Shining a light on
the Dark Web
CyberAgent monitors the Dark Web for compromised personal information. It alerts users if any of their information is found, helping them avoid potential fraud. Unfortunately, over time, we saw that a substantial number of users were not getting CyberAgent’s full benefit.
I was tasked with leading the design of a new identity risk score to help users better understand their risk level and achieve their identity protection goals.
Detecting threats, missing people
CyberAgent was effective at detecting threats, but users struggled to assess their risk levels and were unsure what to do next. Experian's 100+ million users were overwhelmed by technical alerts and jargon they couldn't understand, and were uncertain how to respond.
Frustrated, users were calling for help, driving up support costs, or, worse, developing alert fatigue, tuning out, and failing to engage with the protective advice.
1
Grouped by event and date.
2
Data type found.
3
Long-winded explanation.
4
Additional data points given without context.
5
Multiple de-emphasized and vague actions for the user to undertake.
6
Confused, call us.
Before: CyberAgent alert.
The Challenge
Transform Dark Web monitoring into proactive protection
The solution needed to help users understand their personal risk and feel in control, while enabling partners to acquire, engage, and retain customers. CyberAgent was effective at detecting threats, but Experian's 100+ million users were overwhelmed by technical alerts they couldn't understand or act on.
My role
I led the design of the entire product: the score presentation, recommended user actions, and user behavior assessment.
I collaborated with a Product Director, two Researchers, a Stakeholder, the Data Science Team, and the Development Team.
I was engaged on the Product for approximately 6 months, spread out over a year, culminating in its launch in November 2023.
KICKOFF
Project origins and evolution
The original concept of the product was to produce an identity risk score analogous to a credit score. We kicked this idea around for years, but it never got off the ground because we did not have a way to generate a meaningful score.
The breakthrough: machine learning enables prediction
Using machine learning, our Data Science team developed an algorithm that combines each user's unique exposure with historical fraud data to predict their likelihood of falling victim to identity theft.
Inputs
Dark Web exposures
User security behaviors
Historical fraud data
ML Algorithm
Outputs
Early generative interview insights
Many people take a passive approach when data breaches occur, assuming the responsible company will handle the situation. This approach stems partly from a lack of awareness of the various ways their identity could be compromised and the different risk levels associated with different scenarios or data types.
However, people would find a personalized risk score both useful and helpful, particularly if it comes with additional context, such as how they compare to others and a clear explanation of how the score was calculated. When risk indicators are paired with a concrete action plan, people feel more empowered and in control of their security. The key is ensuring these action plans are truly personalized—going beyond generic advice or commonly known recommendations to provide specific, tailored steps that address their unique situation.
“
It depends on how personally tailored it is; if it gives general advice it won't be helpful.
”
–Participant 4, Charlotte, NC
Discovery
Understanding what users actually need
Journey mapping revealed how users at different stages of identity protection progressed from uncertainty to empowerment, underscoring that the plan-of-action presentation would be as crucial as the content itself. Users would need to see and understand the relationship between their actions and their score.
My competitive review revealed that the level of personalization that we could provide would be an advantage. Still, it also uncovered a data gap: certain user behaviors contributed to users' overall risk level, but this information was not present in our Dark Web data.
FRAMING THE PROBLEM
From risk score to comprehensive solution
Discovery research revealed the problem went deeper than risk assessment. Users fundamentally lacked clarity about what actions to take. As one participant explained: "Great, because the next question is 'what do I do?'" A risk score alone wouldn't be enough—users needed a comprehensive plan of action that inverted the information hierarchy: what to do first, with the ability to dig deeper into why.
This insight expanded the project scope from a single scoring feature into three interconnected tasks, each addressing a fundamental breakdown in how users understood their risk, received guidance, and took protective action.
Design
The Identity Health Score experience
Identity Health Score transforms overwhelming Dark Web alerts into clear, personalized guidance. By combining risk assessment with prioritized action plans and real-time feedback, users finally understand their vulnerability and know exactly what to do about it.
Key screens from the final Identity Health Score design.
Making complexity comprehensible
The interactive tooltip and contributing factors breakdown show users exactly what influences their score. Higher scores indicate better protection, aligning with familiar mental models like credit scores.
Marking a task "done" triggers a scroll to the animation.
Connecting risk to relevant actions and rewarding progress
Tasks are prioritized based on users' actual compromised data—addressing specific breaches first. Completing actions triggers immediate score updates with animations, creating visible progress that maintains momentum.
Survey questions have personal data embedded.
Gathering data without overwhelming
One question at a time prevents overwhelm while gathering comprehensive behavioral data. Questions embed users' actual compromised data, making abstract risks concrete and turning data collection into education.
