Fraud Prevention

What are CAPTCHAs? Are They Still Relevant in 2020?

September 25, 20205 min Read


CAPTCHAs were created with an aim to protect websites from automated, bot-driven attacks. They operate on the premise that bots cannot interact with websites in a way humans can, and will therefore will cause automated scripts to fail. However, advancements in technology have resulted in bots that can mimic human behavior fairly accurately and be trained to bypass traditional CAPTCHAs at scale

Over the years, CAPTCHAs were widely used in interactive websites—that allowed users to comment, fill up forms, review products, participate in polls, and so forth—to protect them from bots and spam. However, as bots continued to advance, CAPTCHAs failed to evolve and languished in legacy techniques, which allows bots to bypass them rather easily.

CAPTCHA is an acronym for 'Completely Automated Public Turing Test to Tell Computers and Humans Apart', but in effect it is a reverse Turing test, as it is conducted by a computer rather than a human. The term was coined by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford two decades ago in the year 2000.

Recommended Blog: ReCAPTCHA is Still Vulnerable: Perhaps More Than Ever Before

Types of CAPTCHAs

CAPTCHAs can be broadly classified into the following categories:

  • Text-based: The initial CAPTCHA codes were mostly text-based, where users had to identify the alphabets and digits from a distorted image and correctly enter into a dialog box on their device screens. When the image was too distorted for a user to identify the text and digits, the user could request another code by refreshing the request. Often, users found the whole exercise off-putting and abandoned the activity, which meant a loss for the business. For instance, when a user, trying to book a product demo, abandons the query form simply because of the frustration caused by the CAPTCHA, the business loses an important lead and a potential customer.
  • Image-based: To overcome the problems posed by text-based codes, image-based challenges were created. These visual challenges are based on easily identifiable pictures from a grid of multiple pictures. For instance, users must correctly identify all pictures featuring cars in the grid. Image-based CAPTCHAs are easier to solve than those that are text-based, however, due to machine vision software these images can be recognized and classified easily by automation.
  • Audio-based: Both text- and image-based CAPTCHAs are limited in their ability to serve visually impaired users. This can limit a website's usability. Therefore, to enable such users identify CAPTCHA codes easily, audio-based codes are used alongside text- or image-based codes. If a user finds it difficult to decipher the audio, it’s possible to request for another audio clip by requesting for an alternate audio code.
  • Math-based: These codes require users to solve simple mathematical calculations and provide the correct answer in the box provided. Usually, these codes are based on simple addition, subtraction, multiplication, and division.

Recommended Blog: Are You Still Allowing Bots to Bypass CAPTCHA?

Machines have succeeded in conquering CAPTCHAs

To counter the frantic evolution of bots, CAPTCHA developers made these challenges more complex. However, complex codes adversely impacted the solve rate for true users and bounce rates began to rise. Additionally, the solve rates for bots are now far higher than the true users, with a recent report from Gartner stating that traditional CAPTHCAs are “conquered by machines”. Websites are the lifeblood of digital businesses and cannot afford to lose genuine customers or leave themselves vulnerable to attacks. 

Traditional CAPTCHAs are fast losing their efficacy and are no-longer the go-to solution when it comes to protection against bots. This is primarily due to the following reasons:

  • Failure to adapt: CAPTCHAs have failed to keep pace with the evolution of bots. Many bots today are capable of circumventing these challenges easily and at scale. Add to this the availability of numerous automatic solvers and cheap human solving services that are fast making traditional CAPTCHAs redundant.
  • Black-box approach: Today, businesses need actionable insights to prepare for the evolving attacks. However, the free or almost-free CAPTCHA solutions suffer from a black-box approach, as they neither provide any insights or analysis for the decisions made nor the context or reasoning.
  • Affects user experience: The good user solve rates for many of the older CAPTCHAs are decreasing, whereas it is increasing for bots. CAPTCHAs can degrade user experience by introducing misplaced friction, which only frustrates the users, who may choose to abandon the interaction altogether.

Recommended Blog: How Machines Are All Set To Conquer Legacy Captchas?

A solution that guarantees protection from large-scale bots attacks

Legacy CAPTCHAs are no longer reliable, however, businesses need protection from bots and spam. A layered approach that is effective in blocking bots while allowing consumers to continue enjoying a seamless user experience is the need of the hour.

Arkose Labs Fraud and Abuse Prevention Platform follows a multi-tiered approach to identify and stop bots to such efficacy that it is backed by a commercial SLA guarantee. To learn more about the Arkose Labs 100% SLA guarantee for protection against automated attacks, contact us today.

Recommended Event: Bankrupting Fraud Virtual Summit