Redesigning the explore view to tackle complex fraud investigations: Case Study

Let me take you through redesign process of Castle’s new explore view. Designed to help fraud analysts conduct comprehensive and swift fraud investigations.

Jin Su Park
7 min readApr 2, 2024


My background

Hey there, I am an open source loving multi-disciplinary Product Designer, based in Brooklyn, New York. I’ve devoted my professional career to unraveling complex design challenges with meticulous and integrated strategies, ensuring each solution is both beautifully polished and imbued with purpose.

The intention behind this case study is to document and showcase my design journey and thought process for potential clients who may be interested in using Castle or working with me.

About Castle

Castle is an API-based account security and fraud analytics tool that provides app developers, user behavior insight, and device intelligence. Our customers use Castle to identify bad actors, investigate fraudulent behaviors, and implement user-focused security flows to tackle account abuse and account takeover challenges.

For more information on how we can protect your end users, please visit

Project Background

Understanding the problem

In 2022, Castle recognized a gap in the toolset available to fraud analysts, a gap that hindered their ability to conduct comprehensive and swift fraud investigations.

The core challenges identified centered around the analysts’ ability to quickly pinpoint and understand specific fraudulent activities, such as spikes in denied activity, credential stuffing attacks, and assessing the overall health of Castle’s integration within their systems.

  • Rapid Identification of Fraudulent Activity: Fraud analysts were facing significant delays in detecting sudden surges in denied access attempts or unusual patterns indicative of credential stuffing attacks. The existing tools lacked the agility and specificity needed to alert analysts to these issues in real time, leading to potential security vulnerabilities.
  • Comprehensive Analysis Capabilities: Beyond just identifying fraudulent activity, analysts needed the ability to dive deeper into these incidents to understand their origin, methodology, and impact.
  • Assessing Castle’s Integration Health: Ensuring the optimal functioning of Castle’s integration is paramount for maintaining security integrity. Analysts expressed the need for a more streamlined way to monitor and evaluate the health of Castle’s integration across different platforms and touchpoints within their infrastructure.
  • Visualizing Data for Better Insights: A significant part of effective fraud analysis involves visualizing data trends and patterns over time. The lack of intuitive and interactive data visualization tools made it challenging for analysts to quickly grasp the scope and scale of fraudulent activity, hindering timely decision-making.

Discovery & Research

In-context fraud analysis

The primary challenge was crafting an experience that would allow fraud analysts to assess a comprehensive view of data without needing to navigate away, thereby streamlining the investigative process. We mapped the fraud investigation journey into 4 milestones.

With this in mind we identified key user stories that would allow analysts to navigate the sea of event data and isolate the activity in question.

Prototyping & Design

Scaffolding the core structure

The primary challenge in redesigning the Explore view was to ensure that fraud analysts could view the full context of recent activity without navigating away from their current view.

When observing the types of complex fraud challenges our larger enterprise customers were facing, it became clear that integrating filtering, time-based charting, and the event table within the same viewport was essential. This integration would allow analysts to stay in context and simultaneously filter and slice event data across different dimensions.

To achieve this we pursued a layered system that was mapped closely to the order and actions the analysts would perform.

Defining the key components

We set out to define the key components more clearly and how these would need to be configured to ensure a seamless and in-depth analytical experience. This process let to:

  • The development of a cohesive interface where critical features like filtering, charting, and tabular data coexist, enabling uninterrupted data analysis.
  • The implementation of a flexible filtering system, modeled after best practices in developer tools, is designed for straightforward configurability and quick toggling, thus optimizing space and enhancing user intuition.
  • The introduction of “meta cells” within interactive tables, a strategic solution to aggregate related data points for improved clarity and pattern detection.
  • The event timeline feature which provides analysts with the ability to flexibly group data for better segmentation and faster identification of fraud trends, a key element in the fight against digital fraud.

Flexible filtering at scale

In refining the Explore view’s filter system, we drew inspiration from other developer and data monitoring tools, aiming for easy configurability and quick toggling.

One of the major challenges with the filter system was its ability to support conditional chaining. Through several iterations, we landed on a flexible, space-efficient system, focusing on clear visual cues for filter states — hovered, active, disabled — to ensure usability in a busy interface without clutter.

Our streamlined solution supports diverse investigative needs, enhancing the overall user experience by incorporating best practices in tool design.

Keeping analysts in context

To aid in the complex task of identifying fraudulent patterns, which are often subtle, we introduced “meta cells” in the interactive tables of the Explore view. These cells condense related data points — like email, user ID, and name — into a unified format, significantly enhancing readability.

Charts and groupings

The chart feature in the Explore view prioritizes flexibility, allowing data grouping by any entity for effective segmentation and pattern spotting on a time-based graph. Key to this design was careful consideration of the maximum bucket range, ensuring optimal performance.

Testing & Rollout

Tailoring Explore View to Customer Needs

In the final stages of Explore View’s development, our focus shifted towards validating the effectiveness and usability of the feature across a spectrum of unique customer use cases.

To achieve this, we adopted a hands-on approach, presenting the Explore View to our top customers’ fraud analysts. These sessions were not only designed to showcase the new feature but also to serve as educational opportunities, fostering a deeper understanding of its capabilities and gathering valuable feedback directly from the end users.

  • Customized Use Case Testing: By testing the Explore View against a variety of customer-specific scenarios, we were able to observe its adaptability and effectiveness in real-world applications. This approach ensured that the feature was versatile enough to accommodate the diverse needs and challenges faced by our customers.
  • Interactive Feedback Sessions: Presenting the feature to our top customers’ analysts allowed us to engage in meaningful discussions about its functionality and impact. These sessions became a platform for education and exchange, where analysts could see the Explore View in action and provide immediate feedback based on their expertise and experience.
  • Identifying Quality of Life Enhancements: Through these interactive sessions, we were able to pinpoint several “quality of life” features that would further enhance the user experience. One such feature was the introduction of hoverable filter inclusions or exclusions in the context dropdown menu, allowing analysts to quickly and easily filter out irrelevant data points without clicking away. Additionally, the ability to save and share Explore Views emerged as a crucial functionality, enabling analysts to preserve their investigative workflows for future reference or collaboration with team members.
  • Iterative Improvement Based on Feedback: The feedback gathered during these sessions was invaluable, guiding us in refining the Explore View to better meet the needs of our users. By incorporating suggestions and identifying additional features, we ensured that the Explore View not only served its primary purpose but also offered enhanced usability and efficiency for fraud analysts.

Final Result


The culmination of the Explore View project represents a significant leap forward in fraud investigation technology. Through a carefully curated process of design, research, and user feedback, we successfully introduced a feature that not only meets the analytical demands of today’s fraud analysts but also sets a new standard for data exploration and analysis.

  • Empowering Analysts: The Explore View stands as a testament to our dedication to empowering fraud analysts with sophisticated, yet intuitive tools. By enabling in-depth analysis within a unified interface, we’ve significantly reduced the complexity, context-switching, and time traditionally associated with fraud investigations.
  • Responsive Design to User Needs: The iterative design process, enriched by direct feedback from our top customers, ensured that the Explore View was refined to include quality-of-life features such as hoverable exclusions and the ability to save and share views.

In conclusion, the development and successful rollout of the Explore View feature encapsulate our holistic approach to product design at Castle. By placing user needs and experiences at the heart of our development process, we’ve crafted a tool that not only addresses the challenges of today but is also poised to meet the evolving demands of fraud analysis in the future.



Jin Su Park

Founding Product Designer at Castle, Director of Lumebrite