Transforming Dark Web alerts into actionable identity protection through personalized risk scoring.

Company

Experian

Nov 2023

Role

Product Design Lead

Sole Designer

Collaborators

Product Owner - Identity

Senior Researcher

Developers

Executive summary

Experian's 100+ million users struggled with the complexity of Dark Web monitoring alerts, leading to confusion and low engagement with protective measures. I led the design of an Identity Health Score feature, simplifying security alerts into an intuitive, credit score-like experience. This approach integrated machine learning with behavioral evaluation, offering personalized scores and actionable plans.

Through numerous interviews and testing sessions, I found that users valued actionable guidance and desired transparency regarding the factors that influenced their scores. The solution achieved a 68% increase in portal engagement and a 12% reduction in fraud events for users who followed the plans. It ultimately became the most popular feature among partners, showcasing how strategic UX design can enhance security and business engagement.

Context

Designing for identity protection at enterprise scale.

Our flagship identity protection tool, CyberAgent, was effectively detecting threats, but users had no way to assess their actual risk level and were uncertain about what to do next. Experian's 100+ million users were overwhelmed by technical alerts they couldn't understand or take action on.

The challenge

Users receiving detailed breach notifications felt overwhelmed rather than protected. Technical jargon about Dark Web databases meant nothing to everyday consumers, and without context about severity or appropriate responses, these alerts often went ignored.

The stakes

The consequences extended beyond user frustration. High support call volumes strained operations, while low engagement with protective measures left users vulnerable. Partners questioned the value of a tool that confused rather than empowered their customers. This underscored the need for a radically different user experience.

Understanding

The users:
Consumers navigating unfamiliar security threats.

Our primary users are consumers who receive identity monitoring through our partners, either via subscription or as a complimentary service. They span from security-conscious individuals to those with minimal cybersecurity knowledge. Most struggle with technical concepts like the Dark Web and feel overwhelmed by detailed alerts that assume expertise they don't possess. When breaches occur, they want immediate clarity: "Am I actually at risk, what should I do about it, and how can I prevent this in the future?"

Discovery research notes.

The tasks:
From reactive confusion to proactive protection.

Users needed to interpret CyberAgent alerts to understand their personal risk levels and take appropriate protective actions. However, the descriptions of the alerts were confusing, and the recommended actions were unclear. In addition to responding to immediate threats, users wanted to monitor and improve their identity security over time. Many users unknowingly engaged in risky behaviors, such as using weak passwords, oversharing on social media, and neglecting device security, while assuming that their monitoring service would automatically protect them. They required a clearer understanding of what the product could and could not do, as well as what actions they needed to take or avoid.

Not only can I use this app to actively monitor and improve my score, I can understand and learn techniques and ways to keep my information safe.

—R3 Concept Test subject

The tool:
CyberAgent's information-heavy approach.

CyberAgent compares user data against Dark Web fraud databases and sends comprehensive alerts when matches are found. While technically sophisticated, these alerts inundated users with breach details without providing context about risk severity or clear guidance on next steps. The system excelled at detection but failed to communicate effectively with its audience, creating more anxiety than actionable insights.

Legacy alert with multiple recommended actions.

Updated discrete recommended action tasks.

Project Goal & Scope

Goal

Transform Dark Web monitoring from reactive alerts into proactive identity protection through an intuitive, credit score-like experience that helps users understand risk and take meaningful action.

Scope

Project Task I

Produce an identity risk score.

Problem

Support analytics and interviews showed our alerts had too much detail and not enough context.

Users were unable to interpret Dark Web alerts or determine their overall risk level. The technical CyberAgent notifications provided extensive breach details but lacked context about whether users were safe or at risk, resulting in high support call volumes and disengagement.

A scoring system could solve this by providing users with immediate context about their overall identity safety. Rather than forcing users to interpret complex technical alerts, a score would give an instant assessment of how safe or at risk their identity was, with action plans explaining what to do about it.

