Jump to Content
Partners

reCAPTCHA Enterprise and Descope combine no-code authentication and fraud prevention

November 1, 2023
Josue (Sway) Fontanez

Outbound Product Manager

Rishi Bhargava

Co-founder, Descope

For more than a decade, reCAPTCHA has been protecting organizations from fraud, spam, and abuse. Using an advanced and adaptive risk analysis engine, reCAPTCHA Enterprise prevents automated software from engaging in abusive activities such as credential stuffing, account takeover (ATO) and automated account creation.

Organizations conducting business through online channels are constantly under attack from bots and ATOs. In 2022, the global cost of ATOs was estimated to be more than $20 billion, and some reports estimate that bot attacks account for 30% of all web traffic.

By looking at activities across different pages on a website, reCAPTCHA Enterprise can defend against fraud from pageview to login to the final payment. reCAPTCHA Enterprise helps identify and block attacks in your account creation and user workflows, no matter if they were carried out manually by humans or automated at scale.

Today, we are extending our fraud prevention capabilities by integrating with Descope, a comprehensive platform that allows developers to add authentication and user management capabilities to their consumer and business apps. Together, reCAPTCHA Enterprise and Descope combine to enable secure authentication with powerful anti-fraud prevention for any app.

Google reCAPTCHA Enterprise and Descope

reCAPTCHA Enterprise employs advanced machine learning algorithms to analyze user behavior and assess risk levels in real time. It works behind the scenes without any user friction to provide a score ranging from 0.0 to 1.0 that will assess the level of risk that the user interaction poses. By means of a newly released connector framework, Descope customers can now easily integrate reCAPTCHA Enterprise into an authentication flow to help analyze user behavior and prevent fraud and attacks perpetrated by scripts, bot software, or even humans.

reCAPTCHA Enterprise scores can be used to easily create custom Descope flows, such as allow, reject, require multi-factor authentication, or other options configured in the Descope interface. This capability brings the power of reCAPTCHA’s advanced detection techniques and risk analysis engine to Descope customers that want to protect their website or mobile app from bots and abuse. By integrating through the connector framework, customers can add reCAPTCHA to their site with minimal coding or configuration changes.

“Descope Connectors help developers weave data and actions from external platforms into their authentication flows, enabling them to better secure and manage their users’ identities,” said Rishi Bhargava, co-founder of Descope. “Our connector with Google reCAPTCHA Enterprise helps joint customers enrich their authentication process with deep behavioral data and risk intelligence from reCAPTCHA Enterprise. User risk levels could be used to transition into branching user paths during signup or login — for example, starting an MFA flow for high-risk logins — or any other custom app logic.”

https://storage.googleapis.com/gweb-cloudblog-publish/images/Descope_and_reCAPTCHA_image.max-2200x2200.png

Screenshot of a Descope Flow with Google reCAPTCHA Enterprise actions. This flow blocks high-risk users at login while leading legitimate users to an MFA path.

More subtle forms of account abuse can be detected by observing a specific user's behavior over a period of time. reCAPTCHA Enterprise account defender helps in identifying these kinds of subtle abuse by creating site-specific models for websites to detect a trend of suspicious behavior or a change in activity.

A reCAPTCHA assessment will provide Descope a risk verdict that can be used to make a decision about how to handle potential fraudulent activities. This includes blocking login for suspicious requests, challenging risky logins, investigating accounts of interest by viewing granular audit trails, and removing friction for legitimate users.

https://storage.googleapis.com/gweb-cloudblog-publish/images/recaptcha_image.max-700x700.png

By integrating reCAPTCHA’s account defender assessments into Descope’s authentication flows, organizations can identify and restrict suspicious activities linked to a potential account takeover or fake account while granting access only to the requests coming from legitimate user accounts.

Take the next step

Having to manage authentication and identity management while also protecting against fraud, spam and abuse is a significant challenge for many organizations. That’s why the combination of reCAPTCHA Enterprise and Descope provides organizations a comprehensive solution to build secure, frictionless authentication for any application, with a powerful fraud detection platform that helps prevent bot attacks, spam, and abusive client activity.

To learn more, read about the connector and check out the demo.

Posted in