Google CAPTCHA compromises the VAS business and puts the carrier billing business at risk. Even Google’s latest iteration reCAPTCHA (v3) can be bypassed in several ways and its usability is poor. It stops users from buying your products and leads to customer frustration during the checkout process.
1. Why Google reCAPTCHA is not safe and exposes users to fraud
Hackers have figured out many ways around the reCAPTCHA system, some of which are briefly summarized below:
- Hiring CAPTCHA solution services
It is relatively easy for hackers to hire a large number of human workers to solve CAPTCHAs at a cheap price, usually about $0.50 for every 1000 images, using services such as Anti-Captcha, which promises a response time of about 7 seconds per CAPTCHA.
Commercially these solutions makes sense for a fraudster since it only minimally reduces the CPA payout.
- Machine learning techniques
Researchers from the University of Toronto were able to use reinforcement learning methodology to bypass the latest version of Google’s reCAPTCHA (v3). Their approach was able to bypass v3 with a success rate of more than 90% and we can expect the use of similar methods to become commonplace over time.
- Browser Extensions for reCAPTCHA audio challenges.
The latest updates from browser extensions like Buster have made it easier to bypass reCAPTCHA v3 using speech recognition software to listen to the audio prompts and pretend to be a human user.
There are many other ways to fool the reCAPTCHA service, and all this is before we get into the serious data storage and privacy concerns involved in using this service.
reCAPTCHA v3 is used on more than 5 million websites worldwide and sends data to Google about user activity on each website – using a Google cookie to determine the risk attributed to each user. Google has not clarified how it uses all the data it collects from its reCAPTCHA service.
Further reading on Google reCAPTCHA hacks and data privacy concerns:
2. Poor Usability and Negative Impact on Conversion Rate
Maybe you have found yourself having problems solving the find-the-images-with-bicycles images on a sunny day due to reflection on your display.
Poor usability and conversion losses have a long history with Captcha. In 2014, Google pitted one of its machine learning algorithms against humans in solving distorted text CAPTCHAs: the computer got the test right 99.8 percent of the time, while the humans got a mere 33 percent.
According to a study carried out by Stanford University:
- Perfect agreement from three users only 71% of the time for image CAPTCHAs.
- Perfect agreement on audio CAPTCHAs from three users only 31% of the time.
- Non-native English speakers take longer to solve CAPTCHAs and are less accurate in solving CAPTCHAs that involve English words.
- Visual CAPTCHAs take 9.8 seconds to complete.
- Audio CAPTCHAs take much longer (28.4 seconds) to hear and solve.
- Audio CAPTCHA has a 50% abandonment rate.
All the added confusion obviously has a negative effect on conversion rates. This was also verified in a six month study by Casey Henry which showed that usage of CAPTCHAs reduced conversion rates. As time passes and the ubiquity of this service increases, we can expect these negative effects to increase further.
We believe that Google reCAPTCHA is not an anti-fraud solution for mobile carrier billing and exposes users to fraud. It cannot replace an effective carrier billing fraud solution with specific strategies and ecosystem knowledge. Furthermore it reduces conversion rates and negatively affects the margins for everyone in the value chain.
Our team can assist you if you have further questions on Google reCAPTCHA and how an effective anti-fraud solution helps you to protect your users and your future revenues.