Castle
E-commerce fraud protection software
Risk-based authentication software
Bot detection and mitigation software
Fraud detection software
Identity management software
Web security software
E-commerce software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Castle and its alternatives fit your requirements.
$200 per month
Free Trial unavailable
Free version
Small
Medium
Large
-
What is Castle
Castle is a fraud prevention platform focused on protecting consumer web and mobile experiences from account takeover, credential abuse, and automated attacks. It is typically used by e-commerce and digital consumer businesses to assess login and account activity risk and to apply step-up authentication or blocking decisions. The product emphasizes device and behavioral signals to distinguish legitimate users from bots and fraudsters, and it is commonly implemented via SDKs and APIs for real-time decisions.
Strong account takeover focus
Castle is designed around detecting suspicious login and account activity, which aligns well with common e-commerce fraud patterns such as credential stuffing and account takeover. It supports risk-based decisions that can trigger step-up authentication or deny access when risk is high. This makes it a practical fit for teams prioritizing account security over post-transaction chargeback workflows.
Real-time risk scoring workflows
The platform is built for real-time evaluation of sessions and authentication events, enabling immediate allow/deny/step-up outcomes. This supports operational use cases where latency and user experience matter, such as login, password reset, and high-risk account changes. It also helps fraud and security teams standardize decisioning logic across web and mobile channels.
Bot and automation detection
Castle includes capabilities aimed at identifying automated traffic patterns associated with credential stuffing and scripted abuse. This can reduce load on authentication systems and lower the volume of fraudulent login attempts that reach downstream controls. For e-commerce environments, this complements traditional payment fraud tools by addressing pre-checkout threats.
Less emphasis on payment fraud
Castle’s core value centers on account and authentication risk rather than end-to-end payment fraud management. Organizations that need deep coverage for card-not-present transaction scoring, chargeback workflows, and payment network data may require additional tools. This can increase total integration and vendor management effort for broader fraud programs.
Integration and tuning required
Effective risk-based authentication typically requires careful integration into login and account flows and ongoing tuning of policies. Teams may need engineering time to implement SDKs/APIs, define step-up actions, and monitor false positives. Without sufficient operational ownership, outcomes can vary by traffic mix and user behavior.
Limited public vendor details
Publicly verifiable information about Castle’s current corporate ownership, headquarters, and official social profiles is not consistently available from authoritative sources. This can complicate procurement due diligence, security reviews, and long-term vendor risk assessment. Buyers may need to rely on direct vendor documentation and contractual disclosures to confirm details.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Free | $0/mo for up to 1,000 API calls | All core features; 3 days data retention; 3 seats; 1 environment; measured by API calls |
| Pro | $200/mo for first 100K API calls | Everything in Free, plus higher rate limits (5 RPS), 7 days data retention, 5 seats, 2 environments, chat & email support; "Launch your project with unlimited calls and no contractual minimums" (as stated on site) |
| Enterprise | Custom — starts at $4,000/mo | Tailored solutions, MTU or volume pricing, no rate limits, up to 18 months data retention, unlimited seats & environments, dedicated Slack channel & SLA |
Seller details
Castle (company details not consistently verifiable from public authoritative sources)
