added

Introducing Account Takeover Score

About a month ago, we launched a dedicated bot score to help you combat the specific problem of automated access to your service. This new score was the first in a series of more specialized scores which allows you to target more specific fraud types.

Pricing for client-side events

Back in February, we launched the ability to track events to Castle directly from the client app (both mobile and web). This provides both a really quick and easy way to get started with Castle, as well as providing additional behavioral context when investigating fraudulent activity.

improved

New signal: multiple aliases per email

Today, we're releasing a new signal for indicating whether someone is trying to use aliased emails to create multiple accounts. Aliasing allows users to use variations of the same email address to sign up for multiple accounts with the same email: [email protected] and [email protected] would be two examples of email aliases that lead to the same inbox [email protected], in case the email provider supports tags. In the case of GMail, which also ignores the period character in the username part, users can use variations like [email protected], [email protected], [email protected]

improved

Column sorting in Explore view

A few months ago, we released the ability to see the matched users when performing an event search in the Explore view. Today, we're releasing an improvement that will allow you to sort by any column in this view. This is very useful to highlight users with the highest risk score, or users with the most number of devices.

improved

New Signal: replayed device data

Castle signals are a great way to spot and filter out specific behaviors that could be related to the fraud you’re looking to discover. Today, we’re launching a new signal that indicates that the data collected by the Castle client side agents has been reused. When this happens, it could be an indication that someone is trying to spoof device data or run a script.

added

Introducing Bot Score

Up until now, Castle has provided a general Risk Score designed to make it easy to find and stop all sorts of fraud or abuse. Under the hood, this risk score is actually the combination of several independent risk factors. One of these risk factors is the likelihood that the request is initiated from a bot or script.

added

Single sign-on

This week, we're happy to announce support for Single sign-on (SSO) for the Castle Dashboard, available for all customers on the Enterprise plan. We're offering SSO via OpenID connect, which means that you can use any compatible service like e.g. Okta.

improved

Custom events in policies

One of the more powerful features of Castle is the ability to configure policies that allow you to control the inline action returned in the API response for the risk and filter endpoints. These actions can then be used to kick off workflows such as e.g. triggering a CAPTCHA at signup or prompting for two factor verification at login. All in real time.

added

Auto tracking of user profile changes

With Castle's APIs you've been able to pass user profile data, such as email and prone number, via the user object (See reference for more details) for quite some time now. These traits can provide great help when chasing down fraudsters, especially in combination with Policies where you can use them to trigger custom workflows, such as additional verification.

improved

Transactions payload

Tracking the right data to Castle is crucial to finding fraudsters. By tracking user and/or event details that represent important business aspects, such as amount and account balance in case you're dealing with transactions, you're more likely to be able to spot suspicious behaviors.