The signal can look real.
A document, code, device, number, face image, login, or record match can pass while the person behind the application remains unproven.
Pulse
Make the application wait for the real person.
Add one small widget before submit. Pulse checks continuity instead of snapshots, corroborates the action instead of inheriting trust, and gives your server a result it can enforce. It is not a one-time code, push approval, credit-file score, or GPS check.
The missing check
Most tools assume a person is behind the signal.
Document checks, phone codes, device fingerprints, face checks, phone numbers, bureau files, and old sessions can all pass while the real applicant remains unproven. Pulse asks for live corroboration before the file moves forward.
Snapshots decay into trust tokens.
A one-time proof can become a loose credential, session, or account that keeps moving after the original proof is over.
A real person leaves continuity.
Pulse reads signs of ordinary phone use: movement, device state, signal changes, and daily rhythm. It is a check for this application, not a location trail.
Synthetic fraud gets easier when files, codes, and sessions can be copied. Pulse raises the cost by asking for the real phone at the moment risk is accepted, and by refusing to let an old proof stand in for a current action. Read the plain-English threat primer or the engineering matrix.
Form check
Your team adds one small widget. Pulse handles the phone step.
Pulse works with existing forms. Your team does not build the phone flow, waiting state, timeout handling, or result check. Add Pulse before the important action, mint the short-lived session from your backend, and check the returned result on your server.
<script src="https://kenshiki-pulse-worker-production.pulsekenshikilabscom.workers.dev/v1/pulse.js"></script>
<div id="pulse-trust-gate"></div>
<script type="module">
const session = await fetch("/api/pulse/sessions", { method: "POST" }).then((r) => r.json());
const pulse = KenshikiPulse.init({ publishableKey: "pk_live_customer_123", workflow: "credit_application", containerId: "pulse-trust-gate" });
const bond = await pulse.requireBond({ session: session.session, action: "submit_application" });
</script>QR or app handoff appears at the right moment.
Desktop applicants scan a short-lived QR code. Mobile applicants open the Pulse app directly. Your form stays intact.
The applicant’s phone does the check.
Pulse checks whether the phone looks current, carried, and tied to normal use.
The form receives a result id.
The submit includes a Pulse result id. Your server checks it before accepting the action.
Applicant experience
Fill out the form first. Check the person behind it at submit.
Pulse belongs at the decision point: when the user clicks submit, approve, recover, transfer, or claim. The page waits while the phone presents proof, then the gate allows the action, asks for another step, or keeps it blocked.
Desktop browser
Scan with the Pulse app.
The browser shows a short-lived QR code. The applicant scans it with Pulse, and the app returns a private result for that web session.
Mobile browser
Continue with Pulse.
The browser opens the Pulse app directly. After the app checks the carried phone, the applicant returns to the form with a pass or block result.
Architecture
The phone is not just a confirm button. It does the real check.
Pulse does the hard work on the phone before the browser action continues. The web flow receives a narrow result; private phone history stays out of the lender’s web app. Governance is part of the runtime path, not a document beside it.
What Pulse proves
A real person, without location tracking.
A browser can be automated, shared, or remotely controlled. A synthetic identity can assemble a plausible file. Pulse shifts the check to the applicant’s phone, where ordinary use over time is much harder to fake at scale without exposing raw location history.
The phone has been carried through a real day.
Pulse summarizes ordinary phone use: movement and stillness, device state, signal changes, and recent activity patterns.
The pieces have to agree over time.
Pulse looks for a normal pattern. A static profile, script, one-time code, or document image is not enough.
The result, not a trail.
The application receives the result it needs. Raw motion readings, location trails, sensor history, and day-by-day details stay out of the lender’s website.
Private beta
Add Pulse before one action that cannot be wrong.
Start with a credit application submit, account opening, account recovery, benefits claim, job application, wire approval, or dealership finance application. Pulse brings the phone check to that moment and gives your team a clear pass, review, or stop result.