Fraud starts at account opening
Few people will commit fraud using their true identity. Instead, malicious users will mispresent themselves when an account is created. However, telling good from bad, or even bot from human, can be difficult. If you're a financial services firm, you will likely require physical proof of identity. However, that process has known vulnerabilities.
Fraudsters combine stolen social security numbers with fake names, addresses and made up dates of birth. These false identities are used, somtimes for years, to build a positive history before ultimately being used to commit fraud.
According to the FTC, there were 4.8 million reports of identity theft in 2020, with 47% of Americans experiencing some form of idenity theft. Fraudsters regularly use these identities to register for services where financial fraud is then committed.
Most websites want humans using their service, not software bots. However, bots are often used by fraudsters to commit fraud on a large scale, since software functions more quickly than a human.
Digital behavioral signals can be used to filter malicious activity, upstream of a KYC solution. These signals include identity traits (IP address, device, email, phone) as well as behavioral traits (keystokes, mouse movements, how quickly the user moves through the signup flow). Combining these signals with Castle policies allows you to fine tune who to filter out or let through.
Assessing identity risk
Looking at identity characteristics of a user can provide information about whether something suspicious is happening.
Blocking software bots
The majority of malicious activity on the web comes from software bots. Use the Castle Filter API in-line, at the edge of your app, to detect and block bots.
Mitigating fraud with policies
When you learn about new types of attacks, use Castle policies to implement protection in real-time. Once Castle's APIs are integrated into your application, policies can be used (with no further code changes) to alter which users you allow, challenge or deny.
- Bot Detection
- Account Takeover Prevention
- Policy Management
- Device Management
- User Behavior Analytics
- REST API & Webhooks
- Email & chat support
- Credit card payments
- Includes all Pro features
- Enterprise SLAs
- Enterprise support
- * Volume discounts available
- Customizable billing
- Invoice payments