SpyCloud released the Consumer IDLink solution, designed to help financial institutions and other consumer-facing organizations reduce risk and prevent fraud stemming from consumer identity exposures.
Consumer IDLink, delivered via API, uses SpyCloud’s proprietary identity matching analytics to unify fragmented identity exposures – from third-party breaches, infostealer malware infections, and successful phishing attacks – into holistic identities, giving fraud prevention and risk management teams correlated views they can act on automatically.
Unlike traditional compromised credential checking solutions, Consumer IDLink introduces a holistic identity approach – revealing a consumer’s complete exposure across their online personas, past and present. New SpyCloud holistic identity research shows that the average individual has 18 unique usernames and 237 records exposed on the darknet, often scattered across unrelated data sources.
A record is a collection of data points (email address, password, IP address, device details, etc.) associated with a given digital identity, exposed via a single breach, malware infection, combolist, or phishing campaign. Consumer IDLink connects these fragments into a coherent view of identity risk, empowering people and applications to detect compromised users early and take action to stop fraud proactively.
“Fraud prevention starts with knowing exactly what criminals know,” said Damon Fleury, SpyCloud’s CPO. “Consumer IDLink gives financial institutions the power to see what traditional tools miss: the complete picture of a consumer’s exposure across dark web data. With this visibility, organizations can detect high-risk users and synthetic identities sooner and intervene without adding friction for legitimate customers.”
Built on SpyCloud’s recaptured data repository
SpyCloud’s Consumer IDLink correlates over 800+ billion recaptured credentials, personally identifiable information (PII), and other identity data across the more than 60,000 breach sources, 80+ malware families, and dozens of phishing kits housed in SpyCloud’s darknet data repository.
By analyzing shared identifiers, including emails, usernames, passwords, and phone numbers, the solution builds a holistic identity around the end-user that reflects their full exposure across time, use case, and context.
Based on data available for the Top 100 US financial institutions, key benefits include:
- A 2.6X increase in data richness: Consumer IDLink boosts the average number of records per exposed user from 12 to over 33 – providing deeper context for assessing identity risk.
- Nearly 3X increase in credential pairs: Credential pairs tied to an exposed user more than double (6 to 16 pairs) when using Consumer IDLink. Credential pairs are combinations of a username or email address and its associated password that criminals can use – if they are not remediated – to gain access to an account.
- Smarter, earlier intervention: The API supports automated prevention workflows that enable organizations to take immediate action – such as resetting exposed passwords or triggering step-up authentication – before fraud can occur.
A differentiated approach to consumer account protection
The Consumer IDLink API is part of SpyCloud’s Consumer ATO Prevention product in the Consumer Risk Protection suite, delivering high-volume, flexible APIs that feed recaptured breach, malware, and phishing data directly into the tools and systems security, fraud, and risk teams already use.
By operationalizing the world’s largest repository of recaptured identity data, SpyCloud enables financial institutions to:
- Detect compromised consumers before an account is taken over
- Assess portfolio risk due to the severity of exposure
- Uncover identity exposures linked to malware infections and successful phishes, not just breaches
- Minimize financial impact or downturn due to fraud response and manual processes
- Preserve brand trust by securing users from login to transaction
 
			        