The Impact of a CAPTCHA on Your User Experience
On average, it takes a human user 20 seconds to solve a reCAPTCHA.
Your customers might give you 3.
Waiting for a page to load can make seconds feel like minutes, especially for a motivated customer who wants to log in, check out, or access important information on your platform. That’s why most online retail and travel site users say they will wait no longer than three seconds for a page to load (a high bar for your user experience).
Users’ impatience increases when they are presented with a tedious challenge. Your now-frustrated customer tries and sometimes fails to solve a reCAPTCHA that is supposed to know the difference between human and robot. Meanwhile, bots use simple hacks like CAPTCHA farms to breeze through your reCAPTCHA to your site.
The problem with traditional bot “challenges” such as Google’s reCAPTCHA is twofold:
- They are not optimized for the user experience (UX).
- They are not great at detecting bots.
In fact, according to our aggregate customer data ↓
50% of “users” that pass tests like reCAPTCHA are actually bots!
With users’ expectations heightening, data privacy regulations tightening, and bots consistently breaking through reCAPTCHA, it’s time for an adaptive solution that works. A secure and user-friendly CAPTCHA can help protect your business performance, brand reputation, and customer relationships.
Here’s what to look for in a comprehensive next-gen bot challenge:
- Quick and Easy for Humans to Solve
- Extremely Tough for Bots to Bypass
- Uses Data for Security Purposes Only
- Localized Data Processing and Storage
- Compliant With Data Privacy Laws Around the Globe
For a truly optimized UX, your CAPTCHA solution must be purpose-built to balance thorough, adaptive security with speedy, frictionless processing, high accessibility, and data privacy compliance.
Quick and Easy for Humans to Solve
A user-friendly CAPTCHA should be quick to load and easy to solve (for humans). A key differentiator of any technology optimized for UX is the consideration that humans, unlike bots, are both impatient and unique. Here are some examples of how a user-friendly CAPTCHA accommodates humans with speed, simplicity, and accessibility:
- Speed: A UX optimized solution will be fast. For example, DataDome CAPTCHA takes only 0.9 seconds to load on average (versus 1.8 and 2.1 seconds for GeeTest and reCAPTCHA, respectively), and 2.2 seconds for humans to solve (versus reCAPTCHA’s 20-second solve time).
- Simplicity: Speed to solve (for humans) is a good indicator of a challenge’s simplicity. DataDome CAPTCHA is easy for humans to solve due to its simple design—an image with a displaced puzzle piece and a simple slider that users drag and drop to complete the puzzle.
The drag and drop motion is easy for most humans, but not for bots.
The new DataDome CAPTCHA is superb. It renders much faster and interactions with it are more responsive than our previous third-party CAPTCHA. Bots can’t solve it, and humans can with minimal hassle. It’s just what a CAPTCHA should be.
Matthew Niehues, Product Engineer, Fidelity Solutions
- Accessibility: Today’s internet users consider accessibility to be table stakes for a solid UX. To maximize accessibility for the visually impaired, CAPTCHAs should include audio options in various languages. DataDome’s audio CAPTCHA is available in 13 languages (versus GeeTest’s 7 languages and reCAPTCHA’s 8), and has been approved by the Valentin Haüy association (a strong advocate of accessibility for the visually impaired) as “very well designed for the visually impaired.”
Extremely Tough for Bots to Bypass
To be exceptional at detecting—even the most advanced—bots, your online fraud protection requires a few things:
- A feedback loop that quickly captures & processes many varied signals, for security purposes only.
- The ability to apply new information in real time at scale to refine detection accuracy.
- 360° threat detection that guards every endpoint (login, check out, etc.) across mobile apps, websites, & APIs.
The only way to scale security across every endpoint of mobile apps, APIs, and websites around the world is by creating a constant, real-time feedback loop to identify and quarantine automated attacks. The application of real-time feedback at scale is best achieved through AI and machine learning (ML).
Effective machine learning models require ongoing testing and maintenance, which takes dedicated resources and human supervision. That’s why bot and online fraud detection technology works best when built by a focused cybersecurity company like DataDome.
With DataDome, we benefit from the collective intelligence accumulated on all the sites protected by the technology, and this delivers great value in terms of guaranteed security.
Francis Nappez, CTO of BlaBlaCar
DataDome ensures 100% of requests at every endpoint in your user journey are protected. Carefully monitored ML detection models process 1 trillion signals a day to allow DataDome to detect bots with industry-beating accuracy.
Doesn’t it just make sense for the same cybersecurity experts promising to protect 99.99% of your human users without challenging them to also provide you (and your users) with a better CAPTCHA?
Uses Data for Security Purposes Only
One way a strong solution will prioritize the end user is by respecting their privacy. That means data is collected for security purposes only, not shared with any third parties, and kept for an appropriate retention period.
To be compliant with standard data privacy regulations (explored further below), any technology that collects customer’s personal data for reasons other than security (e.g. CNIL vs. reCAPTCHA) must ensure the end-user is informed and given the chance to opt out.
A solution that collects minimal personal data from users and does not use it for any reason other than security does not need to add the extra opt-out step in order to be compliant.
A diligent CAPTCHA provider will also ensure you get a feedback loop beyond just a pass/fail signal. That way, you can examine your traffic and threats to further optimize your security.
Stay on top of the latest threats.
Subscribe to DataDome’s threat research newsletter to stay ahead of hackers.
We respect your privacy—no spam.
Localized Data Processing and Storage
Another factor that impacts both data privacy and user experience is your solution’s ability to process data locally at the edge (fast) and to avoid any third-party handling of data (private). For example, DataDome’s 25+ low-latency points of presence around the globe empower our solution to respond rapidly to 100% of requests.
Compliant With Global Local Data Privacy Laws
Enhancing security must not come as a trade-off to users’ data privacy, nor should it sacrifice the user experience or your business performance.
At DataDome, we take users’ privacy very seriously. Our solution and our CAPTCHA are compliant with local data privacy laws in North America, EMEA, APAC, South America, and Africa.
DataDome has raised the standards for data privacy in cybersecurity. We do not collect personally identifiable information (PII), such as name, email address, credentials, phone number, International Mobile Equipment Identity (IMEI) number, payment details, etc.
The (non-PII) data we do collect (specified here) is solely used for detection and security purposes, is not shared with any third party, and is stored using high-performing security standards. Our default data retention period of 30 days can be easily decreased by customers through their dashboard.
The CAPTCHA That Balances User Experience, Data Privacy Compliance, and Security
In an industry where users and customers admit to losing patience after three seconds, you don’t have time to waste with a slow or tedious CAPTCHA. In a world where data privacy is a hot-button issue, your brand reputation can’t withstand being tarnished by noncompliance.
In a cyberscape where advanced bots adapt every day to execute online fraud and other malicious activities, your business can’t afford to let 50% of attackers slip through the cracks in your online ecosystem. Thus, we created DataDome CAPTCHA, the only CAPTCHA optimized for all three:
- User Experience
- Data Privacy Compliance
- Security
Support your best user experience with a CAPTCHA 10x faster to complete for humans than reCAPTCHA. To see it for yourself, clock below to schedule a live demo/tour.
Book your early access tour of DataDome CAPTCHA.
*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by DataDome. Read the original post at: https://datadome.co/bot-management-protection/impact-of-captcha-on-user-experience/