reCAPTCHA

Protect against fraud and abuse with a modern fraud prevention platform

Uplevel your fraud protection capabilities with a frictionless solution that protects your website and mobile apps against the most sophisticated targeted and scaled attacks.

Features

Advanced bot detection and protection

reCAPTCHA leverages a sophisticated and adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps.

Protect against account takeovers and fraudulent users

reCAPTCHA safeguards online systems and applications by detecting and protecting against account takeovers, blocking credential stuffing attacks and bulk account creation, with zero user friction.

Frictionless user experience

Safeguards your website and mobile applications from abusive traffic without compromising the user experience. reCAPTCHA employs an invisible score-based detection mechanism to differentiate between legitimate users and bots or other malicious attacks.

Protect against fraudulent transactions

Provides a transaction risk score that helps identify and block fraudulent transactions. By merging Google-scale fraud intelligence with our expertise in payment risk and modeling, reCAPTCHA helps secure payment workflows at scale.

Support for any endpoint

Protects your organization from fraud and abuse when dealing with traffic coming from any endpoint. In addition to website security, reCAPTCHA provides native mobile SDKs for iOS and Android. For endpoints that cannot run web JavaScript or mobile SDKs, reCAPTCHA Express can support clients like smart devices and IoT devices.

Fraud intelligence at Google-scale

Provides global insights against fraud using threat intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against fraud. These insights power our detection models to help protect from fraudulent activity, spam, and abuse.

Coverage for the entire customer journey

Offers comprehensive protection for the entire customer journey, including user-generated content, registration, login, cart, and payment transactions. This integration across various user and payment flows leverages optimized AI/ML models to enhance security.


AI/ML-powered threat detection

Uses a powerful combination of artificial intelligence (AI), machine learning (ML), clustering, and neural networks to uncover the most sophisticated threats. Our AI/ML-driven threat detection is capable of identifying active attacks and uncovering the connections between adversaries and their operations.


Multi-factor authentication

Multi-factor authentication (MFA) with reCAPTCHA offers an enhanced level of security by introducing an additional authentication step for logins and other user flows. This approach helps organizations combat credential stuffing attacks and protect against account takeovers.

Password leak detection

Securely compares passwords against Google's database of over 4 billion leaked credentials from third-party breaches. If a match is found, you can take actions like warning the user, requiring a password change, and optionally triggering MFA. This helps mitigate account takeover risks from credential stuffing attacks, protecting both user privacy and your site's reputation.

Identify malicious accounts

Helps you detect groups of accounts exhibiting suspicious or related behavior. This information enables you to take proactive measures like disabling related accounts, restricting their actions, or implementing additional verification processes to mitigate the impact of malicious actors.

Integrate with your web application firewall (WAF)

Integrates with your existing WAF (web application firewall) to provide enhanced detection and protection at the network edge. This integration works with WAF providers like Google Cloud Armor, Fastly, and Cloudflare. By deploying reCAPTCHA as a service at the WAF layer, you can detect and block abusive traffic before it even reaches your web application's infrastructure.

Comprehensive web app and API protection (WAAP)

Google Cloud's web app and API protection (WAAP) solution combines reCAPTCHA Enterprise, Cloud Armor, and Apigee for powerful protection. reCAPTCHA Enterprise offers advanced bot detection and fraud protection, Cloud Armor acts as a web application firewall (WAF) to block attacks, and Apigee secures your APIs through management and analytics. Together, they provide a multi-layered defense against various web threats.

Adaptive risk-analysis engine

Analyzes a vast array of signals, including user behavior, device information, IP addresses, and historical interaction patterns to assess the risk level associated with a particular action on your site or mobile app. Organizations can fine-tune the risk analysis engine to your site’s specific needs.

Comprehensive dashboards

Offers a dashboard with insights and analytics to help you proactively manage bot and fraud risks. The dashboard provides visibility into key metrics like overall risk scores, attack trends, challenge success rates, and the effectiveness of your risk thresholds. It also includes tools for visualizing data over time, and drilling down into suspicious activity patterns.

