Uncovering Hidden Connections with Castle’s Link Explorer: Case Study

Let me take you through my design process of Castle’s new Link Explorer feature to bridge the critical gap in digital fraud detection.

Jin Su Park
6 min readApr 2, 2024


My background

Hey there, I am an open source loving multi-disciplinary Product Designer, based in Brooklyn, New York. I’ve devoted my professional career to unraveling complex design challenges with meticulous and integrated strategies, ensuring each solution is both beautifully polished and imbued with purpose.

The intention behind this case study is to document and showcase my design journey and thought process for potential clients who may be interested in using Castle or working with me.

About Castle

Castle is an API-based account security and fraud analytics tool that provides app developers, user behavior insight, and device intelligence. Our customers use Castle to identify bad actors, investigate fraudulent behaviors, and implement user-focused security flows to tackle account abuse and account takeover challenges.

For more information on how we can protect your end users, please visit castle.io

Project Background

Understanding the problem

In 2023, Castle identified a critical gap in digital fraud detection — the lack of deep, nuanced insights into the web of digital interactions. Traditional tools fell short in mapping the intricate connections among users, devices, and IPs, impeding fraud analysts’ ability to unearth sophisticated schemes. Thus, Link Explorer was conceived to bridge this gap, offering a lens into the hidden networks indicative of fraud.

Complex nature of fraud

The complexity and nuance of fraudulent behavior demands a sophisticated approach. Bad actors rarely operate in isolation; their actions are interwoven within legitimate user interactions, making their detection challenging without the right tools.

Armed with the knowledge gained from our customer interactions, we set out to design Link Explorer as a tool capable of unraveling these complexities. By offering a comprehensive view of digital interactions and the connections between entities, we hypothesized the Link Explorer would allow fraud analysts to uncover and understand the intricate patterns of fraudulent behavior.

Discovery & Research

Solving for the customer

In the journey to develop Castle’s Link Explorer, direct conversations with our customers played a pivotal role in shaping the tool’s strategic direction.

By delving into the unique security challenges faced by our users, we uncovered a common theme: the behaviors of bad actors are often intricate and not immediately discernible. These insights emerged from in-depth discussions with customers, where they shared experiences and complexities encountered in identifying fraudulent activities within their systems.

Our customers needed a way to not only see but also understand the subtle, often hidden patterns of fraudulent behavior that standard analysis tools failed to reveal. It became clear that the solution lay in creating a feature that could sift through the digital noise to spotlight these clandestine networks of deception.

  • Direct customer engagement revealed the complexity of bad actor behaviors and the need for more nuanced fraud detection tools.
  • Uncovered that fraudulent activities often intertwine with legitimate interactions, making them hard to detect with conventional tools.

Defining the key data points

As part of the development process for Castle’s Link Explorer, we sought to identify the key entities that play pivotal roles in understanding and combating digital fraud.

This exploration involved an in-depth analysis of common patterns in fraudulent activities, focusing on the relationships between IPs, devices, and user connections. By examining vast amounts of data and analyzing previous fraud cases, we pinpointed the entities that were most frequently involved in fraudulent schemes and how they interconnect.

Identifying these crucial entities was not just about recognizing the components of fraudulent networks; it was about understanding how they interact in the digital ecosystem. IPs, devices, and user connections emerged as the fundamental elements most commonly exploited by bad actors, serving as the linchpins in their deceptive operations. Recognizing the significance of these entities allowed us to tailor Link Explorer’s capabilities to highlight and investigate these connections, thereby setting the stage for defining the core user experience.

This strategic identification of key entities informed the design and functionality of Link Explorer, ensuring that the tool not only surfaces relevant data but also provides the context needed for fraud analysts to make informed decisions. By focusing on the entities most likely linked to fraudulent activities, we were able to create a user experience that prioritizes the most critical information, streamlining the investigation process and enabling more effective fraud detection and prevention.

  • Conducted an in-depth analysis to identify key entities like IPs, devices, and user connections, crucial in understanding digital fraud.
  • Analyzed data and previous fraud cases to pinpoint how these entities are commonly exploited in fraudulent networks.
  • Recognized IPs, devices, and user connections as fundamental elements frequently involved in fraud, guiding Link Explorer’s design and functionality.

Prototyping & Design

Conceptualizing link explorer

In the development phase of Link Explorer, a significant focus was placed on designing a user interface layout that would enable fraud analysts to effectively toggle between and view the intricate web of connections and associated users.

The team began with sketching out the basic layout, prioritizing clarity and ease of navigation. The goal was to create a visual node representation that could intuitively display complex networks of interactions without overwhelming the user.

The layout was designed to be interactive, allowing analysts to explore connections with simple toggles. This functionality ensured that users could drill down into specific details or zoom out for a broader view of the network, all within a few clicks.

Optimizing visual elements

In crafting Link Explorer, we prioritized the thoughtful integration of icons and colors to enhance user focus rather than distract. Icons were deliberately chosen to intuitively signify network elements like users, devices, and IPs, enabling analysts to quickly grasp their relevance. Color coding was strategically reserved for our lists feature so an analyst would be able to quickly identify a critical device or IP if it falls under a known bad entity list.

Usability Testing

Beta Testing phase

Before its full release, Link Explorer underwent a rigorous beta testing phase, involving a select group of fraud analysts. This phase was crucial for gauging the tool’s effectiveness in real-world scenarios and refining its features based on direct user feedback. Initial responses were overwhelmingly positive, with testers praising its ability to reveal previously undetectable connections and patterns, highlighting its potential to significantly enhance fraud detection efforts.

Final Result


The ability to quickly grasp connections and assess risk without navigating away from the screen has markedly increased the efficiency of fraud investigations. Analysts could now conduct thorough investigations with fewer clicks and less time spent deciphering complex data relationships.

The implementation of Link Explorer has significantly transformed the landscape of fraud analysis, furthering Castle as a differentiator in the fraud detection market. Analysts now benefit from a streamlined process that allows for quicker comprehension and identification of complex fraud networks.



Jin Su Park

Founding Product Designer at Castle, Director of Lumebrite