The Completely Automated Public Turing test to tell Computers and Humans Apart has been making news lately. You probably know it better as CAPTCHA: those grids of images where you’re asked to click on certain objects, or key in squiggly and scattered letters and numbers, to prove you’re a human. Sometimes, you can self-declare “I’m not a robot” and go on about your online business.
CAPTCHAs are not purposely designed to irritate online users or make them schedule an appointment with the eye doctor because they can’t tell if a dot in the image panel is a traffic light or a bird. CAPTCHAs are intended to stop fraud by preventing bots from doing things like leaving fake reviews, filling out lead forms, setting up fake online accounts, or posing as verified fans and snatching up all the hottest concert tickets.
Since CAPTCHAs are capturing attention, we’re looking at what they are, how they work (or don’t), what the future looks like for CAPTCHA, how they contribute to ad fraud, and what can be done about it.
What's the difference between CAPTCHA, reCAPTCHA and hCAPTCHA?
The acronym CAPTCHA refers to the method used to confirm that a user is human without adding friction to the online authentication process. You can decide for yourself whether squinting at a screen to identify objects and clicking on the correct panel is “frictionless,” particularly on a mobile device.
Google (reCAPTCHA) and Intuition Machines (hCAPTCHA) are two of the most popular CAPTCHA providers.
Google has been offering reCAPTCHA since the company acquired it in 2009. The first iteration asked users to correctly key in the presented distorted text; image recognition replaced text replication in 2012. In 2014, Google launched reCAPTCHA 2, the “no CAPTCHA reCAPTCHA,” that asked users to confirm their humanity by checking the “I’m not a robot” box. Behind the scenes, the user is verified by their movements and online activity.
Users saw less friction while website owners got more flexibility with the launch of reCAPTCHA v3.
This version leverages advanced AI analysis of user behavior to determine how likely a human is behind the screen. If the score indicates a high probability that a human is behind the keyboard, they may continue using the site friction-free. If the user score is low, the website owner may require further verification to continue interacting with the site.
Google’s latest iteration, reCAPTCHA Enterprise, was introduced in 2020. Google claims that reCAPTCHA Enterprise is a comprehensive, customizable solution that provides a frictionless, user-friendly experience across websites, not just on select pages. The reality is by allowing users to customize the rules they fundamentally alter the accuracy. A real solution should not have this flexibility.
Much like reCAPTCHA, hCAPTCHA offers several ways to authenticate users, and website owners can customize the tool to fit their website, including the level of difficulty. Unlike reCAPTCHA, hCAPTCHA does not track users. It also offers more privacy features and user incentives.
With the ability to determine human probability, with or without user friction, you may assume a CAPTCHA tool is all you need to prevent ad fraud, but plenty of downsides prove this is simply not the case.
CAPTCHAS Don’t Always Help Fight Ad Fraud, But They Can Hinder Users
It’s hard enough to mark all the CAPTCHA images of everyday objects you’re familiar with, so imagine users’ frustration when they were asked to identify something that doesn’t exist, like hockey players when they’re only shown soccer players and golfers. What if reCAPTCHA stops working on a particular browser, or your visitors can’t create an online account because they get a “CAPTCHA not working” error message?
In addition to these recent CAPTCHA snafus, we’ve long known about CAPTCHA’s downsides, including:
Hurting the User Experience
Did you know approximately 34% of users fail CAPTCHA puzzles on their first attempt? The resulting frustration can cause them to abandon carts or not complete forms, leading to missed opportunities for your business.
Wasting Users’ Time
You’ve probably heard of the ticket debacles for some of this summer’s hottest tours: disappointed fans waited online for hours only to learn tickets were sold out before they even had a chance to buy them. Of course, there’s the issue of supply and demand; but when humans and bots go head-to-head for something in high demand, humans are at a clear disadvantage. CAPTCHAs that slow down humans trying to prove themselves are often no match for bots that use AI to instantly click through, snatching up tickets or other limited-edition items before real fans and customers have a chance.
Killing Conversion Rates
CAPTCHAs annoy potential customers, and that can cost your business money. Studies show that conversion rates can drop 40% when customers encounter CAPTCHAs.
Doing What CAPTCHAs Can’t: Stopping Bots and Ad Fraud
In the category of “Did we really need a study to tell us this?” a recent research paper revealed that CAPTCHAs are essentially useless as AI-powered bots are better and faster at solving them than humans. This did not come as a surprise to us or our client Randall-Reilly.
Randall-Reilly helps their customers in the agriculture, construction, and transportation industries grow their businesses by providing relevant data and analytics services. The company came to us not knowing if they had an ad fraud problem. According to Dennis Evanson, compliance officer and QA director, their conversion rates and other metrics were “normal”; they used reCAPTCHA, but they were aware of ad fraud chatter and wanted to be sure they were providing the best information for their clients.
What did the data show?
The reCAPTCHA data showed that applicants with low scores were still converting and getting hired by their clients. With bad leads getting through, Randall-Reilly became concerned that good leads were getting rejected.
During their test of Anura, Randall-Reilly realized that more than 20 percent of their leads were fraudulent. We were able to help them identify and reduce ad fraud so they could provide better results for their clients, which gained client confidence and ultimately led to increased ad spend.
If CAPTCHAs as they exist today aren’t the solution, what is?
Creating more complicated CAPTCHAs will only add to users’ frustration and still not be 100% effective. Privacy pass protocols that verify humans based on online behavior without any extra effort work, but they’re not foolproof. It’s only a matter of time before fraudsters and bots figure out how to bypass these efforts as well.
While no one solution can prevent 100% of bots and ad fraud, Anura marks fraudulent visitors with 99.999% accuracy, so you are assured that fraudulent leads are kept out while good leads are not rejected. We do this by continuously monitoring traffic and trends and combining machine learning with decades of human experience and expertise.
Let us show you how much fraud is getting past your CAPTCHA and how we can help you generate more quality leads with less user frustration.
How did we help Randall-Reilly reduce their clients’ risk while increasing ad revenue? Find out in our case study, then contact us to find out how much fraud is getting past CAPTCHA.