Security

reCaptcha aka "I Am Not A Robot" box

CAPTCHA is an important component of online security. It is our first line of defense against bots and fraudsters who use your payment form for fraudulent and testing transactions.

This function is useful in preventing bot (automated hacker) attacks. When an e-commerce form is available for public use, such as on your web site, it leaves the site readily accessible to automated hackers looking to test and subsequently steal credit card information.

This does not mean that hackers are attempting to break into our secure server, rather they are testing credit card information they have previously stolen or bought on the black market.

The newest form of reCaptcha used by GiveDirect is invisible to the donor -- it works in the background to detect movements that react in a "human" way or a fast, smooth profile of a machine (bot).

The "I Am Not A Robot" (also known as CAPTCHA) software along with our IP address lock-out helps to eliminate hacker attacks.

We know through experience that the CAPTCHA software works, but it is optional. To turn off the "I Am Not A Robot" feature on your form, go to My Campaign > Fundraising Forms, and click on the green edit button. You will find the on/off toggel switch for "Captcha Required" in the Custom Form Option section.

Note: Captcha is turned on by default and should remain on as a security precaution. The charity does have the option of disabeling this feature, but if reCaptcha is turned off, the charity may be liable for any expenses incurred for returned or charged back transactions.

Which version of CAPTCHA does GiveDirect use?

GiveDirect currently uses the invisible version of Google reCAPTCHA called "no CAPTCHA reCAPTCHA."

All testing and verifications are done in the background and are totally "invisible" to the donor.

An invisible reCAPTCHA employs risk-based algorithms that allows the software to continuously learn and recognize ways a live person moves their mouse and reacts to different visual stimuli. Along with these data points, the software can look at the user's cookies, location data, and cached browser data and send a "score" to the application identifying the user as a person or bot.

If the donor fails the invisible CAPTCHA test, she will be then be asked to check the traditional "I'm not a robot" checkbox.

What else do I need to know about "I Am Not A Robot"?

Potential reasons for reports that the system does not work:

  • The computer operating system is out of date.
  • The donor is using a VPN (Virtual Private Network).
  • The donor is working on a tightly managed corporate network that runs extreme levels of 3rd party extension blocks, ad blocks, script blocks, etc..
  • Donor has disabled Javascript in his browser. Javascript should be enabled.
  • Donor has blocked 3rd party cookies or Google cookies are corrupted. 3rd party cookies must be allowed.
  • Donor is using "HTTPS Everywhere" (a browser extension for Google Chrome, Mozilla Firefox and Opera). Extension needs to be disabled for a smooth connection to the payment form.

How to help a donor who has trouble with "I Am Not A Robot"

A few of the problem areas above can be easily fixed by the donor. However, for an immediate customer-service-oriented solution, you should assist the donor in completing the payment.

In your Control Panel, you will find a link for Process A Payment (this requires administrator-level access). The link on your password protected Control Panel bypasses the public form's fraud prevention measures and does not use a captcha box.

Another option is to turn off the "I Am Not A Robot" widget. However, this is not recommend as a long-term fix due to hacker vunerability issues.

To report a problem with your "I Am Not A Robot" widget, please contact support@givedirect.org or call 866-459-6420.