CAPTCHA: What Is It and Why Is It Necessary?

Published: May 27, 2021
the authorby Janet Bargewell, GiveDirect Support

Why does GiveDirect use CAPTCHA?

CAPTCHA is an important component of online security. It is our first line of defense against bots and fraudsters who use your payment form for fraudulent transactions.

Without CAPTCHA in place, robots (aka "bots") can target a payment form to run dozens or hundreds of transactions, jumping from one IP address to the next, using lists of stolen credit card numbers to discover which card numbers are valid. CAPTCHA is the most effective way to block these bots.

robot

Can the CAPTCHA be disabled?

No. We understand that many of our platform users have corporate partners that employ firewalls that can be difficult to work around with the CAPTCHA turned on. However, because credit card fraud is such a serious concern and the CAPTCHA is our first line defense against it, this feature cannot be disabled.

Please remember CAPTCHA is a necessary tool to help protect you, your donors and GiveDirect.

What is CAPTCHA?

CAPTCHA is an acronym that stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." The Turing test, named after Alan Turing in 1950, is a method of testing whether a machine can be distinguished from a human. When used in a web browser, it is a puzzle that tries to determine whether the entity working on the other side of the computer is a human or another computer.

GiveDirect CAPTCHA

How Do CAPTCHAs Work?

Originally, CAPTCHA was typically made up of squiggly words, letters and numbers that the user had to re-type correctly. The next generation of CAPTCHA presented a grid of pictures from which a user had to choose. However, security engineers learned that these CAPTCHA formats could be completed by advanced bots. They are increasingly being replaced by different tests and methods. reCAPTCHA is one of the more recent. reCAPTCHA is a Google product and stands for reversed CAPTCHA.

Which version of CAPTCHA does GiveDirect use?

GiveDirect currently uses the invisible version of Google reCAPTCHA called no CAPTCHA reCAPTCHA.

All testing and verifications are done in the background and are totally "invisible" to the donor.

reCAPTCHA on the donation form

An invisible reCAPTCHA employs risk-based algorithms that allows the software to continuously learn and recognize ways a live person moves their mouse and reacts to different visual stimuli. Along with these data points, the software can look at the user's cookies, location data, and cached browser data and send a "score" to the application identifying the user as a person or bot.

If the donor fails the invisible CAPTCHA test, then the traditional "I'm not a robot" checkbox will appear.

Corporate Firewalls: Another Aspect of Security

Just as a person's home may be in a gated community or behind a fenced yard to control who can enter one's personal property, a corporation may employ a firewall or VPN (Virtual Private Network) to control cyber traffic in and out of their place of business. A firewall is an essential piece of corporate security software that monitors all incoming and outgoing traffic through a network, checking for hackers, malware, or anything that might put the company at risk. Some firewalls are so stringent, they may interfere with employees using internet sites that employ a CAPTCHA. This means some donors may not be able to process a donation from their work computer.

So how will you know if a corporate firewall is a problem and what can you do? Your donor will see a message like this:

VPN message

Here are two possible solutions if your donor receives this firewall/VPN message:

  1. Ask your donor to try the donation from a different device, i.e., a mobile phone or a home computer.

  2. Ask your donor to disconnect from any VPN that their computer is connected to. A VPN is often used in a workplace setting for security.