Researchers at HUMAN have found that 40% of real humans have at some point given up on a purchase because of CAPTCHA frustration. This is a big problem because customers are often served CAPTCHAs just at the point where they’re about to make a purchase or create an account on your platform.
What is CAPTCHA?
CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." This security measure helps prevent bot attacks, spam, and password decryption by asking real users to complete a challenge to prove they are human.
CAPTCHA: A verification challenge as old as time
For the past 20-plus years, many online platforms have used onerous CAPTCHA puzzles to differentiate between bots and human users. CAPTCHAs were a key checkpoint to defend against automated bots attacks, such as account takeover, transaction abuse, and scraping. And after 20+ years of evolution, CAPTCHAs must be pretty effective, right?
After the first CAPTCHAs came out (remember those jagged letters and numbers?), bots evolved and were soon able to solve them. So, developers made CAPTCHAs even harder (enter image CAPTCHAs and other more creative puzzles). Rinse and repeat for 20+ years and you end up with CAPTCHAs so difficult that humans get frustrated trying to solve them.
The truth is, CAPTCHAs haven’t stood the test of time. Today, CAPCHAs are often deftly solved by automated bots. Data indicates that locally run bots using specially trained image-recognition models can match human-level performance in this style of CAPTCHA, achieving a 100% success rate, despite being decidedly not human.
So, as bots have evolved faster than CAPTCHAs can, we’re left in a less-than-ideal situation:
- CAPTCHAs are getting harder and harder for humans to solve.
- Bots continue to solve them, no matter how hard they get.
We’ve learned that that you will never defeat automation by making CAPTCHAs harder to solve
Legacy CAPTCHAs hurt the user experience
It is clear that legacy CAPTCHAs don’t actually stop sophisticated bots. But they do deter some humans.
Legacy CAPTCHAs add friction and frustration to the buyer journey, which may drive user abandonment just at the point that they’re about to make a purchase. Customers who leave the page or fail to solve a CAPTCHA, even if only a subset of users, are still important, especially for large online businesses where a small percentage of abandoned carts represents a large amount of lost revenue.
Solving the CAPTCHA challenge
At HUMAN, we know that legacy CAPTCHAs aren’t working. So, we decided to take a different approach: Human Challenge. Human Challenge is a user-friendly, frictionless CAPTCHA alternative, presented as a simple button that users “press and hold.” It’s privacy compliant, accessible, secure, and effective — with industry-leading features to detect even the most stealthy automated CAPTCHA-solving bots.
Because Human Challenge is not a puzzle for users to solve, it cannot be beat by the AI bots that render traditional CAPTCHAs ineffective. Human Challenge uses advanced techniques and strong antitampering mechanisms that make it difficult to solve through automation, AI, API calls, or CAPTCHA farms.
Furthermore, Human is a mechanism to gather more information about the bots that try to solve it. When users press and hold the button, HUMAN captures more data behind the scenes that allows us to more accurately make the bot- or- not decision. This dramatically reduces false positives and increases decision precision.
One example is proof-of-work (PoW), a short puzzle for bots (instead of humans). When users click the Human Challenge button, PoW requires their device to complete a computational task. This is fairly easy for the typical user submitting a single request, but it takes a lot of energy and CPU cycles to perform computations like this at scale (for example, if your device is operating bots attempting thousands of logins per second). This makes it more expensive for cybercriminals to finish their attacks.
PoW reflects HUMAN’s CAPTCHA philosophy. HUMAN inspects every digital interaction, but only challenges risky requests — providing detection accuracy while preserving an uninterrupted consumer experience. Instead of challenging real humans to prove they’re not bots, we challenge bots behind-the-scenes, without affecting the user journey.
Adding friction is never the answer
Making CAPTCHAs harder and harder destroys your customer experience, without actually deterring sophisticated bots. So, HUMAN went in the opposite direction and made our CAPTCHA as easy as possible. Human Challenge takes a user-centric approach to provide the most frictionless CAPTCHA on the market.
Human Challenge is included in HUMAN’s bot management solutions, including Account Takeover Defense, Scraping Defense, and Transaction Abuse Defense. In 99.99% of cases, real users move forward without ever seeing Human Challenge. It’s only for that remaining 0.01% of human users that Human Challenge comes into play.
Although your customers will rarely encounter Human Challenge, when they do, there will only be minimal interruption. Among users who do see Human Challenge, abandonment rate is three to five times lower than Google reCAPTCHA. Bots, on the other hand, ignore the button and go no further, or press and hold to allow HUMAN to gather additional signals and block their path immediately. Whatever the response, Human Challenge provides additional intelligence that strengthens your protection against automated cyberattacks across the web.