STRATEGY
From alerts to action
To bridge the gap from detection to protection, I designed three interconnected product components that work together to help users understand risk, take action, and build better security habits.
The Score - An intuitive risk assessment that builds trust through transparency
The Action Plan - Personalized recommendations that connect to actual risk
The Assessment - A progressive experience that educates while gathering data
Designing the Score
This project was initiated because our users couldn't assess their identity risk from CyberAgent's technical alerts. The new score was supposed to fix this. But initial testing with 8 participants revealed a flaw: they were misinterpreting the scoring system. The product’s original name, Identity Risk Score, seemed to be influencing their thinking, and they assumed lower scores meant better outcomes—the opposite of what we intended. Users demanded transparency into what influenced their scores to understand the logic behind them better.
Reversing the mental model
I held a workshop with the data scientist team to consider the score presentation. Higher needed to mean better—matching patterns users already understood. So, I renamed it from "Identity Risk Score" to "Identity Health Score." The score rating bands were also adjusted to match the natural bell curve of actual scores, giving users a realistic impression of how their score compared to the average. These changes eliminated the confusion.
Early and final iterations of the score display.
Building trust through transparency
Users demanded to know what influenced their scores, but would not read long text blocks. I removed a lengthy overview and instead distributed information throughout the product in small, scannable pieces. Users could learn along the way and get answers to questions as they came up. Each layer built trust without creating overwhelm.
Dashboard CTA with next steps list.
Dark Web scan items scanned.
Real-time feedback
To help users connect their completed action to an improvement in their score, marking a protective action “done” triggered the score display to scroll into view, where an animation played as their score moved from one position to another. Users saw their efforts directly improve their security, and this visible progress sustained momentum throughout the action plan.
On marking a task “done” the chart scrolls into view and the score animates to it’s new value.
Validation
The third round of concept testing confirmed these changes worked. All participants understood how their scores were generated and what factors affected them. The letter grades (A-F) resonated because of the school grade system. Participants called the score "visual feedback that indicated whether the user was moving in the right direction."
“
It's the school mentality, you are at a B minus, you want to get to A.
”
–Participant 1, Charlotte, NC
Designing the Action Plan
Connecting recommendations to actual risk
Users ignored generic security advice. Discovery research with 13 participants revealed they needed "something more than just commonly known, or generic/vague information." Without personalization tied to their specific compromised data, recommendations felt irrelevant and were routinely dismissed.
Prioritizing by impact
I ranked action plan tasks by their effect on users' scores. Tasks addressing compromised Dark Web data appeared first due to their higher risk weight. If your credit card number was found on the Dark Web or your email address and password were involved in a breach, addressing these issues ranked higher than general advice like not using public WiFi unless it was secure. This prioritization helped users focus on what mattered most for their specific situation.
Task are sorted by default based on the impact each would have on their score.
Connecting to actual exposure
Rather than offering only generic, one-size-fits-all checklists, the majority of our actions related directly to users' actual breached data. When it was safe to do so, I surfaced the user’s personal information in the header for the recommended action (i.e., Update my janedoe@gmail.com login….). Expanding the action revealed details on why each step mattered for their security, providing the context users demanded. This approach transformed generic advice into personally relevant guidance.
Email exposure with contextual information.
Strategic partnership integration
I identified opportunities to recommend privacy tools—VPN, password manager, secure browser—when partners offered them and when relevant to the user's risk profile. These inline suggestions aligned user security needs with partner revenue goals, creating value for both sides.
Dynamic inline upsell offer.
Validation
Testing confirmed the personalized approach worked. Participants found the plan "engaging and trustworthy." One participant captured the transformation: "I feel violated when my information is stolen. Now I have a bit of control on my end." The 12% reduction in fraud events for users who followed their plans demonstrated that relevant, prioritized guidance drove real security improvements.
“
I like that I can do things actively on my end to improve my score. Want to keep it in the healthy green range. Will enjoy marking something done and watching the score go up.
”
–Participant 3, Upstate New York
Designing the Assessment
Educating while gathering behavioral data
The CyberAgent database was initiated in 2005. When users signed up today, they could receive alerts for breaches from a decade ago that they'd already addressed years prior. Since our algorithm wasn't aware that they'd fixed these issues, it would negatively impact their initial score—creating a poor first impression. I designed the assessment as part of the enrollment flow, where users would mark everything they'd already addressed, ensuring their first score was accurate.
