Ad Fraud Insights

Ad Fraud

The End of CAPTCHA: A Solutions That Just Isn't Cutting It Anymore

    Written by Richard Kahn
    on October 23, 2018

    At some point, we’ve all had to click the “I’m not a robot” button to complete a task or purchase. You know, the square box you click on a website to prove you’re not a bot? That’s a CAPTCHA.


    Source: KnowYourMeme

    Created in the year 2000 by computer scientists, CAPTCHA was the internet’s first defense against bots. The purpose of CAPTCHA technology has remained the same throughout the years: to only allow human users through, not bots. However as fraud has evolved, CAPTCHA has lost its edge.

    Why CAPTCHA Doesn’t Work

    A CAPTCHA solution looks like a great, but it’s really not as powerful as it appears. Not only is it disruptive for real users, it doesn’t always stop bots. CAPTCHA is by-passable, meaning it isn’t exactly a fool-proof option. Many platforms, even Google, have phased out CAPTCHA. In fact, it’s not even a requirement for e-signatures anymore.

    Not a robot

    Source: Marci Robin

    CAPTCHA solutions were meant to stop spam bots by generating tests that only humans could solve. But thanks to advances in technology, bots can now beat CAPTCHA. While CAPTCHA is great in theory, it’s outdated. A.I. has been beating CAPTCHA solutions since 2013 when Vicarious created a computer software that’s able to beat CAPTCHA with human-like precision.

    Related Post: They're Getting Smarter: A.I. Is Beating CAPTCHA Tests

    Fraudsters are constantly coming up with new ways to get past barriers. So inevitably, they will be able to break a CAPTCHA using new computer technology or human click farms.

    Humans will always be able to solve CAPTCHA, so fraudsters utilize click farms that provide low-cost human labor. One company, 2Captcha, pays an average of .17 cents for every one-thousand completed tests, which could take one to three hours.

    Working an eight-hour day, workers can generate over 8,000 CAPTCHA solutions which will then be sent to 2Captcha’s paying customers e.g. the fraudsters, who pay as low as .85 cents for 1,000 solved CAPTCHAs.

    Related Post: What’s Really Happening Down on the Click Farm?

    CAPTCHA can block less sophisticated attacks, but if you’re still getting spam, you may need another solution.

    As technology evolves, so do fraudsters. That’s why you need a reliable solution against bots. There are a variety of alternative techniques you can use like honeypots, verified sign-ins, or timestamps.

    CAPTCHA Solution Alternatives

    1. Honeypots

    Designed to capture bots without human users noticing, honeypots are a hidden form field that humans can’t see but bots can. They’ll immediately complete the form, letting the website owner know the user is actually a bot.

    The only complication with this method is that humans using a screen reader software will see the form, and then likely fail the test. You could label the field explaining its use, so real visitors know to leave it blank.

    2. Verified Sign-In

    This requires users to sign in with an account like Google or Facebook. If the visitor has one of these accounts, they must be human. One drawback to this method is that not all users will be comfortable inputting their information.

    3. Time Stamps

    Bots can fill out forms almost immediately, whereas humans take longer to read each field and then input information. Using a timestamp will measure how long a user spends filling out a form so you can verify them based on that information.  

    While these methods will help mitigate fraud, an ad fraud protection solution is your best defense against fraudulent traffic. Investing in an ad fraud solution that focuses on performance and real users will keep your brand safe from spam, filtering out fake users and bots.

    Captcha meme

    Source: Meme Guy

    Ad fraud is an arms race. Each time new technology is created to keep fraudsters out, they will find a way around it. As technology evolves, you need to strengthen your security, too.

    Related Post: Will Facial Recognition Bring the End of CAPTCHA?

    Fraudsters are always working to stay ahead of new innovations. The truth is you can’t rely on CAPTCHA tests to keep the bots out. Instead, you need an ad fraud protection solution like Anura that can safeguard you and your brand against bad traffic.

    New Call-to-action

    You may also like:

    Ad Fraud TCPA Compliance

    How Ad Fraud Can Hurt TCPA Compliance and Credibility

    Since telemarketing began in earnest back in the early 1980s, this method of generating sales leads has been growing — a...

    Ad Fraud

    How to Identify Ad Fraud with Accuracy

    Ad fraud, the practice of generating profits by fraudulently converting, clicking, viewing, or generating online interac...

    Ad Fraud

    Four Ways Ad Fraud is Destroying Digital Campaigns

    Ad fraud can derail a company’s digital campaigns before they even begin. As brands and companies take their products to...