SpyCloud Identity Risk Engine provides fraud risk assessments based on malware-stolen credentials
SpyCloud launched SpyCloud Identity Risk Engine, a transformative API-delivered solution that provides actionable, predictive risk assessments for e-commerce and financial service customers.
The assessments consist of a risk score supported by key risk indicators and reason codes, resulting from real-time analysis of SpyCloud’s unmatched collection of recaptured data from breaches, malware infections, and other underground sources.
To maximize profits while minimizing risk, organizations must work smarter, detecting fraud signals early to flag dangerous transactions and avoid adding friction for legitimate users. SpyCloud enhances the power of existing identity verification and fraud prevention solutions to illuminate which customers are at highest risk of fraud involving stolen data, such as account takeover and identity fraud.
“Online fraud is not just becoming more prevalent; it’s becoming harder to detect,” said Trace Fooshee, a Strategic Advisor in Aite-Novarica‘s Fraud & AML practice. “SpyCloud’s solution provides a robust assessment of identity risk derived from a wide variety of sophisticated attack patterns of account takeover and synthetic identity fraud. It is also notable in its capacity to incorporate their proprietary data sources of exposed credentials and identities into their risk models. This enables their customers to have a more complete and reliable perspective on the risk of a given identity and that gets them one step closer to a true 360-degree view of identity risk.”
SpyCloud’s database of over 145 billion assets represents data available to criminals for identity fraud attacks. While most individuals have had personal information exposed on the criminal underground, not all users are equally at risk, with exposures varying substantially by the types of data exposed, the recency, and the method of compromise.
“During the development of this product, we found that traditional types of identity verification left businesses lacking visibility into the key risk indicators found within breached information that enable criminals to evade detection and perpetrate account takeovers, identity theft and new account fraud, or construct synthetic identities,” said Pattie Dillon, Product Manager of Anti-Fraud Solutions at SpyCloud. “We designed this solution to create an anti-fraud category of its own, offering an underground data risk score to complement an organization’s existing solutions to protect against aggressive modern fraud tactics. The ultimate goals are to save time, increase revenue, and preserve profitability by weeding out bad actors and reducing friction for legitimate consumers.”
Without a complete view of customers’ risk, inaccurate decisions can lead to lost revenue from fraudulent transactions, false positives, negative customer experiences, and unnecessary time wasted on manual reviews. While e-commerce fraud losses were projected to reach a staggering $6.4 billion in 2021, that figure pales in comparison to the $443 billion in projected losses from false declines during the same period. Meanwhile, losses from identity fraud spiked by 42 percent between 2019 and 2020 and are expected to increase to $635 billion by 2023.
A holistic solution for identity gaps
To distill billions of disparate data points into summarized statistical elements that can drive fraud decisions at scale, SpyCloud Identity Risk Engine correlates connections between consumers’ exposed identifying information and calculates a score based on key risk indicators found in data recaptured from the underground.
This analysis of fraud markers helps e-commerce and financial services companies detect risk at key points in the customer journey – at account creation or enrollment, login, account modification, or transaction. High-risk users can be blocked or flagged for additional verification steps, while low-risk customers can continue friction-free.
Existing anti-fraud solutions offer a patchwork of insights and data to describe users, from behavioral analytics to historical data to geolocations, but none harness the comprehensive view of user identity required to deliver a thorough understanding of the risk of each user.
SpyCloud is a solution that uses recaptured breached data to account for the dangerous unknowns that can differentiate a low-risk user from an at-risk user most susceptible to fraud attacks. SpyCloud Identity Risk Engine offers:
- Aggregate data distilled into an underground risk score with supporting key risk indicators and reason codes that provide a clear signal for fraud decisioning at scale.
- Historical evidence linking exposed data, security hygiene, and other important indicators to help expedite fraud decisions and decrease the need for manual review.
- Unparalleled access to data drawn from sources that can’t be found via web search, including breach data and logs from malware that allow bad actors to impersonate real users.
- Compatibility with existing security solutions/control frameworks for greater insight and accuracy of users in real-time or built into an organization’s internal risk engine.
SpyCloud’s innovative approach to fraud prevention specializes in forms of fraud that are hardest to stop, predicting fraud tied to malware, anticipating account takeover (even when passwords are not used for authentication) and detecting synthetic identities to reveal consumer exposure and forecast targeted attacks.