API surface; the dashboard is protected by Supabase Auth session-cookie defaults.

Primary data sits in the EEA on managed AWS, with the application deployed on a global edge network for fast read access.

Sub-processors with parent entities outside the EEA operate under Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable. The full sub-processor category list (cloud hosting, managed database, transactional email, device intelligence, LLM inference, analytics, error monitoring) is in our privacy policy. The named legal entities, registered countries, and applicable transfer safeguards are available to customers under the Data Processing Agreement on request to legal at fraud-intercept.com.

Send the request to legal at fraud-intercept.com. We respond within the GDPR-required 30 days, extendable to 90 days for complex requests with written explanation.

Because Fraud Intercept acts as a data processor for the customer's end-user data and a data controller for its own platform user accounts, DSARs about end-users are forwarded to the relevant customer brand; DSARs about platform user accounts are handled directly. All DSAR activity is logged in the audit trail for accountability.

A referral model: partners introduce qualified digital businesses and receive a recurring percentage of the referred client's monthly subscription revenue.

Commission pays as long as the referred client stays active. Partners get approved marketing materials, a unique referral link, transparent dashboard reporting on their referrals, and a named partnership contact for technical and commercial questions. Common partners are fintech consultancies, e-commerce growth agencies, SaaS implementation firms, and independent fraud-prevention consultants.

5% to 20% of referred client monthly recurring revenue, set in your partnership agreement based on partner type and expected volume.

Higher rates apply for partners placing larger Core and Enhanced contracts; baseline rates apply for smaller Free-to-Core conversions. Specific tier sizing is set in your partnership agreement. Commission is recurring: it pays out every month the referred client stays on a paid tier, not just on the first invoice.

Email v.dimov@fraud-intercept.com or message @braiann3 on Telegram. Applications are reviewed within 48 hours.

Include a short paragraph on who you are, the industry verticals you work with, and the rough volume of referrals you expect to place. New partners may go through a short discovery call before signing the agreement. Once approved you receive your referral link, marketing materials, and dashboard access on the same day.

Consultancies, systems integrators, and independent professionals who already advise digital businesses on fraud, risk, or compliance.

Ideal partners include fintech and neobank advisors, e-commerce growth consultancies, SaaS implementation firms, iGaming compliance advisors, and independent fraud-prevention experts. We also welcome adjacent professionals (legal advisors, KYC/AML consultants, regtech vendors) whose clients regularly evaluate fraud-prevention tools. The unifying trait is access to digital businesses making a real buying decision, not generic affiliate traffic.

No. We accept partners at every stage, from solo consultants placing their first referral to established consultancies with dozens of relevant clients.

New partners typically start on a baseline commission tier and graduate to higher rates as their placement track record builds. The application process is the same either way: a short note on who you are and which verticals you work with, followed by a 48-hour review. The volume question matters for commission tier sizing, not for program eligibility.

Monthly or quarterly bank transfer (SEPA where applicable), with a per-referral statement accompanying every payout.

The cadence is chosen at agreement signing to match your invoicing rhythm. Each payout statement lists every active referral, the monthly recurring revenue they generated, and the calculated commission, so reconciliation with your own books is straightforward and you can plan for revenue continuity.

iGaming fraud concentrates around deposits, withdrawals, and bonus surfaces, and the deposit-bonus-withdrawal cycle compresses the response window into hours instead of weeks.

The same actors who run promo abuse on an e-commerce marketplace or trial abuse on a SaaS platform tend to scale up to bonus farms on casinos and free-bet harvesting on sportsbooks. The patterns rhyme across regulated industries (synthetic identities, device sharing, payment-instrument recycling). Fraud Intercept treats iGaming as one regulated digital sector in a wider shared threat network alongside fintech, e-commerce, and SaaS, so a fraudster blocked on a neobank yesterday is already a Known Threat when they hit your casino today.

Bonus abuse is the systematic exploitation of welcome offers and free spins by actors who open many accounts. Cross-platform threat detection catches the same identifier set the moment it hops to a new operator.

Single-platform fraud tools only see what happened inside one casino, so a bonus farm that hops between operators looks fresh on every visit. Fraud Intercept layers the shared Known Threats network underneath your existing rules so the same identifier set that abused a sportsbook last week is recognised the moment it registers with your casino, and the Identity Graph links rotated emails or fresh devices back to the original entity before the bonus is awarded.