Anomaly detection

Within the cloud-based console, you can identify traffic anomalies and leverage Platform Logs for further investigation. To gain insights into a specific incident, users can click a link that leads to a pre-filtered sample of all logs associated with that particular anomalous event.

How It Works

Try a quick demo of reCAPTCHA

See how reCAPTCHA seamlessly protects your website from bots, account takeovers, and fraudulent transactions. Explore our interactive demo. Get hands-on now.



Common Uses

Bot protection

Defend against automated attacks

Bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.

Top 10 use cases for reCAPTCHA Enterprise to defend against OWASP Web-Automated Attacks

    Defend against automated attacks

    Bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.

    Top 10 use cases for reCAPTCHA Enterprise to defend against OWASP Web-Automated Attacks

      Account protection

      Mitigate account takeovers

      Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.

      Google fraud prevention workflow

        Mitigate account takeovers

        Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.

        Google fraud prevention workflow

          Transaction protection

          Protect against fraudulent transactions

          Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.

          reCAPTCHA Enterprise fraud prevention components

            Protect against fraudulent transactions

            Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.

            reCAPTCHA Enterprise fraud prevention components

              Fake account protection

              Protect against fake account creation

              Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.

              How fake account creation works

                Protect against fake account creation

                Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.

                How fake account creation works

                  Pricing

                  reCAPTCHA PricingDiscover the solution that best meets your business requirements.
                  ItemreCAPTCHA EssentialsreCAPTCHA StandardreCAPTCHA Enterprise

                  Cost

                  Free up to 10,000 assessments per month*

                  $8 per month for up to 100,000 assessments per month, then $1 per 1,000 assessments

                  Free up to 10,000 assessments per month*, then $1 per 1,000 assessments

                  Term

                  None

                  Monthly

                  Monthly, yearly, or custom

                  Assessments per month

                  < 10,000


                  10,000 to 100,000


                  Unlimited


                  Multi-factor authentication

                  No

                  SMS and email

                  SMS and email

                  Password leak protection

                  No

                  Yes

                  Yes

                  Account defender

                  No

                  Yes

                  Yes

                  Payment fraud prevention

                  No

                  Yes

                  Yes

                  Mobile SDKs

                  No

                  Yes

                  Yes

                  Transaction protection

                  No

                  Yes

                  Yes

                  * The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.

                  For more features, please refer to the "Compare features between reCAPTCHA tiers" page.

                  reCAPTCHA Pricing

                  Discover the solution that best meets your business requirements.

                  Cost

                  reCAPTCHA Essentials

                  Free up to 10,000 assessments per month*

                  reCAPTCHA Standard

                  $8 per month for up to 100,000 assessments per month, then $1 per 1,000 assessments

                  reCAPTCHA Enterprise

                  Free up to 10,000 assessments per month*, then $1 per 1,000 assessments

                  Term

                  reCAPTCHA Essentials

                  None

                  reCAPTCHA Standard

                  Monthly

                  reCAPTCHA Enterprise

                  Monthly, yearly, or custom

                  Assessments per month

                  reCAPTCHA Essentials

                  < 10,000


                  reCAPTCHA Standard

                  10,000 to 100,000


                  reCAPTCHA Enterprise

                  Unlimited


                  Multi-factor authentication

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  SMS and email

                  reCAPTCHA Enterprise

                  SMS and email

                  Password leak protection

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  Yes

                  reCAPTCHA Enterprise

                  Yes

                  Account defender

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  Yes

                  reCAPTCHA Enterprise

                  Yes

                  Payment fraud prevention

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  Yes

                  reCAPTCHA Enterprise

                  Yes

                  Mobile SDKs

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  Yes

                  reCAPTCHA Enterprise

                  Yes

                  Transaction protection

                  reCAPTCHA Essentials

                  No

                  reCAPTCHA Standard

                  Yes

                  reCAPTCHA Enterprise

                  Yes

                  * The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.

                  For more features, please refer to the "Compare features between reCAPTCHA tiers" page.

