Payment fraud is an ever-present issue that universities have to combat. A study by payments industry research firm The Nilson Report highlighted that global payment fraud amounted to $32.39 billion in 2020. This number is expected to rise in the future.
Carding attacks are a common form of payment fraud, wherein a malicious actor deploys bots to execute a string of small purchases on a website. These bots use randomly generated numbers when entering credit card information, in a bid to discover genuine numbers for future fraudulent purchases.
In the aftermath of such attacks, payment processors shut down or apply restrictions to a merchant’s account, hampering their ability to collect payments. While there is a range of tools that combat payment fraud, reCAPTCHA is probably the most effective.
Here are the different types of reCAPTCHA tools, along with brief descriptions of how they prevent bot activity.
The first tool to combat bot activity was the CAPTCHA. This tool presented a string of text that users had to type successfully. reCAPTCHA v1 improved on this by distorting the text that users viewed. Unfortunately, these distortions led to failed challenges since letters such as “r” and “n” often resembled each other.
reCAPTCHA V2 solves this issue by asking users to check a box labeled “I’m not a robot.” While this is a simple task for human users, bots struggle to execute this action, thereby protecting a merchant’s system.
Invisible reCAPTCHA V2
The invisible reCAPTCHA V2 replaces the checkbox with a visual challenge. However, this challenge isn’t presented by default. In a bid to improve user experience, the invisible reCAPTCHA V2 tracks user activity and determines the probability of bot activity. For instance, if a user clicks multiple buttons in a short time, the system classifies this as a highly probable bot attack.
Once this happens, the user is presented with a visual challenge requiring them to identify objects across multiple panes. Given its visual nature, this challenge is simple for human users while rendering bot activity close to impossible.
While invisible reCAPTCHA V2 is highly effective, there are issues human users encounter. For one, the system forces users to waste time clicking images. Second, pane selection can get tricky when images extend across multiple panes. This can lead to user confusion and frustration.
reCAPTCHA V3 solves these issues by being fully invisible. This method uses sophisticated algorithms to determine the probability of bot activity, providing a score ranging from 0 to 1. The closer a score is to 1, the greater is the probability of a bot attack.
If a set of activities indicate high bot probability, the system prevents a user from logging in. Thus the merchant’s account is insulated from anything resembling a bot.
reCAPTCHA is just one of many fraud prevention solutions that universities must employ. Whether setting up PCI compliance or implementing systems that combat payment fraud, Arrow’s seasoned team of experts can help. Contact us today for a free consultation.