Why CAPTCHA is Ineffective at Spotting Real Fraud

This is one of the most confounding parts of any customer journey and the bane of UX-focused marketers. While CAPTCHA strives to fight fraudulent intrusions on your site, it doesn’t work 100% of the time and often frustrates and prevents your intended audience from getting through.

CAPTCHA stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart." It is a program designed to differentiate between human users and bots. CAPTCHAs attempt to protect websites from spam and abuse by requiring users to prove they are human before they can interact with the site. Created in 2000 by researchers at Carnegie Mellon University, it was gifted to Google as the “owner” of the tech, and it is also free to site builders and internet enthusiasts.

What is the difference between CAPTCHA and reCAPTCHA?

reCAPTCHA, a version of CAPTCHA created by Google, combines Google’s machine learning and your human input to determine whether you are a human or a bot. reCAPTCHA was designed to be more user-friendly than traditional CAPTCHAs. However, it still requires users to perform a task that is difficult for bots to complete, such as selecting images or entering a series of letters and numbers. (If bots can’t identify different types of vehicles, crosswalks, and stop lights, trustworthy self-driving cars might still be a ways off. But then again, I often struggle to identify all of them in these images.)

Word on the street is that Google is using reCAPTCHA to enhance its own AI and machine learning. When you are working out the reCAPTCHA, other users are concurrently completing the same task, which informs Google’s machine learning to understand better how to detect fraud—and how humans think. While this all sounds well and good, there are many problems with CAPTCHA and reCAPTHA’s ability to detect real fraud.

Fraudsters are tech-savvy, too. 

While the technology might have been useful ten years ago, technology doesn’t sleep, and neither do the fraudsters. Automated bots continue to become increasingly sophisticated, able to click on ads, manipulate website metrics, process credit card transactions, fill out forms, and leap small buildings. Ok, that last part may be an exaggeration, but the point is fraudsters and bots don’t seem to sleep, they evolve.

Fraud finds a way. 

These tools are created to stop bots, but fraudsters still find a way via a loophole in the system. CAPTCHA and reCAPTCHA work under a dated assumption that all bad traffic comes in the form of a bot, which, as we learned, cannot tell a light pole from a crosswalk. But humans can. Human click farms leverage large groups of cheap workers to manually click on online paid ads. Easily making their way past simple CAPTCHA tests, these fraudsters fill out forms with bogus information, generating fake leads, and can artificially inflate the number of clicks or views on a website or digital ad.

Good leads get turned away. 

Unfortunately, real people often fail CAPTCHAs. A Standford study found that CAPTCHA reduced form conversions by up to 40%! Complex CAPTCHAs can actually turn good leads away. As noted by Baymard Institute, “Only 66% of users during our qualitative usability testing successfully entered the CAPTCHA on the first attempt.” According to Anura’s CEO and co-founder Rich Kahn, “Our clients have found that CAPTCHA has a HIGH false positive rate. This means real people are being marked as frauds. Not only does it frustrate real people, it almost chases them away from your site.” CAPTCHA’s high false positive rate clearly shows a disruption in your buyer’s journey and a hit to your bottom line.

Stop fraud before it has a chance to reach you. 

What if there was a better way to prevent ad fraud? A way to allow users to have a less frustrating experience and ensure you filter out the bad but leave the good? If you’re reading this, you probably know Anura is in the business of detecting and mitigating ad fraud. CAPTCHA and reCAPTCHA are designed to interrupt potential fraud at the point of entry. Anura allows you to alleviate the risks of ad fraud by preemptively filtering out the traffic that causes undue harm to your business. Anura also stops fraud at the point of entry by identifying and stopping bots, malware, and human fraud, something a CAPTCHA cannot do.

Capture the best ad fraud solution.

An ad fraud solution is a tool that helps companies identify false interactions with their web assets. So what makes an ad fraud solution like Anura different from a bot filter? Where a bot filter might use a simplistic “vanity metric” that sounds good on paper trying to spot fraudulent interactions, Anura understands how data should look for real people through hundreds of data points and thus can identify what’s genuine fraud. This provides a much more nuanced look at every form fill that helps you accurately identify fraud as it happens. Anura takes this a step further by sharing all of the data used in the decision to flag a form filled as fraud—showing you exactly why the activity was flagged and giving you the evidence you need to confront the fraudster if you need to.

Step up from CAPTCHA

By eliminating CAPTCHA or reCAPTCHA and installing Anura, not only is 99.999% accurate when marking a visitor as fraud, real customers experience no interruption and move through none the wiser. Fraud solutions on the front end can help slow the traffic from bots (well, at least bots that aren’t sophisticated enough to pass the test), but they also impact the user experience. While combining CAPTCHA and Anura would create a strong defense, unfortunately CAPTCHA negatively impacts the user experience, resulting in the loss of good leads. There is only one solution you need. Anura is seamless to the user and ensures good traffic gets by while bad traffic is filtered out. Simply put, Anura is better at catching actual fraud and providing a better experience for your users. 

Anura offers two simple, but flexible integrations depending on the need of your business and the type and frequency of the fraud you’re seeing come across your site. 

Anura Script –

Identifies the most complex types of fraud, known as sophisticated invalid traffic (SIVT). Anura Script provides real-time responses for real-time decisions through a simple JavaScript integration.

Anura Direct –

Recognizes the most common types of fraud, known as general invalid traffic (GIVT), and responds in milliseconds. A simple integration through REST API will have you up and running in no time.

Want to Know How Anura Helped a Global Web Services Company Fight Fraud? Download the Case Study!