Sonar, the leading fraud data sharing consortium, is launching its new Red Flag service to help banks and fintechs quickly verify if their customers’ data has been compromised in a breach or used for fraudulent activities, such as opening accounts, applying for loans, and making fraudulent online purchases.

With the rise of hacks targeting financial institutions, customer PII and sensitive bank data have been exposed, enabling fraudsters to open new accounts with legitimate identities. Sonar’s Red Flag service helps financial institutions and fintech companies proactively check if an account is linked to a data breach. If the credentials are compromised, Sonar returns a red flag status of “true,” alerting the institution that the credentials are exposed on the dark web.

“Sonar’s new Red Flag service not only supports institutions directly impacted by breaches but also provides a safeguard for other banks and fintechs,” says Ravi Loganathan, President of Sonar. “The average consumer has multiple financial accounts across banks and fintechs. When you consider that many people reuse passwords across accounts, a single breach can trigger extensive and far-reaching consequences.”

Sonar’s “Red Flag” service allows its members to check if exposed credentials are being used in fraudulent transactions. Sonar will also continue to perform ongoing dark web monitoring to capture any future leaks.

Key features of the Red Flag service include:

  • Free Member Access: The service is provided at no charge to all companies that join the Sonar data-sharing consortium as members.
  • GLBA Compliance: All data shared under the service adheres to GLBA regulations, ensuring maximum privacy and security.
  • Minimal PII Needed: Members can inquire using minimal data and receive a flag identifying if the information is being used fraudulently.
  • Augment Existing Risk Solutions: Companies can use the service and signals to augment their existing risk management processes without changing their risk technology stack.

Sardine, one of the founding members of Sonar, is leveraging the Red Flag service to ensure that stolen data from these hacks do not impact their customers in any way.

“Recent financial data breaches have exposed user PII from many different banks, allowing fraudsters to bypass verification checks that match account and routing numbers to a name,” says Soups Ranjan, CEO of Sardine. “But, this type of account verification does NOT necessarily mean that person owns the account. At Sardine, we incorporate Sonar’s Red Flag service, along with additional signals to establish a more accurate risk score. These signals include the use of proxies, emulators, and discrepancies between IP location and physical address.”

Sonar serves as an independent, member-run utility across payment rails to assess risk on counter parties. The new Red Flag service builds on Sonar’s suite of risk solutions that facilitate data sharing between banks, merchants, and fintechs in order to proactively stop first-party fraud, scams, and money laundering.