Google Recaptcha is not an anti-fraud solution.

Google reCAPTCHA puts end users in double jeopardy:

  1. It exposes users to fraud
  2. It prevents them from purchasing what they want

Google reCaptcha is the CAPTCHA solution offered by Google, which we have all already seen before:

Google recently created a third version, and it doesn’t work better. 

1- Google reCAPTCHA exposes end users to fraud

Since 2012, hacking Google reCAPTCHA has become a national sport: 

On the dark web, fraudsters resell kits to bypass Google reCAPTCHA industrially. On the web, it costs 1,5$ per 1000 Google reCAPTCHA hacked: https://anti-captcha.com/mainpage

Abdelaziz Khaled, Cyber Security Analyst at EVINA: “These tools are easy to download and set up. We find them everywhere. When we reverse-engineer a malware, as we did with MOBOK Malware, it involves a part of coding dedicated to bypassing Google reCAPTCHA” (picture below).

2- It prevents customers from purchasing what they want

Indeed, Google reCAPTCHA v3 generates false positives.

Wesley Hendriks, Head of Data Team at Sam Media: “We have tested Google reCAPTCHA v3 and compared the results with other anti-fraud solutions.  We noticed that around 50% of legitimate traffic, according to other anti-fraud solutions, received the lowest scores – ’10’ or ‘30’-  from Google reCAPTCHA V3.”

Since the product is free, Google offers very little support and understanding of the data collected. Google provides clients with a score between 0.0 and 1.0 for them to determine which transaction to block. Yet support and thorough analysis are key to fight fraud the right way.

Fabienne Huygens, Product Owner at CM.com: “When it comes to an anti-fraud solution, support is essential. The team at Evina is proactive and supports our teams on a daily basis to fight against fraud.”

Franck Semanne, Head of Carrier Billing at Bouygues Telecom: “In terms of anti-fraud solutions, we can’t rely on an average score to let us decide what we consider as a fraud. An anti-fraud solution must detect and precisely define a fraudulent attempt, and this is what we appreciate with Evina.”

Our team is at your disposal to provide you with effective tools to combat fraud, and to help your partners understand that Google reCAPTCHA is not an optimal anti-fraud solution.

The Fraud Observer

Do you like this article ?

Articles, interviews, analyzes, debates ... Once a month, the most valuable insights and news to fight fraud and grow your business.