Who does CAPTCHA discourage: spammers or customers?

Mar 24, 2015





Jimmy Fallon and his viewers like poking fun at CAPTCHA — those squiggly letters and numbers used to verify that a user is human and not a bot. In a periodic Tonight Show segment in which viewers send in screen shots of unintentionally funny editorial or word juxtaposition, there is always at least one CAPTCHA shot included, even if they are a little difficult to read.

While a chance for your name to be read on national television could be a reason to pay extra attention to the CAPTCHA codes on e-commerce and other websites, a growing number of users have grown frustrated with them. In fact, a recent study by Distil Network found that while businesses turn to CAPTCHA as a way to discourage potential spammers, those businesses are actually discouraging potential customers from using their sites.

Admittedly, the numbers aren’t huge: 12 percent of potential customers leave the site rather than deal with CAPTCHA. However, that number increases significantly — 27 percent — when users are on a mobile device. With more consumers using smartphones and tablets to conduct all types of transactions, from playing online games to making purchases, businesses risk losing more than a quarter of potential business by using CAPTCHA.

“People are busy and move fast. There are so many things vying for our time and we tend to choose the path of least resistance. A path without friction. A CAPTCHA is one extra step (a frustrating one at that) in completing an online task,” explained Elias Terman, VP Marketing at Distil.

Terman said that when users are completing that online task, they do a three-second cost-benefit analysis. “There’s the explicit time we could spend on the CAPTCHA, the opportunity cost of what we could be doing, and the frustration we expect to encounter in getting it wrong. Depending on what’s on the other side, we may still do it, but you’re going to lose some folks because you raised the bar too high.”

This frustration is greater on a mobile device because the type is smaller and even more difficult to read. Also, it is simply harder to type on those devices. Users seem to be much less patient when using a mobile device over a desktop anyway, and if there are any barriers in their way to a smooth transaction, they’ll quickly log off.

“Websites are the storefronts of the 21st century. Would you shop more or less at a store if you knew you had to enter a code to get into the front door or wait in line to check out?” Terman stated. “CAPTCHAs are essentially doing just that for your online business.”

It’s questionable that CAPTCHA is even doing the job it is supposed to do — prevent bots from spamming. Google, for example, has reported that today’s technology is able to bypass CAPTCHA all together. Just this month, Kaspersky claimed to find the first malware that can trick its way past CAPTCHA’s gates.

“There is a need to distinguish between bots and actual human traffic, but that shouldn’t come at the cost of website conversions”, Rami Essaid, CEO and Co-founder of Distil Networks told Yahoo, adding that the CAPTCHA technology is outdated and this also hurts business.

There is still a need to have some system in place that can verify that a customer is human, but it should be an easy-to-use, seamless transaction process that translates on both desktops and mobile devices. Terman said this can be done in a couple of ways. First, responsive web design can help users navigate through a website in a way that is optimized for their screen size. Second, an advanced bot detection and mitigation solution can serve hardened CAPTCHAs to users it suspects of being a bot. That way, Terman added, you’re only serving CAPTCHAs to less than one percent of your site visitors.

No business wants to be spammed, but no business wants to lose customers because of a frustrating and an increasingly ineffective technology. The time may have come for businesses to decide which is the bigger issue when it comes to their websites: would they rather risk discouraging potential spammers or discouraging potential customers?

Post by Sue Poremba

Sue Poremba is a security and technology writer based in central Pennsylvania.