                  Get Started for Free

                  Use reCAPTCHA Essentials for a simple, free solution to safeguard your website against spam and abuse.

                  Request a Live Demo

                  Discover how reCAPTCHA boosts your website's security with a personalized interactive demo.

                  Learn more about reCAPTCHA

                  Report: SANS reviewed reCAPTCHA Enterprise and evaluated its key features by deploying a sample site within a Google Cloud account and testing several common use cases.

                  Webinar: Experts from SANS and Google discuss the capabilities of reCAPTCHA Enterprise in detecting and responding to fraud through real-time user behavior analysis.

                  Webinar: Fraud-Proof Your Digital Channels with Google Cloud Fraud Protection Solutions

                  Webinar: Google Cloud reCAPTCHA Enterprise: Fraud Prevention without Friction

                  Webinar: Google Cloud reCAPTCHA Enterprise: Detect and Prevent Account Takeovers

                  Business Case

                  GoFundMe: Securing donations from fraud with reCAPTCHA Enterprise


                  gofundme logo

                  "Combining Google’s rich security expertise with GoFundMe’s focus on fraud prevention is already showing promising results as we strive to keep our platform the safest place to give online."

                  Matthew Murray, Director of Risk, GoFundMe

                  Learn how GoFundMe uses reCAPTCHA Enterprise to combat financial fraud, fake accounts, and fake campaigns, ultimately improving donor trust and ensuring that all donations go to those in need.

                  Watch the video

                  Featured benefits

                  Frictionless experience

                  Unlocking millions of dollars in additional funds with a frictionless experience.

                  Fraud intelligence

                  Incorporating Google-scale fraud intelligence signals in reCAPTCHA to inform internal ML models.


                  Transaction protection

                  Targeting fraudulent payments and mitigate them in real time, while allowing good payments to go through.

                  FAQ

                  What is reCAPTCHA?

                  reCAPTCHA is a modern fraud prevention platform that protects your website and mobile apps against bots, account takeovers, and fraudulent transactions. Powered by Google-scale fraud intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against fraud to protect any endpoint across the entire customer journey. And with custom AI models, we ensure organizations can protect against sophisticated threats with zero end user friction.

                  To get started with reCAPTCHA, create a free account. Subsequently, integrate a few lines of code into your website. Afterward, connect reCAPTCHA to your backend and design assessments. When users engage in actions like user verification or payment processes, reCAPTCHA will assess the user interaction and provide a score. Based on this score, you can determine appropriate actions for your website.

                  reCAPTCHA provides multiple methods to verify that a user is human, including invisible verification, risk-based scoring, and visual challenges. Since 2020, reCAPTCHA primarily works in the background, continuously analyzing user behavior and assigning a risk score. Organizations can then take actions based on the risk score.

                  Yes, you can integrate reCAPTCHA with various other fraud prevention tools. reCAPTCHA is designed to work alongside existing fraud protection solutions, and by adding reCAPTCHA to your website or mobile app, you gain an additional layer of security that is powered by Google-scale fraud intelligence.

                  Yes, reCAPTCHA is available for mobile apps through our easy-to-integrate SDKs. The reCAPTCHA mobile SDKs enable you to protect your iOS and Android apps from fraudulent activity, spam, and abuse. By adding a few lines of code, you can use reCAPTCHA to verify user responses and prevent automated tools from accessing your app.

                  reCAPTCHA protects against bots, website scraping, account takeovers, fake accounts, credential stuffing, payment fraud, card testing, chargebacks, stolen instruments, and gift card testing.

                  Learn how reCAPTCHA can protect your website
                  Google Cloud
                  • ‪English‬
                  • ‪Deutsch‬
                  • ‪Español‬
                  • ‪Español (Latinoamérica)‬
                  • ‪Français‬
                  • ‪Indonesia‬
                  • ‪Italiano‬
                  • ‪Português (Brasil)‬
                  • ‪简体中文‬
                  • ‪繁體中文‬
                  • ‪日本語‬
                  • ‪한국어‬
                  Console
                  Google Cloud