Introducing Payment Fraud Intelligence and Supplier Security
Two new modules ship with the June 2026 release. Payment Fraud Intelligence puts compromised-card monitoring inside the fraud team's daily workflow. Supplier Security turns Whiteintel's dark-web index into continuous risk scoring for every vendor your organisation depends on.
Whiteintel Team
Product Division
The June 2026 release is the biggest one we have shipped this year. Two entirely new modules — Payment Fraud Intelligence and Supplier Security — extend Whiteintel beyond credential monitoring and into two of the most expensive risk surfaces our customers face: card-not-present fraud and third-party compromise.
Both modules sit on top of the same dark-web telemetry our platform has indexed for years — credential leaks, infostealer logs, breach mentions, and exposed session cookies. What changes is the workflow we wrap around that data. Fraud analysts can now query the compromised-card index directly. Vendor risk managers get a per-supplier risk grade that updates whenever a new exposure lands.
The rest of this post walks through what each module does, who it is for, and how it fits into our licensing.
Payment Fraud Intelligence
Compromised-card monitoring with BIN coverage, issuer attribution, validity tracking, and BIN/issuer watchlists. Sold as an add-on for Enterprise and Threat Intelligence, bundled with Extended Threat Intelligence.
Supplier Security
Continuous credential-exposure scoring for the vendors and partners you depend on. A–F risk grade per supplier, with live-session call-outs, source-typed indices, and a built-in credentials tab. Included on Enterprise (64), Threat Intelligence (128), and Extended TI (256 suppliers).
Payment Fraud Intelligence
Compromised cards are bought, tested, and used within hours of the original leak. Issuers and merchants traditionally find out at chargeback time, when the loss is already on someone's balance sheet. Whiteintel has been indexing card exposures for years as part of our broader dark-web coverage; Payment Fraud Intelligence is the workflow we built around that index for fraud, risk, and acquiring teams.
Payment Fraud Intelligence — issuer leaderboard, BIN coverage and the exposed-card explorer.
What you can do with it
Three primary workflows ship in this release. They cover the analyst's day from triage to longer-term monitoring.
Pre-authorisation validation
Query the exposed-card index by BIN-6, BIN-8, or last-four against any card presented at checkout. Validity is recomputed at query time, so a card that has been re-issued doesn't read as compromised once it leaves the index.
Issuer and BIN range prioritisation
The issuer leaderboard surfaces which institutions are most exposed in the current window. Fraud teams use this to time chargeback prevention campaigns and reach out to issuers proactively before mass reissuance is needed.
Watchlists and alerts
Add your own BINs or specific issuer names to a watchlist and receive email alerts when new exposures land. Watchlists are credit-based: one credit per BIN, fifty credits per issuer name (since one issuer often spans dozens of BIN ranges).
What you see on each card
Every record carries the dataset a fraud analyst needs to act on it without pivoting through other tools.
Access and quotas
Payment Fraud Intelligence is available as a yearly add-on for the Enterprise and Threat Intelligence licenses, and is included by default in the new Extended Threat Intelligence license. The add-on gives you 500 GUI searches per day, 100 API calls per day, and up to 64 BIN watchlist tokens. The full set of fields described above is returned on both surfaces — there is no field downgrade between the GUI and the API.
Supplier Security
A modern enterprise's attack surface is not its perimeter. It is the perimeters of every vendor, contractor, and SaaS provider it depends on. Third-party compromise is now responsible for a steady majority of the high-profile breach investigations our research team has assisted with over the last twelve months — usually starting with a compromised credential or an active session cookie at the supplier, not at the customer.
Supplier Security gives risk teams a way to monitor that surface continuously. Add a vendor by domain, get an A–F risk grade and composite score back, and review the underlying telemetry from a dedicated dashboard.
How the score works
The composite risk score is derived exclusively from WhiteIntel's dark-web telemetry — credential leaks, infostealer logs, breach mentions, and exposed session cookies that touch the supplier's domain. The score is bucketed into an A–F grade and recomputed on a rolling basis as new material lands. A delta-vs-prior arrow makes it easy to see whether a supplier's exposure profile is improving or deteriorating over time.
What each supplier card surfaces
Executive summary
Grade, composite score, delta-vs-prior, total records exposed, and an analyst-written key-findings narrative — the same shape Recorded Future and Mandiant use for their executive briefings.
Risk profile by source
Three side-by-side indices — Malware, Combolist, and Breach — each with their own gauge, total record count, critical-record sub-count, and a trailing eighteen-month sparkline so you can read trend direction at a glance.
Live session call-out
When infostealer logs include active session cookies for a supplier's critical hosts, the module surfaces them as a separate red tile — the highest-severity sub-indicator, since these tokens bypass MFA entirely.
Latest corporate exposures
A tail window of the ten most recent applications where a credential record touching the supplier has appeared, with source attribution and last-seen timestamps.
Built-in credentials drill-down
A dedicated Credentials tab opens the corporate credential records for that vendor — same drill-down sidebar as Global Search, no context-switch required.
Who should use it
Three teams have asked us for this surface most frequently during the design phase.
Vendor risk teams
Continuous monitoring of the supplier portfolio without sending another security questionnaire. The grade updates whenever a new exposure lands.
M&A due diligence
Sanity-check the target's external posture before close. A clean record at scoring time and a flat eighteen-month sparkline tell a very different story from a recent vertical spike.
Incident response
When a supplier reports a security incident, the Credentials tab lets responders quickly check whether their own users' credentials are in the leaked set.
Access and quotas
Supplier Security is included in three licenses, with the supplier slot count scaling with the tier: Enterprise tracks up to 64 suppliers, Threat Intelligence tracks 128, and Extended Threat Intelligence tracks 256. Archived suppliers free up their slot immediately; re-adding the same domain reactivates the existing history.
Smaller improvements you should know about
Two adjacent features ship alongside the new modules.
Inline cookies in Incident Details
When a session cookie was captured alongside a credential, the incident detail sidebar now surfaces it inline — names, values, domains, expiry, and flags. A new Downloads tab also appears when a full archive is available for the incident.
Extended Threat Intelligence license
A new top-tier license that bundles every add-on (Payment Fraud, Investigation+, Threat Feed API, Managed Takedowns) and raises quotas across the board. Sold annually only at $25,000 USD per year.
Try Payment Fraud Intelligence and Supplier Security today
Existing Enterprise and Threat Intelligence customers can enable the new modules directly from the Upgrades page. Not on a paid plan yet? Start with a free account and talk to us about a trial.