Watch all the Transform 2020 sessions on-demand here.
Castle, a San Francisco-based startup that wants to help businesses keep their customers’ online accounts safe from fraud, has raised $9.2 million in a series A round of funding from Index Ventures, with participation from Y Combinator, First Round Capital, F-Prime Capital Partners, and a host of individual angel investors.
Founded in 2015, Castle works with web and app developers looking to offer greater security inside their consumer-facing apps. Castle’s technology helps prevent all manner of account takeover (ATO) efforts, whether through manual attempts or automated methods, including credential stuffing.
In 2017, identify fraud cost 17 million U.S. consumers $17 billion, according to a report by Javelin Strategy & Research, with “account takeover” making up more than $5 billion of the losses. A separate report last year by Shape Security noted that credential stuffing, specifically, costs U.S. businesses around $5 billion a year. While all the big banks and major technology companies such as Apple, Amazon, and Google have resources to protect users’ online accounts from third-party chicanery, the same can’t always be said for smaller companies. And that is precisely the problem Castle is looking to fix.
“It’s getting increasingly harder and more complex to keep users’ online accounts and data safe,” noted Castle CEO and cofounder Johan Brissmyr. “The onus is often on the consumer to come up with complex passwords and other security measures. We want to flip that responsibility to businesses and empower every one of them to offer bank-grade account security without compromising user experience.”
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
User-led protection
Third-party developers interested in integrating Castle’s security smarts into their mobile apps and websites just need to insert a little bit of code — and Castle does the rest. This approach is almost entirely automated, meaning there is no supervision by teams of expensive security personnel. Artificial intelligence (AI) and machine learning is the name of the game, but Castle’s technology is very much led by end-user behavior and feedback. It improves and responds based on how someone typically interacts with the app, including the way they usually log in and reset their passwords.
Above: Castle: Feedback process
In short, Castle monitors user behavior over time, and if anything out of the ordinary occurs — such as an unusual login from a new location — Castle kicks into action.
The platform also serves up data and insights from every threat and security event it detects, at a device-specific level.
Above: Castle’s platform
“We want to enable companies to make qualified decisions about security,” Brissmyr continued. “At every point, we want to help companies reduce friction for their users, so that security is embedded into the overall user experience. To do that, companies need to have a deep understanding of how users react to different security measures. Castle provides that insight.”
Automation
Castle had previously raised just $2.4 million in funding, and with another $9.2 million in the bank it will be better positioned to grow its platform and keep up with other well-financed players in the automated cybersecurity realm.
Sift Science, which meshes big data and machine learning to detect fake accounts, payment fraud, account takeover, and more, raised $53 million from some big-name investors last year. Elsewhere, Shape Security — which helps websites and apps prevent automated attacks by constantly changing their source code — raised an additional $26 million just a few months ago. And last year PayPal paid $120 million to buy out machine learning-powered fraud detection startup Simility.
2019 is continuing the cybersecurity funding trajectory of recent years, with startups already bringing in some big rounds in the first few months of this year. One of the reasons for this trend is the increasing number of data breaches and hacks infiltrating both the consumer and enterprise spheres. Studies also suggest the global cybersecurity workforce will be short by around 2 million people in the coming years, so platforms that boost automation and can help plug that gap are attractive propositions.
“Security is the primary concern on everyone’s mind today, and the Castle team has figured out an approachable way to make the online world more secure for everyone,” added Index Ventures partner Shardul Shah, who also now joins Castle’s board of directors. “In a short amount of time, they’ve built a strong technology platform and onboarded some great customers because of their accessible, yet disciplined approach. I think they have the opportunity to become one of the most trusted names in security.”
Castle came out of Malmö, Sweden, but its two founders moved to the Bay Area in 2016 to participate in Y Combinator. The company’s headquarters are in the U.S. today, but it also maintains offices in Sweden and Poland.
