Jump to Content
Security & Identity

Keep your users safe with reCAPTCHA Enterprise

May 7, 2020
Cy Khormaee

Head of Product reCAPTCHA

Globally, organizations across industries have been working to expand their online footprint to continue doing business. Whether it’s to help more workers safely do their job from home, to help customers interact with them more efficiently, or other reasons, this sudden shift has put a strain on IT teams, in particular. 

Cybercriminals are also taking advantage of current events to attempt and reframe malicious activities.

reCAPTCHA Enterprise—which we made generally available earlier this year as a service for Google Cloud—can help protect your website from fraudulent activity, spam, and abuse. Today we’ll discuss how it can detect some of the most common web-based attacks and reduce your end users’ and business’ exposure to risk. 

How it works

reCAPTCHA Enterprise is a frictionless fraud detection service that leverages our experience from more than a decade of defending the internet and data for our network of four million sites. It can be installed on any web page at the point of action—whether it’s login verification, on the purchase page, or at account creation—to help detect and prevent fraud. Meanwhile, legitimate users will be able to login, make purchases, view pages, and create accounts and fake users will be blocked.

At its core, reCAPTCHA Enterprise works by using advanced risk analysis strategies to tell humans and bots apart. It provides security teams with several features, including extra granular risk scores, reason codes for high-risk scores, and the ability to tune the risk analysis engine to your site’s specific needs. For example, any action can have a fraud risk score attached to it which can inform your team of suspicious activity.

Using the reCAPTCHA Enterprise adaptive risk analysis engine, your countermeasures will stop bots and other automated attacks while approving valid users. 

Let’s take a look at some of the attacks reCAPTCHA can help stop.  

Account Takeovers (ATOs) and Hijacking: This attack is when a bad actor uses a stolen or leaked credential to login and take over a legitimate user’s account. With the recent rise in credential losses, these attacks are rapidly rising to become the top threat. The correct password is no longer a sufficient form of authentication; it must be paired with a secondary layer of security.

Fraudulent Transactions: Fraudsters use fake or stolen credit cards to make purchases online, which can often result in a chargeback or involvement with law enforcement. This not only costs your business time and money, but it also provides an avenue for organized crime to use their credit card databases on your site. 

Scraping: Companies in a variety of industries, including ecommerce, travel, social media, and news, rely on proprietary content as their primary differentiation. Less reputable organizations will often employ bots to steal this content, either for republishing or to gather competitive intelligence.

Synthetic Accounts: All manner of fraud on marketplace, ecommerce, and social media sites starts with the creation of a synthetic account. This account can then be leveraged by fraudsters to commit a range of activities from abuse, to spreading misinformation, to creating false listings. 

To see reCAPTCHA Enterprise in action, watch our video below.

Video Thumbnail

To learn more about the different types of attacks reCAPTCHA can help prevent, visit our documentation. To get started with reCAPTCHA today, contact sales.

Posted in