Closing a data gap
During the design process, I identified a data gap. Our competitors used only behavioral questions, making their products generic. But these questions—like "Do you use a password manager?"—were still relevant. They assessed security practices that our Dark Web monitoring couldn't detect. I needed to work them in without abandoning our personalization advantage.
Behavioral survey question not related to Dark Web fraud data.
Progressive disclosure
As part of the enrollment flow, I created a wizard-style interface presenting one question at a time. Questions were short with yes/no answers, keeping the experience lightweight. A progress bar showed users where they were in the process. Testing revealed an unexpected benefit: walking users through each question actually increased their understanding of the product's capabilities. I added intro and closing screens that reinforced how the score was calculated.
Survey intro screen.
Survey outro screen.
Educational questions
Questions embedded users' actual compromised data: "Your email john.doe@gmail.com was found on the Dark Web along with a suspected password. Do you use this same password for other accounts?" Users immediately recognized their personal information, underscoring that the product was personalized to them and not generic. Testing revealed that answering these questions during onboarding helped users better understand what the product did, transforming data collection into learning moments.
Behavioral survey question related to Dark Web fraud data.
Validation
Participants found the assessment "easy to understand" and "not time consuming." One participant noted: "This is cool because you are educating your customer about what puts them at risk." The wizard format solved multiple problems: it captured completed actions to prevent duplicate recommendations, gathered behavioral data our competitors lacked, and built user understanding—all while ensuring their first score was accurate and trustworthy.
“
I know the basics but I like that this is more specific and personalized. I feel more secure taking a proactive stance.
”
–Participant 3, Oregon
IMPACT
Engagement up, fraud down
Identity Health Score launched in November 2023 and quickly became the most utilized feature when offered as part of a partner bundle. The results validated our research-driven approach: personalization and transparency drove both engagement and real-world security improvements.
User Engagement
68% increase in portal engagement time
Partners reported significantly higher user interaction with the platform. Identity Health Score became the most utilized feature when offered as part of a bundle, transforming passive monitoring into active engagement.
Elevated user satisfaction
Testing showed users found the experience "engaging and trustworthy," with the score serving as "visual feedback/motivator that indicated whether the user was moving in the right direction."
Security Outcomes
12% reduction in fraud events
Users who followed their personalized action plans experienced 12% fewer fraud events, directly demonstrating the impact of strategic UX design on real-world security outcomes.
Increased completion of protective actions
By connecting recommendations to users' actual compromised data and providing real-time feedback, users consistently completed more security tasks than with generic advice alone.
Business Value
Transformed passive alerts into proactive engagement
Shifted the product positioning from reactive notifications to an interactive engagement tool, creating ongoing touchpoints between partners and their customers.
Created strategic upsell opportunities
Inline recommendations for privacy tools (VPN, password manager, secure browser) aligned user security needs with partner revenue goals, driving both protection and business growth.
Streamlined content operations
Repurposed existing alert content into the action plan framework, scaling the feature across 100+ million users without requiring new writing resources.
Operational Efficiency
Reduced support burden
Transparent design and clear guidance decreased user confusion, lowering support call volumes that had previously strained operations.
Scalable platform solution
Successfully deployed across Experian's B2B2C partner network, demonstrating the design's flexibility to serve diverse audiences and contexts.
Conclusion
Takeaways
This project shifted how I approach complex products for non-technical users. The challenge wasn't just designing a scoring system—it was transforming how millions of people understand and act on their digital security.
Research is the foundation for strategic pivots. What began as a risk-score concept expanded into a comprehensive protection experience because research revealed that users needed more than assessment—they required action. This insight, gathered through 32 participants across multiple testing rounds, changed the product strategy and proved that deep user understanding drives better product decisions.
Balancing complexity with clarity. Working closely with data scientists, I learned to bridge technical sophistication with user comprehension. The most complex challenge was making machine learning predictions feel transparent and trustworthy. By reversing scoring logic, adding layered explanations, and showing real-time impacts, I created an experience users could both understand and trust.
Personalization as a differentiator. Generic security advice feels irrelevant. By connecting users' actual compromised data to prioritized recommendations and celebrating their progress with immediate feedback, I transformed identity protection from overwhelming to empowering. The 12% reduction in fraud events for engaged users validated that better UX directly improves security outcomes.
Content strategy matters. One of my unexpected learnings was the power of strategic content repurposing. By transforming existing alert content into actionable guidance, I demonstrated that thoughtful information architecture can multiply a feature's impact without proportionally increasing resources.
Looking back, the most rewarding aspect wasn't just the metrics—though a 68% increase in engagement and measurable fraud reduction are validating. It was seeing users describe feeling "in control" of their identity protection for the first time. That shift from helpless to empowered is what great UX can achieve.