Online credentials aren’t secure
Online credentials, typically a username and password, have major security flaws. They can be easy to guess, leak to the dark web from data breaches, or can be phished from unsuspecting users. When a criminal obtains stolen credentials, the end result is usually an account takeover, where the criminal logs in as if they were the real user and is able to commit fraud. This can financially impact your business, as well as damage your reputation with customers.
The dark web
Security analysts estimate that more than 15 billion stolen credentials are available on the dark web. Each leaked password has the potential to provide access to dozens, if not hundreds of online accounts.
Social engineering
Social engineering attacks are used to trick people into giving away credentials like passwords or MFA pincodes. The costs can be staggering with some suggesting $25,000 - $100,000 per incident.
Credential stuffing
Credential stuffing is a tactic used by cybercriminals to find out which online accounts they are able to breach. These criminals obtain a list of credentials from any number of historical password leaks.
Risk-based authentication
Castle enables you to use risk-based authentication with factors beyond the traditional 2-factor methods of SMS, email, and authenticator applications. A user's known patterns of physical location, as well as device-based authentication, are both additional factors that can be used to inform adaptive MFA. The result is an innovative approach to affirming the identity of a user with the least amount of user friction.

Using Castle to stop
account takeovers
A comprehensive set of functionality to stop account takeovers.
Assessing user risk
How do you know someone is who they say they are? Use Castle's Risk API to assess user risk. In your authentication service, if a user provides correct credentials, call the Risk API. The Risk API will return a verdict - allow, challenge or deny.
Blocking software bots
The majority of malicious activity on the web comes from software bots. Use the Castle Filter API in-line, at the edge of your app, to detect and block bots.
Recovering compromised accounts
When an account is compromised, it must be locked and a notification sent to the user. Use Castle to assist with this process and automate account recovery workflows.
Mitigating fraud with policies
When you learn about new types of attacks, use Castle policies to implement protection in real-time. Once Castle's APIs are integrated into your application, policies can be used (with no further code changes) to alter which users you allow, challenge or deny.
- Bot Detection
- Account Takeover Prevention
- Policy Management
- Device Management
- User Behavior Analytics
- REST API & Webhooks
- Email & chat support
- Credit card payments
- Includes all Pro features
- Enterprise SLAs
- Enterprise support
- * Volume discounts available
- Customizable billing
- Invoice payments