Identity Health Score

Shining a light on the Dark Web

CyberAgent monitors the Dark Web for compromised personal information. I led the design of a new identity risk score to help users better understand their risk level and achieve their identity protection goals.

68% Engagement lift
12% Fraud reduction

Product Design Lead · Experian Partner Solutions · Launched November 2023

Effective detection, ineffective communication

CyberAgent was effective at detecting threats, but users struggled to assess their risk levels and were unsure what to do next. Experian’s 100+ million users were overwhelmed by technical alerts and jargon they couldn’t understand, and were uncertain how to respond.

Frustrated, users were calling for help, driving up support costs, or, worse, developing alert fatigue, tuning out, and failing to engage with the protective advice.

Original CyberAgent Dark Web alert UI
1
2
3
4
5
6
  1. 1 Grouped by event and date.
  2. 2 Data type found.
  3. 3 Long-winded explanation.
  4. 4 Additional data points given without context.
  5. 5 Multiple de-emphasized and vague actions for the user to undertake.
  6. 6 Confused, call us.

The Challenge

Transform Dark Web monitoring into proactive protection

CyberAgent was effective at detecting threats, but Experian’s 100+ million users were overwhelmed by technical alerts they couldn’t understand or act on.

My role

I led the end‑to‑end product design for Identity Health Score, from early concept through launch — spanning the score presentation and information architecture, the personalized action plan experience, and the behavioral assessment flow.

I collaborated closely with a Product Director, two Researchers, the Data Science team, and the Development team throughout the definition, iteration, and delivery phases.

Company Experian Partner Solutions
My role Product Design Lead
Team Product Director, 2 Researchers, Data Science, Engineering
Timeline ~6 months over one year
Launched November 2023

Kickoff

Project origins and evolution

Using machine learning, our Data Science team developed an algorithm that combines each user’s unique exposure with historical fraud data to predict the likelihood of identity theft.

Inputs

  • User’s Dark Web exposures
  • User real-time security behaviors
  • Historical fraud data

ML Algorithm

  • Analyzes patterns
  • 87% accurate prediction rate

Outputs

  • Risk score
  • Prioritized action plan

Early generative interview insights

Many people take a passive approach when data breaches occur. However, people found a personalized risk score useful, especially when paired with a concrete, tailored action plan that adapts to various user needs.

“It depends on how personally tailored it is; if it gives general advice it won’t be helpful.”

— Participant 4, Charlotte, NC

Discovery

Understanding what users actually need

A journey mapping exercise revealed how users at different stages of identity protection progressed from uncertainty to empowerment. The presentation of the action plan would matter as much as its content; users needed to see how their actions moved their score.

User journey map: Danielle, from alert receipt to empowerment

What the competition revealed

My competitive review confirmed that the level of personalization we could offer would be an advantage — but it also revealed the other side of the coin. Competitors had built behavioral assessments around common‑sense security habits. We had none of that. What we had instead was something they couldn’t match: a massive database of real compromised personal data matched to each specific user.

Our advantage

Rich personal breach data

  • Real email addresses, passwords, and breach sources matched to this user
  • Highly personalized — everything is specific to their actual exposure
  • Missing: what the user was actively doing to protect themselves

Their advantage

Behavioral common‑sense advice

  • Password hygiene, MFA usage, phishing awareness — universally applicable
  • Covers proactive prevention that breach data can’t see
  • Missing: any connection to the user’s actual compromised data

They had the half we were missing. We had the half they were missing. The solution was to bring both together — and the behavioral assessment was how we closed our gap.

Competitor assessment — generic and impersonal but not wrong Competitor assessment — question flow example
Competitor’s advice was generic and impersonal but not wrong.

Framing the Problem

From risk score to comprehensive solution

One participant said it plainly: “Great, because the next question is what do I do?” The score was the starting point, not the solution. That insight prompted journey mapping tracing how users moved from receiving a Dark Web alert to either taking action or dropping off. We saw three consistent breakdowns.

I reframed the project from “ship a risk score” to solve three linked problems:

Task 1 – Make risk legible: a clear, intuitive score and explanation.

Task 2 – Turn insight into action: a personalized, prioritized plan.

Task 3 – Close data gaps: a behavioral assessment that both educates users and improves the model.

This framing aligned Product, Data Science, and Engineering on a cohesive solution rather than a standalone feature.

