Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.