Back to Blog

SpyCloud Unveils its Identity Risk Engine

SpyCloud Unveils its Identity Risk Engine

FinovateFall Best of Show winner SpyCloud has launched its latest solution to combat online fraud. The SpyCloud Identity Risk Engine, unveiled this week, analyzes billions of data recaptured from the dark web to help businesses and financial institutions make faster, more accurate, real-time fraud mitigation decisions.

What’s unique about SpyCloud’s approach to fighting fraud is the company’s focus on identifying credentials that have been exposed during data breaches and are actively being traded in the criminal underground. These exposed credentials are sold to fraudsters on the black market or used by the hackers themselves to steal confidential information, access secure systems, or commit fraud. Because many of these sources of stolen credentials cannot be readily accessed by automated software tools or web crawlers, SpyCloud uses a combination of technical innovation and human intelligence to find and recapture data from online criminal communities. The company also gives businesses and financial institutions access to the kind of authentication systems that will help defend them against cyberattacks that leverage stolen credentials such as account takeover (ATO), identity fraud, and new account fraud.

With the release of its SpyCloud Identity Risk Engine, SpyCloud gives businesses in financial and ecommerce services actionable, predictive fraud risk assessments based on breach data and stolen credentials that have been recaptured from the dark web. The technology combats difficult-to-detect challenges including data harvested by malware and the use of synthetic identities. SpyCloud Identity Risk Engine also gives businesses insight into which customers have the highest risk of account takeover due to risk factors such as exposed credentials or weak password protocols.

Businesses place the Identity Risk Engine at their most critical points of potential fraud (i.e., at account opening, login, transactions, etc.). From there, all that is required is an API query using an email address or phone number. SpyCloud then scans billions of recaptured data points to deliver a risk score that enables businesses to make more accurate fraud decisions. SpyCloud has recaptured more than 145 billion breached assets, more than 30 billion email addresses, and more than 25 billion total passwords. The company’s technology collects 50+ breach sources every week.

Winner of Built In Austin’s Best Places to Work for a second year in a row, SpyCloud was founded in 2016 and made its Finovate debut one year later. The company was featured in Fast Company’s inaugural Next Big Things in Tech roster last fall and, in October, SpyCloud announced a partnership with Houston, Texas-based identity and access management solution provider Identity Automation to help schools fight ransomware threats.

“Preventing ransomware is possible by negating the top attack vector: credentials that have been exposed in data breaches,” SpyCloud SVP of Business Development Cassio Mello explained. “This service gives schools early identification of compromised accounts, enabling them to take action quickly and prevent cyber attacks that leverage recently-breached identity data.”

SpyCloud has raised $58.5 million in funding from investors including Centana Growth Partners, Microsoft’s Venture Fund M12, March Capital, and Silverton Partners. Ted Ross is co-founder and CEO.


Photo by Anthony from Pexels