Startup Hopes to Mitigate Credit Union Anxiety Over Breach Impacts

A San Francisco startup, which analyzes and scores all publicly reported U.S. data breaches, is aiming to take the fear and guesswork out of breach outcomes for credit unions and their members.

Fraud prevention and detection technology firm Breach Clarity developed a machine learning platform for finserv providers to enable highly targeted protections for customers. The patent-pending algorithm, developed by Jim Van Dyke, co-founder and CEO of Breach Clarity, analyzes 1,188 data points to assess the specific risks stemming from a breach.

The tool then recommends actions for the provider and the consumer to mitigate the risks of each particular breach. Breach Clarity expects to add new data points as its proprietary research, knowledge base and partner network expands.

Van Dyke explained the platform solves several of the most common problems faced by credit unions, banks, card issuers and other financial providers after a public data incident. “Financial institutions are in a bad spot when it comes to data breach fallout. These breaches, most of which they have zero control over, are coming fast and furious, yet the actual damage can take years to occur.”

Al Pascual, COO and co-founder of Breach Clarity, added, “Jim realized being a researcher that determining that harm was very formulaic and ultimately that formula became the heart of all the products Breach Clarity is building.”

The formula revolves around three objectives, according to Pascual:

1. “For any particular data breach, it tells you as a consumer, how bad or how risky it is when it comes to your identity, on a scale of one to 10, kind of like a Richter scale, but for data breaches.”
2. Providing a list of the potential harms that could occur, up to 11 different types of identity crime for example. Some cyberincidents are very germane to credit unions, such as with potential takeovers of credit or deposit accounts, and others do not directly affect member accounts but are very important to the member.
3. Calculating 50 or 60 different potential actions an individual can take to keep their identity and account safe.

“Without a single, consistent way to measure the impact of data breaches, every breach feels like an emergency,” Van Dyke said. “There are high-profile breaches that are not as serious as they seem, and smaller, less-visible breaches that can be extremely dangerous. Couple that complexity with the growing frequency of data breaches, and consumers are left feeling confused, overwhelmed and even helpless. This often leads to inaction, or taking the wrong action.”

Pascual also explained credit unions are making wonderful investments to try to help empower their members such as through two factor authentication and card controls. “Adoption rates on some of these controls are less than 10%,” Pascual noted. “We have a way to funnel this impetus after a big breach. “The idea is to provide clarity, calm fears and give direction, helping consumers regain a sense of control.” He added, “The breach clarity score conducts a sophisticated analysis, and yet provides quick and simple answers.”

Earlier this year, the Bay Area firm launched BreachClarity.com, which offers no-cost access to a searchable breach database, their respective Breach Clarity scores and most relevant protective actions. The database now includes more than 4,000 incidents, and grows on average by 50 breaches each week.

The algorithm works as part of a digital tool that lives within the credit union environment, through a widget on a website or in a mobile app, and works something like obtaining a credit score. Pascual said Breach Clarity anticipates participating credit unions would position it similar to LifeLock, available at no charge to members. “It’s not meant to be a fee-generating mechanism.”

Breach Clarity offers several solutions: Breach Clarity Premium, a consumer platform delivered through the providers’ online and mobile apps and integrated within their secure digital banking experience; Breach Clarity Professional, a hub for fraud mitigation professionals to view, aggregate, analyze and act on intelligence regarding compromised customer data; BreachedID, an API-based breach intelligence service for integration with identity verification and authentication platforms, and Breach Clarity Contact Center: A suite of products and services to route breach-related inquiries and provide consumers with specific and useful breach information.