Why Annoying CAPTCHAs Still Matter To Google, Ecommerce In The Battle Of Bots

Have you ever been confused when trying to shop online and seeing altered text asking you to prove you’re not a robot? Trying to judge, I squinted at the screen and got a headache Are there bicycles, cars, boats, stop signs, or traffic lights inside?

These are called CAPTCHAs. This is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart.”

Invented in 2000 by a group of researchers at Carnegie Mellon University, this test typically consists of text, images, or audio and is used as a security measure to detect bot activity online. Aside from what some cybersecurity experts would say on top of human user annoyance issues, the fundamental approach to cybersecurity is also problematic.

“The question we’ve faced time and time again over the years is what if we could look like a million humans. The answer is virtually anything. Cybersecurity firm HUMAN Security CEO claims CAPTCHA systems have been completely defeated by bots over the years.

How Machines Are Like Humans

CAPTCHA as a standalone cybersecurity tool can be unreliable as it is partly a behavioral based approach. The tool not only tracks the user’s ability to solve the puzzle at hand, but also monitors actions such as the speed at which they move through web pages and the curvature of the mouse. According to Hassan, machine learning and artificial intelligence have become more human over the last decade, and in some ways are much better at solving large-scale puzzles than humans. Solving a single puzzle like a CAPTCHA can become a fairly easy task for a bot, given the large memory capacity of the machine, which can handle multiple things at once.

CAPTCHA resolution farms are also used as a cheap way to expose CAPTCHAs. Bots can be programmed to call an offshore human resolution farm to crack CAPTCHAs in seconds.

“We shouldn’t test humans. We shouldn’t treat humans like crooks,” Hassan told CNBC Washington correspondent Eamon Jabbers at the CNBC Work Summit in October. We can’t add friction to humans because we need to test bots in a way.”

Forrester Principal Analyst Sandy Carielli says that in today’s world, CAPTCHAs used without an additional layer of cybersecurity protection are typically not enough for most companies. However, when used in conjunction with other safeguards, CAPTCHAs can be a viable means of preventing bot attacks.

“For many sites, the CAPTCHA itself is really only part of the story,” says Carielli. “Often you can think of CAPTCHAs as one piece of the puzzle.”

Carielli’s report, “We All Hate CAPTCHA, without When We Don’t We Don’t When We Don’t When We Don’t,” found that 19% of U.S. adults were online when they encountered a CAPTCHA in the past year. I understand that you have abandoned the transaction.

Google’s evolving approach to bot detection

Google acquired reCAPTCHA (a CAPTCHA service developed by Luis von Ahn, one of the original researchers who developed CAPTCHA and co-founded the language-learning app Duolingo) in 2009, and has been a staunch supporter of the service ever since. We have developed multiple updated versions. He is currently one of the most popular CAPTCHA platforms.

In a statement to CNBC, Sunil Potti, vice president and general manager of Google Cloud, said the technology has evolved to make the user experience more seamless. First introduced in 2018, his ReCAPTCHA v3 does not require any real interaction with his end users. According to his website at Google Developers, reCAPTCHA v3 monitors user interactions within selected pages of a website and generates a score whether the user is a bot.

In 2020, Google launched reCAPTCHA Enterprise. It evaluates instances of potential fraud across websites, rather than being limited to specific pages. According to Potti, reCAPTCHA Enterprise has helped reCAPTCHA technology evolve from an anti-bot tool to an enterprise-level anti-fraud platform.

Image reCAPTCHA can detect basic bots, but sophisticated attackers are developing ways to circumvent the system. Potti said Google is constantly looking for new signals to protect sites and assess known bots and his CAPTCHA resolution service.

“We are actively working to build technology that is difficult for fraudsters and easy for legitimate users, and strongly encourages organizations to adopt the latest version of reCAPTCHA,” Potti said in a statement. said.

According to Carielli, reCAPTCHA technology has additional detection and prevention aspects that make CAPTCHA software more reliable. This layered approach makes the service a trusted source of bot prevention.

“In some ways, CAPTCHAs are evolving because they are not used in isolation,” says Carielli. “They’re being used as part of a broader bot management defense, and that’s evolution.”

According to Callieri, bot management systems that are often used in conjunction with CAPTCHAs include blocks, delays, and honeypots. According to Carielli, reCAPTCHA Enterprise upgrades the traditional reCAPTCHA process to a comprehensive security platform to combat fraud and help Google establish itself in the bot management space. “It will require aggressive investments to be on par with other bot management vendors,” he said.

HCaptcha is running on 15% of the internet as of January and claims to be the most popular alternative to Google’s reCAPTCHA. Three versions of his hCaptcha are available: Publisher, Pro and Enterprise, and the service includes an extra layer of privacy protection and does not hold any personal user information. The company claims that human verification methods such as CAPTCHA will continue to exist “as long as people are people.”

According to Carielli’s research, hCaptcha is a strong CAPTCHA provider when it comes to privacy, but it lacks other security measures to increase protection and requires customers to install their own additional defenses. . But a company spokesperson said that as bot attacks evolve, hCaptcha maintains a detection accuracy of over 99%. Also, 99% of people pass his hCaptcha visual challenge on his first or second attempt.

“Bots are always catching up with us. As bots improve, our questions change,” the spokesperson said in a statement to CNBC.

Even if it detects suspicious activity, Hassan said, CAPTCHAs can degrade the user experience and have a far greater business impact in areas such as conversions, usability and product adoption.

“Captcha is hard to keep up with”

Survey data from Forrester Research shows that regardless of the frustrations consumers experience with ecommerce cybersecurity, their overall sentiments toward CAPTCHAs are split in two. Almost as many US adults report feeling safe or frustrated when asked to complete a CAPTCHA.

One way to minimize the human frustration associated with CAPTCHAs is to present them only when a user first creates an account or profile on your website, rather than every time a transaction is made. Center for Innovation Technology Policy at Princeton University. While this would minimize the amount of time consumers face a CAPTCHA, the idea is not entirely viable as it could reduce the number of cybersecurity checkpoints.

In a recent interview with CNBC, Mittal said machine learning isn’t perfect and can make mistakes. Therefore, it is also important to include humans in the loop when creating cybersecurity systems that recover from errors.

“CAPTCHA will have a hard time keeping up with large-scale innovations in technology,” says Mittal. “It is not an exaggeration to say that there will likely be many different types of security systems.”