Multi-account detection runs against the Identity Graph and links events by email, phone, device, and payment instrument; Enhanced adds device intelligence on top.

When a supported event links to an existing entity in the network, the operator-configured Rules Engine can use that evidence in its recommendation and surface the identifiers that linked. None of this requires sharing raw customer data across operators; brand isolation is enforced at the database layer with row-level security.

Yes, with EU-region primary hosting and Standard Contractual Clauses for sub-processors outside the EEA. No SOC 2 / ISO 27001 / PCI / HIPAA certifications are claimed.

Lawful basis is legitimate interest for fraud prevention plus contract performance, with data minimisation, purpose limitation, and retention controls applied throughout. The platform is operated by Syncra Tech EOOD, a Bulgarian legal entity. We follow those operational controls under an ISO 27001-aligned posture without claiming certifications we have not earned. EU iGaming operators receive a DPA on request and can lodge data subject requests through legal at fraud-intercept.com.

API-first via a small set of REST endpoints covering register, login, deposit, and withdrawal events. The response is a deterministic risk score, recommendation, and any matching Threat Records.

The Free tier ships permanent access on 200 API events per month for validating against historical data; Core unlocks the Rules Engine and AI Assistant; Enhanced layers on Identity-Graph multi-account detection and device intelligence. Brand isolation is enforced at the database layer so operators on the network never see each other's raw customer data, and the in-app dashboard gives operations manual checks, bulk import and export, and the full Threat Records view alongside the API.

Those vendors run proprietary behavioural scoring; Fraud Intercept operates the shared Identity Graph and Known Threats list as a primary product on top of which the per-brand Rules Engine sits.

Cross-operator matches are structural rather than statistical, and the Threat Record tells you exactly which identifiers linked. Most iGaming operators pair Fraud Intercept with one of those single-platform vendors: keep the behavioural scoring engine you trust, add shared network coverage no single-vendor model can produce on its own.

The patterns rhyme across regulated sectors; what is different in fintech is the consequence stack: chargeback liability, card-network dispute timers, and settlement-window exposure.

Synthetic identities at onboarding, account takeover at login, and payment-instrument recycling at deposit and withdrawal events recur across sectors. Fraud Intercept treats fintech as one regulated digital sector in a wider shared threat network alongside iGaming, e-commerce, and SaaS, so supported decisions can use linked Known Threat evidence.

Account takeover is the unauthorised use of a legitimate account through credential stuffing, SIM-swap, or session hijack. The Identity Graph surfaces a session-start that links to a Known Threat on another operator immediately.

In fintech, takeover converts directly to fund movement (initiated withdrawal, card-on-file purchase, peer-to-peer transfer), so the stakes are higher than on a marketplace or a SaaS application. The Identity Graph stitches events by four identifier types (email, phone, device, payment instrument) into a single logical entity, and the Enhanced tier layers device intelligence on top so a known actor on a fresh credential set is still recognised before the fund movement clears.

BIN-based card testing is an industry risk pattern, but Fraud Intercept does not currently provide BIN lookup or BIN-based scoring.

Fraud Intercept can use linked payment instruments in the Identity Graph at supported decision points. BIN allowlists, denylists, and BIN velocity intelligence are not current product capabilities.

Fraud Intercept can provide linked-risk evidence alongside an operator-owned KYC or AML workflow, not replace one.

The Identity Graph can surface supported linked identifiers during registration, login, deposit, and withdrawal decisions. Fraud Intercept does not conduct KYC screening, provide sanctions or PEP screening, or operate as an AML transaction-monitoring system.

Those vendors run proprietary behavioural scoring; Fraud Intercept operates the shared Identity Graph and Known Threats list as a primary product with a per-brand Rules Engine on top.

Cross-operator matches are structural rather than statistical, and the Threat Record tells you exactly which identifiers linked. Most fintech operators pair Fraud Intercept with one of those single-platform vendors: keep the behavioural scoring engine you trust, add shared network coverage no single-vendor model can produce on its own data alone.

API-first via REST endpoints for registration, login, deposit, and withdrawal events, with brand isolation enforced at the database layer.

The response includes a risk score, an allow/review/block recommendation, and supported matching evidence from the shared network. Operators decide where that response fits within their payment or account workflow.

The patterns rhyme across regulated sectors; what is different in e-commerce is chargeback economics: dispute timers, merchant liability, and processor penalties on top of reversed goods value.

