Help Guide
CAPTCHA: What Is It and Why Is It Necessary?
Posted: May 27, 2021

Why does GiveDirect use CAPTCHA?

CAPTCHA is an important component of online security. It is our first line of defense against bots and fraudsters who use your payment form for fraudulent transactions.

Without CAPTCHA in place, robots (aka "bots") can target a payment form to run dozens or hundreds of transactions, jumping from one IP address to the next, using lists of stolen credit card numbers to discover which card numbers are valid. CAPTCHA is the most effective way to block these bots.
Please check your forms and enable the CAPTCHA if it has been turned off.

Can the CAPTCHA be disabled?

Yes and no. We understand that many of our platform users have corporate partners that employ firewalls that can be difficult to work around with the CAPTCHA turned on. For that reason, we have provided you the ability to temporarily turn the CAPTCHA off. However, because the CAPTCHA is our first line defense against fraudsters, we ask that after your donor has submitted the donation or the corporate campaign is completed, that you re-engage the CAPTCHA on your payment form.

Please remember CAPTCHA is a necessary tool to help protect you, your donor and GiveDirect.
GiveDirect CAPTCHA

Understanding the Basics:

CAPTCHA is an acronym that stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." The Turing test, named after Alan Turing in 1950, is a method of testing whether a machine can be distinguished from a human. When used in a web browser, it is a puzzle that tries to determine whether the entity working on the other side of the computer is a human or another computer.

How Do CAPTCHAs Work?

Originally, CAPTCHA was typically made up of squiggly words, letters and numbers that the user had to re-type correctly. The next generation of CAPTCHA presented a grid of pictures from which a user had to choose. However, security engineers learned that these CAPTCHA formats could be completed by advanced bots. They are increasingly being replaced by different tests and methods. reCAPTCHA is one of the more recent. reCAPTCHA is a Google product and stands for reversed CAPTCHA.

Which version of CAPTCHA does GiveDirect use?

GiveDirect currently uses the invisible version of Google reCAPTCHA called no CAPTCHA reCAPTCHA.

All testing and verifications are done in the background and are totally "invisible" to the donor.

An invisible reCAPTCHA employs risk-based algorithms that allows the software to continuously learn and recognize ways a live person moves their mouse and reacts to different visual stimuli. Along with these data points, the software can look at the user's cookies, location data, and cached browser data and send a "score" to the application identifying the user as a person or bot.

If the donor fails the invisible CAPTCHA test, she will be then be asked to check the traditional "I'm not a robot" checkbox.

Corporate Firewalls: Another Aspect of Security

Just as a person's home may be in a gated community or behind a fenced yard to control who can enter one's personal property, a corporation may employ a firewall or VPN (Virtual Private Network) to control cyber traffic in and out of their place of business. A firewall is an essential piece of corporate security software that monitors all incoming and outgoing traffic through a network, checking for hackers, malware, or anything that might put the company at risk. Some firewalls are so stringent, they may interfere with employees using internet sites that employ a CAPTCHA. This means some donors may not be able to process a donation from their work computer. (Keep reading for a temporary solution to this problem.)

error message
So how will you know if a corporate firewall is a problem and what can you do? Your donor will see a message like this:
Here are three possible solutions if your donor receives this firewall/VPN message:
edit form

  1. 1. Ask your donor to try the donation from a different computer, i.e., a home computer.

  2. 2. If the donor is using a VPN, ask him to temporarily disable his VPN.

  3. 3. Temporarily turn the reCAPTCHA off through your Control Panel > Fundraising Forms (see Figure right).
    If you select this option, please make sure to re-engage the reCAPTCHA once the donation has been submitted.