Problem
Approach
Success Metrics
Task 1

Users can’t interpret Dark Web alerts or assess their actual risk level, leading to confusion and inaction

Create an intuitive Identity Health Score using familiar credit score patterns with real‑time feedback and transparent scoring factors

  • Score comprehension rate
  • User trust in recommendations
  • Reduction in support calls
Task 2

Generic security advice feels irrelevant, and overwhelming lists of recommendations cause user abandonment.

Design personalized action plans based on compromised data and behavioral assessments, with real‑time feedback on score improvement.

  • Plan completion rate
  • User engagement time
  • Protective action adoption
Task 3

Dark Web monitoring cannot detect real‑world behaviors users engage in, whether mitigating or risky.

Design a progressive assessment that educates users while capturing behavioral data to improve score accuracy.

  • Assessment completion rate
  • Score accuracy improvement
  • User learning outcomes

These three tasks became the backbone of the Identity Health Score experience and directly informed the design of the score, the action plan, and the behavioral assessment.

Design

The Identity Health Score experience

Identity Health Score transforms overwhelming Dark Web alerts into clear, personalized guidance. By combining risk assessment with prioritized action plans and real-time feedback, users gain a clear understanding of their vulnerability and know exactly what to do about it.

Dashboard entry point

Dashboard entry point

New user sees the IHS feature

Behavioral Assessment

Behavioral Assessment

Progressive disclosure wizard

Initial Score and Plan

Initial Score & Plan

First results with transparency

Updated Score

Updated Score

Real-time feedback after completing actions

Making complexity comprehensible

The interactive tooltip and contributing factors breakdown show users exactly what influences their score. Higher scores indicate better protection, aligning with familiar mental models like credit scores.

Score update after completing an action
Connecting risk to relevant actions

Tasks are prioritized based on users’ actual compromised data, addressing specific breaches first. Completing actions triggers immediate score updates with animations, creating visible progress that maintains momentum.

Wizard with personalized question and educational tooltip
Gathering data without overwhelming

One question at a time prevents overwhelm while enabling collection of comprehensive behavioral data. Questions embed users’ actual compromised data, making abstract risks concrete and turning data collection into education.

Strategy

From alerts to action

To bridge the gap from detection to protection, I designed three interconnected product components that work together to help users understand risk, take action, and build better security habits.

Designing the Score

Making risk comprehensible and trustworthy

Initial testing revealed a flaw: participants misread the “Identity Risk Score,” assuming lower numbers meant safer. I recommended reframing from risk to health, renaming the feature Identity Health Score, and aligning the scale so higher = better.

Problem

Users misread “Identity Risk Score” — lower numbers felt safer, inverting the intended meaning.

Decision

Renamed to “Identity Health Score.” Higher = better. Rating bands adjusted to reflect actual score distribution.

Outcome

In the next concept test, all participants correctly interpreted the scale.

Building trust through transparency

Users wanted to know what influenced their scores, but would not read long blocks of text. I audited our explanation of the score and found we were front‑loading too much information into a single dense overview. I replaced this with a layered transparency model, distributing information throughout the product in small, scannable pieces: (1) a clear label (Identity Health Score) and A–F grade. (2) a short tooltip explaining what the score represents. (3) a breakdown of contributing factors that surfaces the biggest drivers of their score.

Flow steps from dashboard
Flow steps from dashboard
Dark web scan from survey intro
Dark web scan from survey intro
Tooltip with definition and context
Tooltip with definition and context
Score factors accordion
Score factors accordion

Real-time feedback

Testing showed that users did not initially make the connection between completing a task and their scores increasing.

Problem

Users completed actions but saw no tangible payoff. Motivation dropped off after the first few tasks.

Decision

Added real-time score animation: when a user marks an action “done,” the score scrolls into view and animates.

Outcome

68% increase in engagement time. Participants said they “enjoyed watching the score go up.”

Score animating upward after completing an action

“It’s the school mentality, you are at a B minus, you want to get to A.”

— Participant 1, Charlotte, NC

Designing the Action Plan

Grounding advice in real-world risk

Discovery research showed users either ignored generic advice or completed easy tasks that didn’t materially reduce risk. I designed a prioritized, personalized action plan where tasks tied directly to breached data appear first.