Problem

Concept testing revealed that users often misinterpreted their scores.

Initial testing with 8 participants revealed that users misinterpreted the scoring system as a measure of profile completion rather than risk assessment. After completing a workshop with our Data Scientists, I redesigned it as "Identity Health Score" with higher scores indicating better outcomes, aligning with familiar concepts like credit scores and school grades. Users also demanded transparency about the factors influencing their assessment to trust the recommendations.

All users understood how the plan and score were generated after I added:

Dashboard steps preview

Dark Web scan graphics

Explanatory tooltips

Approach

Personalized score design driven by user testing and competitive analysis.

Through three rounds of concept testing with 19 subjects, I identified two core issues: misunderstanding of the scoring logic (lower scores indicating better performance) and a lack of transparency regarding what influenced their scores. In a workshop with data scientists, we explored ways to make the scoring system more intuitive and user-friendly. I conducted a competitive analysis, revealing that competitors relied on generic security assessments, whereas our personalized approach could connect users' actual compromised data to real-time score improvements.

Design Decision

Creating clarity through personalization, familiar scoring patterns, and real-time feedback.

I leveraged users' mental models of credit scoring systems, where higher scores indicate better outcomes. To support this, we changed the name of the product from “Identity Risk Score” to “Identity Health Score.” To build trust, I added interactive tooltips that explained scoring factors, incorporated descriptions of the data types used, and introduced animations that linked user actions to score changes in real-time. These design decisions not only clarified the score's meaning but also demonstrated how specific behaviors could improve it, driving deeper engagement while reducing confusion and support calls.

Project Task II

Provide users with a plan of action.

Problem

Once users understood their score, they wanted to know how to improve it, testing showed.

User interviews with 13 participants revealed that personalized action plans were more valuable than generic scores alone. Most users unknowingly engage in risky behaviors, such as reusing passwords across accounts or failing to keep their software up to date, making tailored recommendations essential for meaningful engagement.

Competitor’s generic security checklist.

Personalized action tasks.

Problem

Interviews revealed a significant gap between what users expect from monitoring products and their actual capabilities.

Some users thought their monitoring service would actively protect them when breaches occurred, not realizing that monitoring services only alert, they don't act. This fundamental misunderstanding left users vulnerable, despite their belief that they were protected.

Additionally, users wanted to see tangible progress when they took protective actions, but had no feedback mechanism to understand how their security efforts improved their overall identity safety. Without this connection between actions and outcomes, users couldn't understand which protective measures mattered most or stay motivated to complete their security tasks.

Approach

Behavioral research and strategic use of personalization.

I analyzed findings from 13 generative interviews, identifying three critical patterns: users wanted recommendations tied to their specific compromised data, they needed clear explanations of why each action mattered, and they ignored generic security advice that felt irrelevant to their situation. I applied a competitive analysis methodology to evaluate existing solutions, discovering that competitors offered broad security scores but lacked a clear connection between users' actual breach exposure and recommended actions, resulting in a significant gap in personalization. My approach centered on developing a personalization strategy that combined multiple data sources, including Dark Web exposure data and behavioral risk factors, to create a comprehensive user risk profile. This profile could generate truly relevant recommendations rather than generic security advice.

Generic competitor survey questions. No matter your score they recommend you buy their product.

Design Decision

Personalized action plan with real-time feedback and a bonus strategic partnership opportunity.

I designed an interactive action plan that solved multiple user needs:

  • Score-impact prioritization: Ranked actions by their effect on users' scores, tasks addressing compromised Dark Web data appeared first due to their higher risk weight

  • Clear context: Explained why each behavioral recommendation mattered for their security

  • Immediate gratification: Real-time score feedback with automatic scrolling and animations rewarded completion.

I also identified a strategic partnership opportunity: inline plan upgrade suggestions that appeared if partners offered privacy tools (VPN, password manager, and secure browser), aligning user security needs with partner revenue goals.

