1. Too Many False Positives
Good users are often classified as suspicious by reCAPTCHA and forced to go through onerous friction to authenticate themselves. This is largely due to it being heavily dependent on the use of Google cookies. That means if you are a Chrome user, or are logged into a Google account such as Gmail, Google knows much more about you and how “suspicious” your web activity is. However, if you use another web browser, are not a Google user, or utilize a VPN for privacy purposes, you will most likely be flagged as suspicious by reCAPTCHA Enterprise.
2. Susceptible to Advanced Bots
Image recognition software has gotten so advanced that it can easily solve most reCAPTCHAs with little difficulty. And it’s easy to get a hold of software to do just that; a simple web search for bots that solve reCAPTCHA turns up dozens of results, some of which offer access to automated scripts for as little as $20/year. In 2022, it is both easy and inexpensive for attackers to buy bots from various marketplaces that easily solve reCAPTCHAs in seconds.
3. Pricing Model
One of the advantages of reCAPTCHA had been the fact it was free. But reCAPTCHA Enterprise is not free, and it is difficult for businesses to justify the ROI of implementing this solution. reCAPTCHA Enterprise charges businesses after the first 1 million assessments per month. This can become very costly for organizations that have large traffic volumes, such as e-commerce sites, gaming platforms, and digital banking apps. And it still does not provide robust protection against sophisticated attacks. If businesses are going to spend money on an anti-bot solution, they might as well spend it on a solution that effectively stops attacks.
4. Still the Same Challenge
reCAPTCHA Enterprise claims to work invisibly and show less of the onerous challenges that consumers have grown to loathe. But if it returns a risk score that indicates potentially suspicious traffic, what are the options for website admins that use reCAPTCHA Enterprise?
They must test that traffic with the same, old tile-based reCAPTCHA that is easily defeated by bots and frustrates good users. This is especially onerous due to the high rate of false positives reCAPTCHA Enterprise has, as noted above. Barring using the old reCaptcha challenge, businesses can create their own or invest in another challenge-response mechanism, which adds additional time and cost.
5. Data Privacy
reCAPTCHA Enterprise collects many different data points on users in order to make its risk decisions. This is a problem because of the increase in consumer data privacy laws around the world. Data privacy has become a big issue, and many governments have regulations about how much and what type of user data businesses can collect. Using reCaptcha Enterprise means companies risk running afoul of such laws. Instead, they should seek a solution that collects the minimum amount of PII possible in its risk decisioning.
As you can see, despite attempts to make a better version of reCAPTCHA, the Enterprise version still falls short in many areas and has various limitations. The Arkose Labs Fraud and Abuse Defence Platform, however, provides powerful remediation which eradicates 100% of automated traffic and enables businesses to deflect attacks from skilled cybercriminals and fraud farm outfits. To learn more about how we can help or to book a demo, click here.