Problem

Generic, one‑size‑fits‑all guidance created fatigue. Users couldn’t tell which steps would make them safer.

Decision

Prioritized action plan: tasks tied to actual breached data first, lower‑impact hygiene tasks grouped later. Each includes a “why this matters” explanation.

Outcome

12% reduction in fraud events among users who followed their personalized plans.

Prioritizing by impact

Tasks addressing compromised Dark Web data appeared first due to their higher risk weight. This ordering helped users focus on what mattered most for their specific situation.

High and medium priority tasks
high and medium priority tasks

Making personal breach data visible

Most actions are directly related to users’ data found on the Dark Web. When safe, I surfaced the user’s personal information in the action header, for example: “Update my janedoe@gmail.com login.” Expanding revealed why each step mattered.

Expanded personalized action
expanded personalized action

Strategic partnership integration

Some actions related to partner‑offered privacy tools — VPN, password manager, secure browser. Inline suggestions aligned user security needs with partner revenue goals.

Partner upsell within recommended action
Partner upsell within recommended action.

“I feel violated when my information is stolen. Now I have a bit of control on my end.”

— Participant, testing session

Designing the Assessment

Three birds with one stone

The behavioral assessment began as a practical fix: our Dark Web database goes back to 2005, so new users could enroll and see their initial score dragged down by alerts they’d resolved years earlier. I needed a way to identify those stale items and account for them at first launch.

Problem

Historical breach data didn’t reflect what users had already fixed. New customers could start with an artificially low score, eroding trust before they’d taken a single action.

Decision

Introduce a wizard-style behavioral assessment during enrollment — one question per screen, each referencing the user’s own compromised data, with a clear progress indicator throughout.

Outcome

Accurate initial scores grounded in each user’s current reality, not outdated incidents.

A more accurate initial score.

The primary goal is to have users confirm which historical breaches they’ve already addressed, so their score reflects their actual risk today rather than a five-year-old snapshot.

Survey question regarding actual user data
Survey question regarding actual user data

Closing our data gap

Once the assessment was in place, I saw an opportunity to ask about broader security behaviors, such as password reuse, MFA adoption, and device security. The critical signals our alert data couldn’t see. Asking these questions allowed us to calculate a more complete score from day one.

Survey question regarding security behavior
Survey question regarding security behavior

Building the mental model

Testing revealed an unexpected benefit: completing the survey helped users understand the product. Walking through the questions gave them a mental model of how Identity Health Score works, and surfacing some of their personal data in the questions demonstrated a level of personalization to them. The intro and outro screen animations added to this by giving context on what goes into their score.

Survey intro screen Survey outro screen
Survey intro/outro screens.

“I know the basics but I like that this is more specific and personalized. I feel more secure taking a proactive stance.”

— Participant 3, Oregon

Impact

Engagement up, fraud down

Identity Health Score launched in November 2023 and quickly became the most utilized feature when offered as part of a partner bundle.

68%

Increase in portal engagement time

Partners reported significantly higher user interaction. IHS became the most utilized feature when offered as part of a bundle.

12%

Reduction in fraud events

Users who followed personalized action plans experienced 12% fewer fraud events. Better UX produced real security improvements.

100M+

Users served across partner network

We deployed Identity Health Score across Experian’s B2B2C partner network without modification.

Reduced support call volume

Transparent design and clear guidance decreased user confusion, reducing inbound support calls related to alert misunderstanding.

Conclusion

Takeaways

This project shifted how I approach complex products for non‑technical users.

Research is the foundation for strategic pivots

Thirty‑two participants across multiple research rounds reshaped the product strategy, expanding a single scoring feature into a comprehensive protection system.

Balancing complexity with clarity

The most complex challenge was making machine learning predictions feel transparent and trustworthy. Reversing scoring logic eliminated confusion. Layered explanations and real‑time feedback did the rest.

Personalization as a differentiator

Generic security advice feels irrelevant. The 12% reduction in fraud events for engaged users validated that better UX directly improves security outcomes.

Content strategy matters

By repurposing existing alert content into the action plan, I scaled the feature across 100+ million users without adding writing resources.

Looking back, the most rewarding aspect wasn’t just the metrics — though a 68% increase in engagement and a measurable reduction in fraud are validating. It was seeing users describe feeling “in control” of their identity protection for the first time.

Return to homepage