Project Task III

Create a behavioral assessment to pair with and improve the score and plan.

Problem

Researching the problem space uncovered gaps in our data.

Our Dark Web monitoring successfully detected when users' data appeared in criminal databases, but missed critical behavioral risks that increased the likelihood of future breaches. Users with identical breach exposures—say, both had emails compromised in the Marriott breach—could have vastly different actual risk levels based on whether they used unique passwords, enabled two-factor authentication, or shared personal details on social media. Users with identical breach exposures could have vastly different actual risk levels based on their security behaviors, and outdated recommendations from our legacy alert database frequently suggested actions users had already completed, like 'change your password' for breaches from years ago, causing frustration and eroding trust in our guidance.

Problem

Testing showed that to keep users engaged, we needed to deliver the correct amount of information at the right moment.

Initial testing revealed that users felt overwhelmed by long security recommendation lists and didn’t review all of the information. We needed to create manageable, prioritized action items that users could complete while maintaining momentum through visible progress indicators, ensuring sustained engagement with their security improvement plans.

Approach

A guided survey to maintain engagement, improve score accuracy, and increase comprehension.

I applied progressive disclosure principles to prevent user overwhelm, designing a wizard-style interface that presented one question at a time rather than a lengthy form. Through iterative testing, I refined the phrasing and sequencing of questions to maintain engagement while gathering comprehensive behavioral data. I incorporated personalization by embedding users' actual compromised data into question text—for example, 'Your email john.doe@gmail.com was found on the Dark Web along with a suspected password. Do you use this same password for other accounts?'—making the assessment feel tailored rather than generic. My approach prioritized dual functionality, capturing accurate user data while simultaneously educating users about security risks they may not have considered.

Design Decision

Personalized behavioral survey with educational value.

Rather than showing new users an inaccurate score that would immediately require correction, I designed the assessment as their entry point, ensuring their first score was both accurate and educational. The wizard format solved multiple design challenges:

  • Eliminated redundancy: Captured completed actions to prevent duplicate recommendations

  • Improved accuracy: Incorporated real-world security behaviors missing from Dark Web data alone

  • Created learning moments: Users discovered risk factors they hadn't considered, building security awareness alongside data collection.

This decision transformed what could have been a simple data collection exercise into an engaging, educational experience that built user trust while ensuring their initial score was both accurate and actionable.

Output

Final screens

Impact

Success metrics & results

User Engagement

Our partners saw a 68% increase in time on the portal.

IHS is the most used feature when offered as part of a bundle.

Security Outcomes

Users who followed their Plan had 12% fewer fraud events.

Increased user completion of protective security actions.

Business Value

Transformed reactive alert system into a proactive engagement driver.

Created upsell opportunities within recommended actions.

Streamlined content creation by repurposing existing alert content.

Operational Efficiency

Reduced support burden through improved user understanding.

Scalable solution implemented across 100+ million user platform.

Not only can I use this app to actively monitor and improve my score, I can understand and learn techniques and ways to keep my information safe.

I like that I can do things actively on my end to improve my score. Want to keep it in the healthy green range. [I] will enjoy marking something done and watching the score go up. I will set it up by adding all my details to be monitored.

Conclusion

This project expanded my experience with strategic product thinking, transforming a simple scoring idea into a comprehensive identity protection experience that genuinely engaged users.

I learned how to balance information depth with usability through a research-driven design approach. Iterative testing helped me ensure users could trust the score without feeling overwhelmed.

I also gained a new appreciation for content strategy. By repurposing existing alert content into actionable guidance, I learned how to boost our feature’s impact without adding new writing resources.

Finally, I realized that measuring success means looking beyond usage metrics. Seeing a 12% reduction in fraud events for users who followed their plans underscored the effectiveness of UX design in directly improving user security.

Copyright © 2025 Tricia Bayne

Copyright © 2025 Tricia Bayne

Copyright © 2025 Tricia Bayne