Posted by Evina on

Google reCAPTCHA is a double jeopardy for end-users: 

  1. It exposes end-users to fraud
  2. It prevents them to purchase what they want

Google reCaptcha is the CAPTCHA solution proposed by Google, we have all already suffered from it before: 

Today, Google created a third version and it doesn’t work better. 
1- Google reCAPTCHA exposes end-users to fraud
Since 2012, hacking Google reCAPTCHA became a national sport: 

On the dark web, fraudsters resell kits to bypass Google reCAPTCHA industrially. On the web, it costs 1,5$ per 1000 Google reCAPTCHA hacked:

Abdelaziz Khaled, Analyst Security at EVINA: “These tools are easy to download and set up. We find them everywhere. When we reverse-engineer a malware, like we did with MOBOK Malware, it involves a part of coding dedicated to bypass a Google reCAPTCHA” (picture below).

2- It prevents customers to purchase what they want
Indeed, Google reCAPTCHA v3 generates false positives.
Wesley Hendriks, Head of Data Team at Sam Media: “Internally we have tested Google reCAPTCHA v3 and compared the results towards other anti-fraud solutions. Where we noticed that around 50% of legit traffic according to other anti-fraud solution where got the lowest scores ’10’ or ‘30’ from Google reCAPTCHA V3.”
The product being free, Google offers a very low support or understanding of the data collected. In fact, Google doesn’t get its hands dirty and provides you with a score between 0.0 and 1.0 for you to determine which transaction to block. Support and analysis are key to fight fraud the right way.
Fabienne Huygens, Product Owner at “When it comes to anti-fraud solution, support is essential. Evina team is proactive and supports our teams on a daily basis to fight against fraud.”
Franck Semanne, Head of Carrier Billing at Bouygues Telecom: “In terms of anti-fraud solution, we can’t rely on an average scoring letting us decide what we consider as fraud. An anti-fraud solution must detects and defines precisely a fraudulent attempt and this is what we appreciate with Evina.”
Our teams are at your disposal to provide you with effective solutions to combat fraud and to make your partners understand that using Google reCAPTCHA as an anti-fraud solution is a very bad idea.

You should also read


Pre-installed malware have managed to bypass Google’s security PARIS, FRANCE - Malicious traffic sources have managed to bypass Google’s...

Read more