Enhanced User Activity Monitoring

When risk, product, and customer teams work together to prevent unwanted users from using their service, they usually lack the necessary information needed to make a quick determination between good or bad intentions. They comb through all sorts of data and records looking for even the slightest discrepancy when trying to determine where such actors may have slipped up and shown their true intent. This includes checking how many times the suspicious user logged in from a different place if any changes were made before logging out - just to name a few.

Today, we’re introducing a new feature called Enhanced User Activity Monitoring. This capability allows you to see if somebody is using your application for nefarious purposes, watching every movement in real-time - even if they thought that they had gone unnoticed. You’ll be able to see if someone tries to anonymize their location then slips up when they forget to activate a VPN, or if the same device is being used to access multiple accounts. More than anything else, however, it lets you tap into everything our platform has to offer in terms of querying and visualization without having to integrate any of our backend SDKs.

With this release, Castle client SDKs allow your frontend code to send user activity directly to Castle. Four user activity types are supported. The first activity type is “page view”, which is used to record that a user viewed a page.

const user = {
  id: 'ca1242f498', // required
  email: 'mbrown@mailinator.com', // required
  phone: '+1415232183',
  name: 'Michael Brown',
  registered_at: '2012-12-02T00:30:08.276Z',
  traits: {
    plan: 'premium'

// The `user` object is required for all event tracking methods
Castle.page({user: user});

The second activity type is “screen view”. This is similar to “page view” but is used for mobile screen views. The third activity type is “form submission”, which is used to track that a user posted a web form.

  user: user,
  name: 'Update Profile',
  values: {
    first_name: 'John',
    newsletter: false

And finally, the last activity type is “custom”, which can be used to track other activities, like adding an item to a shopping cart.

  user: user,
  name: 'Added to cart',
  properties: {
    product: 'iPhone 13 Pro',
    price: 1099.99

Having fine-grained user activity in the same system as transactions and authentication events is a huge advantage. It lets you quickly investigate fraud and abuse incidents, and it helps you find fraudsters who slip up and reveal their identity. Castle augments user activity events with risk signals, a risk score, and device intelligence data, which can all be searchable through the Explore view in the Castle dashboard. Most Castle signals are available, including bot behavior, multiple accounts per device, spoofed device, proxy IP, and disposable email.

Enhanced user activity monitoring is available starting today. To get the new functionality, update to the latest client SDKs. User activity events will be free of charge until June 30th, at which time they will be billed at $3.30 per 10,000 events.

Sign up here to try Castle for free, or reach out for a demo to learn more.