Google reCaptcha Enterprise: Bot Protection(Application &User safety)

Fraudulent web activities cost businesses billions of dollars each year Or it might lead to performance issue users or make them pay huge fines to Compliance authority .

Bad bots are the main source of Fraudulent web activities and are increasing day by day.

Types of bot attack

Simple — Connecting from a single, ISP-assigned IP address, this bot connects to sites using automated scripts, not browsers, and masquerades — doesn’t self-report — as a browser. Moderate — This more complex bot uses “headless browser” software that simulates browser technology, including the ability to execute JavaScript.

Advanced — Producing mouse movements and clicks that fool even sophisticated detection methods, these bots mimic human behavior and are the most evasive. They use browser automation software, or malware installed within real browsers, to connect to sites.

Evasive — These are a grouping of both moderate and advanced bad bots. They tend to cycle through random IP addresses, enter through anonymous proxies and peer-to-peer networks, and can change their user agents.

Industry specific data

Bad attack example

Industry Specific Risk

Problem solver at scale: Google reCAPTCHA Enterprise

It takes care of your customer and their customer security at the edge and with minimal effort required.

Evolution of recaptcha

Feature supported by reCAPTCHA enterprise

How reCAPTCHA Enterprise works

When reCAPTCHA Enterprise is deployed in your environment, it interacts with the customer backend/server and customer web pages.

When an end user visits the web page, the following events are triggered in a sequence:

1. The browser loads the customer web page stored on the backend/web server, and then loads the reCAPTCHA JavaScript from reCAPTCHA Enterprise.
2. When the end user triggers an HTML action protected by reCAPTCHA such as login, the web page sends signals that are collected in the browser to reCAPTCHA Enterprise for analysis.
3. reCAPTCHA Enterprise sends an encrypted reCAPTCHA token to the web page for later use.
4. The web page sends the encrypted reCAPTCHA token to the backend/web server for assessment.
5. The backend/web server sends the create assessment (assessments.create) request and the encrypted reCAPTCHA token to reCAPTCHA Enterprise.
6. After assessing, reCAPTCHA Enterprise returns a score (from 0.0 through 1.0) and reason code (based on the interactions) to the backend/web server.
7. Depending on the score, you (developer) can determine the next steps to take action on the user.

Account Defender

Password Leak Detection

Payment Defender

Carding — prevent multiple payment authorization attempts used to verify stolen payment information

Card Cracking — use of checkout to identify missing dates and codes for stolen payment cards

Cashing Out — buying goods with a stolen payment card or user account

Denial of Inventory — depletion of goods/services stock without transaction completion

Scalping — Obtain limited goods by unfair methods

Coupon Fraud — mass enumeration of numbers/codes to discover valid coupons

Things we should look for cashing out:

• Increased chargeback
• Increased demand of high value goods or services
• Increased demand of single supplier and goods

By deploying reCAPTCHA in checkout and payments enterprises can gain unique insights into the legitimacy of traffic on those pages. reCAPTCHA Enterprise returns a score based on interactions with your websites, with 1.0 being a likely good interaction and 0.0 being a likely abusive action. This way you know if your site is a target for cashing out and can stop bots and other automated attacks while approving valid users for payment.

Leverage the Annotation API to train and customize a site-specific model of fraud for your business by sending fraud/chargeback data directly to reCAPTCHA. Details

Google cloud WAF & DDoS integration with recaptcha

The reCAPTCHA Enterprise for WAF and Google Cloud Armor integration provides bot detection at the WAF layer to detect, stop, or manage automated activity accessing your websites or services. Details

Following events take place:

1. A user accesses your web site.
2. Google Cloud Armor redirects the traffic based on your configured security policy rules.
3. reCAPTCHA Enterprise for WAF attaches an exemption cookie to the browser of the user who passes the reCAPTCHA assessment.
4. Google Cloud Armor allows access to requests that have valid exemption cookies.