Select Page

Payment fraud is an ever-present issue that universities have to combat. A study by payments industry research firm The Nilson Report highlighted that global payment fraud amounted to $32.39 billion in 2020. This number is expected to rise in the future.

Carding attacks are a common form of payment fraud, wherein a malicious actor deploys bots to execute a string of small purchases on a website. These bots use randomly generated numbers when entering credit card information, in a bid to discover genuine numbers for future fraudulent purchases.

In the aftermath of such attacks, payment processors shut down or apply restrictions to a merchant’s account, hampering their ability to collect payments. While there is a range of tools that combat payment fraud, reCAPTCHA is probably the most effective.

Here are the different types of reCAPTCHA tools, along with brief descriptions of how they prevent bot activity.


The first tool to combat bot activity was the CAPTCHA. This tool presented a string of text that users had to type successfully. reCAPTCHA v1 improved on this by distorting the text that users viewed. Unfortunately, these distortions led to failed challenges since letters such as “r” and “n” often resembled each other.

reCAPTCHA V2 solves this issue by asking users to check a box labeled “I’m not a robot.” While this is a simple task for human users, bots struggle to execute this action, thereby protecting a merchant’s system.

Invisible reCAPTCHA V2 

The invisible reCAPTCHA V2 replaces the checkbox with a visual challenge. However, this challenge isn’t presented by default. In a bid to improve user experience, the invisible reCAPTCHA V2 tracks user activity and determines the probability of bot activity. For instance, if a user clicks multiple buttons in a short time, the system classifies this as a highly probable bot attack.

Once this happens, the user is presented with a visual challenge requiring them to identify objects across multiple panes. Given its visual nature, this challenge is simple for human users while rendering bot activity close to impossible. 


While invisible reCAPTCHA V2 is highly effective, there are issues human users encounter. For one, the system forces users to waste time clicking images. Second, pane selection can get tricky when images extend across multiple panes. This can lead to user confusion and frustration.

reCAPTCHA V3 solves these issues by being fully invisible. This method uses sophisticated algorithms to determine the probability of bot activity, providing a score ranging from 0 to 1. The closer a score is to 1, the greater is the probability of a bot attack.

If a set of activities indicate high bot probability, the system prevents a user from logging in. Thus the merchant’s account is insulated from anything resembling a bot.

reCAPTCHA is just one of many fraud prevention solutions that universities must employ. Whether setting up PCI compliance or implementing systems that combat payment fraud, Arrow’s seasoned team of experts can help. Contact us today for a free consultation.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

What to Know During the PCI DSS v4.0 Transition

What to Know During the PCI DSS v4.0 Transition

The Payment Card Industry Data Security Standard (PCI DSS) is focused on protecting cardholder data. As fraud and cybercriminals evolve, so must the standards by which organizations secure data, which is why we're in a phase of PCI DSS v4.0 Transition. The aim of the...

Understanding Real-Time Payments for Higher Ed

Understanding Real-Time Payments for Higher Ed

Real-time payments continue to gain momentum in 2022, especially as a new economic environment spurs the need for faster payments. As cross-border payments continue to gain steam, real-time payments show promise to aid those capabilities, too. The focus has long been...

What’s New in Treasury Tech?

What’s New in Treasury Tech?

Treasury departments hold a critical role in driving success for companies. Between financial planning, managing payments, and mitigating future risk, treasury departments must stay apprised of the latest technology developments to manage these responsibilities well. ...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery