Close this search box.

Putting Breach Data to Work in Fraud Prevention

Common Misconceptions About Using Breach Data to Fight Online Fraud
  • Every user is equally exposed.
  • Breach data is only valuable to criminals.
Common Misconceptions About Using Breach Data to Fight Online Fraud
  • Every user is equally exposed.
  • Breach data is only valuable to criminals.

A common misconception is that since everyone has been exposed in data breaches, the battle against identity theft and fraud has already been lost. It’s true that a significant portion of the population has been compromised – last year alone, SpyCloud recaptured 1.5 billion exposed credentials, and we found the average person’s identity is exposed in about one data breach per quarter.

As alarming as that is, it doesn’t mean we’re powerless against the fraud that exposed data is feeding.

Two core assumptions are hindering the fight against online payment fraud – first, that every user is equally exposed, and second, that breach data is only valuable to criminals. But the truth is that fraud prevention can benefit from breach-exposed “underground data” (data that has leaked on the criminal underground). It provides signals of users’ risk, enabling faster and more accurate detection and prevention of fraud in online transactions.

But to truly understand how to leverage exposed data for good, first, we need a grasp on how criminals are using underground data to carry out fraudulent transactions – and why the scale of the problem necessitates a new framework to solve it.

The Growing Fraud Problem

The epidemic of data breaches and leaks has proved highly profitable to criminals, and the money is set to keep flowing in. According to Juniper Research, online payment fraud over the next four years is slated to reach nearly $206 billion – ten times Amazon’s net income in 2020. Criminals are becoming savvier, and, with the increasing prevalence of tools and data used to exploit vulnerabilities, threat actors are growing in number as well as skill.

Recent analysis points to attacks becoming more surgical. The Identity Theft Resource Center 2020 Data Breach Report cited more than 1,108 publicly reported data breaches in 2020, a 19% decrease in breaches and a 66% decrease in individuals affected. Increasingly, criminals are targeting businesses with greater vulnerabilities due to risky consumer behavior, rather than stealing consumers’ personal information in high quantities.

For businesses that depend on online transactions, the growing risk of fraud presents a serious threat to long-term viability. These risks are heightened by the sophistication of the methods criminals employ, users transacting from multiple devices, and increased mobility. Password reuse has contributed to the widespread availability of exposed credentials on the criminal underground. SpyCloud’s Annual Credential Exposure Report found a 60% password reuse rate among users exposed in data breaches in 2020. As a result, credentials have become a preferred currency of criminals ready to exploit them for profit, notoriety and often, both.

Credentials are low-effort tools in the criminal’s toolbox to take over consumer accounts and carry out fraud. Circumventing MFA requires additional PII that is also siphoned in data breaches, or web session data (cookies) stolen via malware infections that enable session takeover, particularly when coupled with anti-detect browsers that can emulate a legitimate user’s trusted device and browser fingerprint.

A growing variety of crimeware tools coupled with massive amounts of stolen data available to criminals on the underground enables them to fly under the radar of today’s fraud controls.

Outgrowing Our Fraud Stack

To defend against online payment transaction fraud, most organizations rely on a set of tools or ‘control framework,’ selected to maximize efficacy and lower cost whenever possible. A wide range of anti-fraud tools are available: traditional identity verification, botnet detection, device fingerprinting, IP address monitoring, geolocation triangulation, multi-factor authentication, knowledge-based authentication, behavioral tools, biometrics, consortium data, and more.

All types of fraud detection tools are, to varying degrees, valuable – until they don’t work anymore. No form of protection is impenetrable. Inevitably, fraud detection tools become predictable to criminals. Once criminals detect a point of weakness, they exploit it for profit, tell their close allies how to do the same, and sell the tools and data to continue doing so on the criminal underground.

At this point, many of the anti-fraud solutions out there have become outdated, legacy technologies that can be bypassed by criminals with little effort. Therefore, it is paramount to equip fraud control framworks with multiple solid solutions that may be easily and quickly adjusted to adapt to emerging fraud trends.

Rethinking Fraud Defense – Context Clues

Businesses must balance customer experience with the importance of monitoring and acting upon fraud signals. Ignoring fraud signals to increase revenue can cause businesses to risk losing customer confidence and become bigger targets for criminals. On the flip side, using tools that are too onerous and disruptive to the customer journey could stifle growth.

Breached underground data is invaluable in providing context around a user’s transaction risk level. Buried in vast amounts of underground data are indicators that offer critical insights into customers’ risk profiles. Leveraging these indicators proactively provides a new predictive method to defend against fraud. These data attributions can help seamlessly direct users through the appropriate transaction channels to enhance customer retention and satisfaction, increase sales, and decrease fraud.

In other words, the more insight a business has into its users, the more trust it can extend. Identity verification solutions like multi-factor or knowledge-based authentication can verify the accuracy of names, addresses, phones and emails. They can’t, however, paint a full picture of users’ risk of account takeover, or your company’s risk of being defrauded by synthetic identities created from users’ exposed credentials.

Knowing the attribution, timing and frequency of when a user’s exposure happened, as well as to what degree their sensitive information is available to criminals, is a set of critical specifics that help to craft a distinct picture of the user’s risk. This enriched identity knowledge allows a business to better know its users, generate a seamless and smooth transaction journey, and make appropriate transaction decisions while providing the trust and safety users have come to expect.

Though most of us have been exposed in some way, we can learn critical lessons from the records of the exposures already circulating in criminal networks. Dismissing this data is ignoring information that could help prevent fraud and reduce risk. Criminals have stolen and exploited intimate knowledge of who we are and how we behave in a digital world. It’s time we made that knowledge work for us.

This article was originally published on

Contact us about how we’re helping enterprises use breach data to combat fraud. 

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

[2024 REPORT] The biggest identity threats to have on your radar. Read Now

Close this search box.