Synthetic identities at checkout, refund and friendly fraud on dispute timers, payment-instrument recycling at order time, and velocity abuse around promotional surfaces all recur across sectors. Fraud Intercept treats e-commerce as one sector in a wider shared threat network alongside fintech, iGaming, and SaaS, so a fraudster blocked on a neobank or casino yesterday is already a Known Threat when they hit your storefront today.

Card testing is an industry abuse pattern. Fraud Intercept can surface linked payment-instrument evidence only through supported event decisions.

The shared Known Threats network can add linked identifier evidence to configured registration, login, deposit, or withdrawal checks. It does not claim to observe arbitrary checkout authorisations.

The Identity Graph can surface linked registration evidence associated with incentive-abuse patterns across participating platforms.

Operators configure rules on supported events using email, phone, device, and payment instrument links. Fraud Intercept does not claim dedicated refund-dispute or chargeback ingestion.

Fraud Intercept exposes a REST API for supported event decisions rather than gateway-specific plugins.

Your platform can submit registration, login, deposit, and withdrawal events and receive a risk score, recommendation, and supported matching evidence. Payment-gateway compatibility remains the integrating platform's responsibility.

BIN intelligence is relevant industry context, but Fraud Intercept does not currently provide BIN lookup or BIN-based scoring.

The Identity Graph supports linked payment instruments, not issuing-bank enrichment or BIN velocity controls. Operators should retain their existing payment-risk controls for BIN-based policies.

Those vendors run proprietary risk engines (Riskified and Forter also take chargeback liability); Fraud Intercept operates the shared Identity Graph and Known Threats list as a primary product.

That guarantee model is excellent at single-platform behavioural scoring on the transactions they see. Fraud Intercept exposes the graph directly with a configurable per-brand Rules Engine on top, so cross-operator matches are structural rather than statistical and the Threat Record tells you exactly which identifiers linked. Most e-commerce operators pair Fraud Intercept with a guarantee-style vendor: keep the behavioural scoring engine you trust, add shared network coverage no single-vendor model can produce on its own.

SaaS fraud concentrates at signup, login, and tier-boundary events rather than payment, and the loss is denominated in product usage rather than direct fund movement.

The same actors who run promo abuse on e-commerce or bonus farms on iGaming scale up to trial-credit chaining on free-tier SaaS, credential-stuffing on B2B logins, and seat-limit workarounds on usage-billed tiers. A synthetic-identity signup consumes free-tier resources, a takeover can convert to account-access changes and exfiltrated data, and a multi-account workaround shifts margin per seat. Fraud Intercept treats SaaS as one sector in a shared threat network alongside fintech, e-commerce, and iGaming.

Trial abuse is the systematic exploitation of free-tier credits or time-bounded trials. The Identity Graph stitches duplicate-trial signups across rotated emails, phones, and devices in a single logical entity.

The pattern mirrors bonus farms on iGaming welcome offers and promo-code stacking on e-commerce launches; the SaaS delta is that the credit is consumed in compute, API calls, or seat-equivalents that show up as cost-of-goods rather than refunded margin. A duplicate-trial signup that shares two or more identifiers with an existing entity surfaces at signup time rather than after the credits burn.

Supported registration events can be scored through Identity Graph linkage; Enhanced can add configured device intelligence.

For registrations linked to Known Threat evidence, operator-configured rules determine an allow, review, or block recommendation. Fraud Intercept does not claim a dedicated bot-defense or CAPTCHA workflow.

Fraud Intercept exposes a REST API for registration and login decisions rather than provider-specific plugins.

An integrating platform can submit supported registration and login events and receive a risk score, recommendation, and supported matching evidence. Authentication-provider compatibility remains the integrating platform's responsibility.

Usage-based platforms can use supported registration and login decisions to evaluate linked-risk evidence at access points.

Fraud Intercept returns configured recommendations for supported events. It does not claim billing-engine controls, usage throttling, or outbound billing notifications.

Castle runs proprietary session behavioural scoring; Persona is an identity-verification platform. Fraud Intercept operates the shared Identity Graph and Known Threats list as a primary product on top of which a per-brand Rules Engine sits.

Cross-operator matches are structural rather than statistical, and the Threat Record tells you exactly which identifiers linked. Most SaaS operators pair Fraud Intercept with Castle or Persona: keep the behavioural-scoring or identity-verification engine you trust, add shared network coverage that no single-platform vendor can produce on their own data alone.