Use Case - Account Opening

Mitigate fraud at
account opening

Learn how Castle can be used to stop bots and malicious humans from creating accounts.

The Problem

Fraud starts at account opening

Few people will commit fraud using their true identity. Instead, malicious users will mispresent themselves when an account is created. However, telling good from bad, or even bot from human, can be difficult. If you're a financial services firm, you will likely require physical proof of identity. However, that process has known vulnerabilities.

Synthetic identities

Fraudsters combine stolen social security numbers with fake names, addresses and made up dates of birth. These false identities are used, sometimes for years, to build a positive history before ultimately being used to commit fraud.

Stolen identities

According to the FTC, there were 4.8 million reports of identity theft in 2020, with 47% of Americans experiencing some form of idenity theft. Fraudsters regularly use these identities to register for services where financial fraud is then committed.

Fake identities

Most websites want humans using their service, not software bots. However, bots are often used by fraudsters to commit fraud on a large scale, since software functions more quickly than a human.

The Solution


Digital behavioral signals can be used to filter malicious activity, upstream of a KYC solution. These signals include identity traits (IP address, device, email, phone) as well as behavioral traits (keystrokes, mouse movements, how quickly the user moves through the signup flow). Combining these signals with Castle policies allows you to fine tune who to filter out or let through.

Solution Detail

Use Castle to stop fraud at
account opening

Stop fraud by using Castle's behavioral signals to identify high risk users.

Assessing identity risk

Looking at identity characteristics of a user can provide information about whether something suspicious is happening.

IP address location
Disposable email address
Spoofed device
Proxy IP
TOR Browser

Blocking software bots

The majority of malicious activity on the web comes from software bots. Use the Castle Filter API in-line, at the edge of your app, to detect and block bots.

Robotic mouse movement
Unnatural typing speed

Mitigating fraud with policies

When you learn about new types of attacks, use Castle policies to implement protection in real-time. Once Castle's APIs are integrated into your application, policies can be used (with no further code changes) to alter which users you allow, challenge or deny.

Spoofed device
Proxy IP
TOR Browser
per 10,000 good events

No minimum commitment
Start for free
  • Bot Detection
  • Account Takeover Prevention
  • Policy Management
  • Device Management
  • User Behavior Analytics
  • REST API & Webhooks
  • Email & chat support
  • Credit card payments
per 1,000,000 good events

Get in touch
  • Includes all Pro features
  • Enterprise SLAs
  • Enterprise support
  • * Volume discounts available
  • Customizable billing
  • Invoice payments