Skip to main content

Why does Devdraft have a transaction monitoring program?

To help keep our customers, developers, and partners safe, Devdraft performs transaction monitoring. This helps us meet our regulatory obligations and protect against fraud, theft, and scams—while also safeguarding the reputation of Devdraft, our banking partners, and the developers who build with us.

What type of transaction monitoring does Devdraft perform on fiat payments?

We monitor for third party “peer to peer” payments (3PP), receiver vs. customer name mismatches1, elderly financial exploitation (EFE), and suspicious patterns (unusually large payments, many small payments, velocity attacks, smurfing/structuring, etc.) which could suggest fraud, money laundering or other criminal activity.

What are the 3PP transaction limits for fiat payments?

For peer-to-peer payments, most Devdraft developers are subject to a $4,000.00 USD / 4,000 EUR threshold for wire, SEPA, and ACH onramps. Transactions exceeding this threshold are routed to manual review and may be approved with appropriate supporting evidence. In some cases, this threshold has been lowered due to fraud concerns or at the developer’s request.

Are there other limits?

We generally do not impose specific limits on first party (“me to me”), business to business, or business to consumer (e.g. payroll) onramps. However, if other risks are present, such as a payment for a business with little/no online presence or a payment with an elderly counterparty, we will treat payments with heightened scrutiny. We reserve the right to reverse any payment of any amount that cannot be fully substantiated by the customer or developer, or is deemed high-risk.

What are the SLAs?

During US business hours (Monday through Friday, 9am-6pm EST, excluding US bank holidays), for payments flagged for fraud risk, we try to process:
  • Wire transfers in 1 hour
  • ACH and SEPA payments in 2 hours or less
Outside of business hours and on weekends, we are developing a plan for coverage. Until that is in place, we will endeavor to process these after-hours flagged payments as quickly as possible.

What is the process for Requests for Information (RFIs)?

We appreciate your help in obtaining more information about risky payments. We’ll ask for this information via Slack or email; after we initiate RFI, we will wait up to 2 business days for your reply. After that, we will reverse the payment back to the sender and pause the Devdraft customer until the RFI can be completed. We will attempt to ask for what we need right away, but in some cases, the customer’s answers create new concerns. We do not intend to create a lot of back and forth between you and your customer. In most cases, after the second RFI, we will conclude whether or not the customer/payment can be supported. If at any point we decide the payment is too high-risk to support, we will return the funds, pause the customer and share our findings with the Devdraft Investigations team.

What type of RFI questions can be expected?

Depending on the type of payment, amount and risk factors, we may ask some combination of the following questions. These are only examples—we may need to dig in further depending on the context.

Relationship with sender

  • What is the customer’s relationship with the sender? Explain more about this person/business and how the customer found them.

Purpose of payment

  • What is the purpose of this payment? Can the customer provide documentation to verify this (invoices, receipts, etc.)?

Source of funds

  • What is the sender’s source of funds/wealth, or where is the money sourced from? Can the customer provide documentation to verify this (bank statements, contracts, etc.)?

Number of counterparties

  • Why has this customer transacted with so many different third parties over the last day/week/month?

Purpose of account

  • How is the customer using Devdraft?

Volume

  • Why is the customer moving so much money recently/all at once?

Velocity

  • Why is the customer moving money so many times in the same day/week?

EFE counterparty

  • Based on online sources, the sender is age 60+. Why is the customer receiving so much money from this elderly person?

Receiver name mismatch

  • Why does the receiver’s name on the payment not match the customer’s name?

Individual Account used for Business Purposes

  • Is the customer using their individual account on behalf of a business? Please explain.

Footnotes

  1. Receiver name mismatch refers to the name of the payment recipient not closely matching the name of the Devdraft customer. This is often an indication of fraud.