Balancing user experience with bot security is easier said than done. Add too many security checkpoints (login forms, CAPTCHAs, MFA) and your users may get frustrated and leave your site. Don't add enough and bots will roam your site as freely as your human users (if not more).
It's a fine line between securing your site against bad bots and enabling a fast, enjoyable user experience. Read on to learn how strike the balance.
CAPTCHAs: An Unnecessary Evil
As a website decision maker, you know that bad bots are constantly launching credential stuffing, carding and account takeover attacks against your site and your users. So, you might decide to add verification challenges, such as a CAPTCHA, to weed out bots.
The thing is, that’s not how your customers view it. Users don't look at CAPTCHAs as necessary safeguards against bot attacks. From their perspective, CAPTCHAs are just annoying popups that get in the way of what they're trying to do. Watch this monologue by comedian John Mulaney if you don’t believe me. CAPTCHAs disrupt the user journey and contribute to a negative experience — and, in the words of Mulaney, make your users want to “walk into the ocean.” Probably not the reaction you were hoping for!
It’d be one thing if CAPTCHAs worked, but nowadays, their effectiveness is often called into question. CAPTCHA-solving bots and farms have become more widespread in recent years, making it pretty easy for bots to overcome the CAPTCHA barrier. Efforts to make CAPTCHAs stronger have only frustrated human users. In fact, data shows that CAPTCHAs drive cart abandonment and reduce conversion rates.
Human Challenge Offers a Better User Experience
Enter Human Challenge, a new user-friendly verification tool. Human Challenge is a simple ‘no hassle’ single-step challenge, such as “press and hold” that is very easy and fast to solve for human users, but effectively protects from CAPTCHA-solving bots.
Data shows that Human Challenge is solved 4-6 times faster by human users than Google reCAPTCHA, and the abandonment rate is 3 to 5 times lower. This is a significant difference for the user experience, which makes a real impact on conversion rates.
In addition to blocking bots in real time, Human Challenge collects in-depth data about the user. This information is passed to HUMAN's machine learning detection system, improving its accuracy in mitigating the most sophisticated CAPTCHA-solving bots.
As one leading e-commerce brand said, “It is amazing to see user sessions flowing so smoothly. It is almost as good as no user interruption or challenges. Truly a game changer for our web and mobile applications.”
Human Challenge is Part of HUMAN Bot Defender
HUMAN Bot Defender detects and mitigates malicious bots in real-time, mostly behind the scenes. This minimizes user interruption and preserves the intended website experience.
With Bot Defender, less than one in 10,000 blocked sessions is from a real user. However, there are still rare cases where human behavior can get tagged as suspicious or undetermined. For example some users who are familiar with their favorite sites may navigate directly to certain pages unlike most users and get scored as bots. In such cases, Bot Defender offers flexibility for customers interested in more aggressive mitigation.
Instead of just blocking real users that are scored as bots, the system serves a verification challenge to make sure that this is indeed a bot. This is where Human Challenge can significantly reduce user friction. Human Challenge is only served to users that are flagged as bots, meaning only 0.01% of human users will ever see it. The rare human users “clear” themselves with ease, while bots fail again and again in solving the challenge until they give up.
Wouldn't It Be Better to Reduce Bot Defender's False-positive Rate to Zero?
Not necessarily. Even the most sophisticated system cannot be right every time because cybercriminals keep evolving. Having a verification challenge is an important piece of defense-in-depth to ensure nothing falls through the cracks. Furthermore, challenges are important for the following reasons:
- It’s extremely important for a learning system to have a feedback loop to constantly learn and improve the accuracy of detection.
- By having another interaction with the user on the challenge page, the system collects additional data about the user behavior and how it interacts with this page, which enhances the detection capabilities for this user, and other similar users will get the benefit of this learning.
Human Challenge Quick Facts
Interested in Human Challenge? Here are some quick facts. Please contact us to learn more!
- Human Challenge is offered as part of HUMAN Bot Defender and is available for Bot Defender customers.
- The difficulty level of the challenge and the type of challenge is adjustable based on customer needs and will evolve to keep pace with the sophistication of CAPTCHA-solving bots.
- The HUMAN team monitors user experience by measuring the average time it takes a human user to solve the challenge, and verifies that the challenge-solve time reduces. In cooperation with the customer, the team also monitors conversion rate changes.
According to Gartner, there is a strong correlation between fraud management and revenue growth. Customers will stop visiting an online shop if it forces them to jump through too many security hoops, which negatively impacts conversions and revenue. It’s important to keep the friction you add commensurate with the value and risk of the transaction. Human Challenge is here to help you strike that balance.