reCAPTCHA bot protection and online fraud prevention

Protect against fraud and abuse with modern bot protection and fraud prevention platform

Uplevel your online fraud protection capabilities with a frictionless cybersecurity solution that protects your website and mobile apps against the most sophisticated targeted and scaled attacks.

Request a demo to protect your website from fraud and abuse.

Features

Advanced bot and online fraud detection

reCAPTCHA leverages a sophisticated and adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps.

Protect against online account takeovers and fraudulent users

reCAPTCHA safeguards online systems and applications by detecting and protecting against account takeovers, blocking credential stuffing attacks and fake account creation, with zero user friction.

Bot mitigation with frictionless user experience

Safeguards your website and mobile applications from abusive traffic without compromising the user experience. reCAPTCHA employs an invisible score-based detection mechanism to differentiate between legitimate users and bots or other malicious attacks.

Online scam protection against SMS toll fraud attacks

Utilizing Google-scale fraud intelligence, reCAPTCHA’s adaptable risk analysis engine assigns a risk score to each phone number, helping organizations to identify those at risk of involvement in SMS toll fraud attacks. This enables organizations to take proactive measures by blocking suspicious SMS messages before they are sent, resulting in significant cost savings.

Protect against fraudulent transactions

Provides a transaction risk score that helps identify and block fraudulent transactions. By merging Google-scale fraud intelligence with our expertise in payment risk and modeling, reCAPTCHA helps secure payment workflows at scale.

Support for any endpoint

Protects your organization from fraud and abuse when dealing with traffic coming from any endpoint. In addition to website security, reCAPTCHA provides native mobile SDKs for iOS and Android. For endpoints that cannot run web JavaScript or mobile SDKs, reCAPTCHA Express can support clients like smart devices and IoT devices.

Online fraud management at Google-scale

Providing global insights against fraud using threat intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against fraud. These insights power our detection models to help protect from fraudulent activity, spam, and abuse.

Website bot protection coverage for the entire customer journey

Offers comprehensive protection for the entire customer journey, including user-generated content, registration, login, cart, and payment transactions. This integration across various user and payment flows leverages optimized AI/ML models to enhance security.


AI/ML-powered threat detection

Uses a powerful combination of artificial intelligence (AI), machine learning (ML), clustering, and neural networks to uncover the most sophisticated threats. Our AI/ML-driven threat detection is capable of identifying active attacks and uncovering the connections between adversaries and their operations.

Multi-factor authentication

Multi-factor authentication (MFA) with reCAPTCHA offers an enhanced level of security by introducing an additional authentication step for logins and other user flows. This approach helps organizations combat credential stuffing attacks and protect against account takeovers.

Password leak detection

Securely compares passwords against Google's database of over four billion leaked credentials from third-party breaches. If a match is found, you can take actions like warning the user, requiring a password change, and optionally triggering MFA. This helps mitigate account takeover risks from credential stuffing attacks, protecting both user privacy and your site's reputation.

Identify malicious fraudulent accounts

Helps you detect groups of accounts exhibiting suspicious or related behavior. This information enables you to take proactive measures like disabling related accounts, restricting their actions, or implementing additional verification processes to mitigate the impact of malicious actors.

Integrate with your web application firewall (WAF)

Integrates with your existing WAF (web application firewall) to provide enhanced detection and protection at the network edge. This integration works with WAF providers like Google Cloud Armor, Fastly, and Cloudflare. By deploying reCAPTCHA as a service at the WAF layer, you can detect and block abusive traffic before it even reaches your web application's infrastructure.

Comprehensive web app and API protection (WAAP)

Google Cloud's web app and API protection (WAAP) solution combines reCAPTCHA Enterprise, Cloud Armor, and Apigee for powerful protection. reCAPTCHA Enterprise offers advanced bot detection and fraud protection, Cloud Armor acts as a web application firewall (WAF) to block attacks, and Apigee secures your APIs through management and analytics. Together, they provide a multi-layered defense against various web threats.

Adaptive risk-analysis engine

Analyzes a vast array of signals, including user behavior, device information, IP addresses, and historical interaction patterns to assess the risk level associated with a particular action on your site or mobile app. Organizations can fine-tune the risk analysis engine to your site’s specific needs.

Comprehensive risk dashboards

Offers a dashboard with insights and analytics to help you proactively manage bot and fraud risks. The dashboard provides visibility into key metrics like overall risk scores, attack trends, challenge success rates, and the effectiveness of your risk thresholds. It also includes tools for visualizing data over time, and drilling down into suspicious activity patterns.

Cyber monitoring anomaly detection

Within the cloud-based console, you can identify traffic anomalies and leverage platform logs for further investigation. To gain insights into a specific incident, users can click a link that leads to a pre-filtered sample of all logs associated with that particular anomalous event.

Privacy preserving out of the box

reCAPTCHA secures data with client-side storage, anonymization, and privacy technologies. Data gathered is used only for reCAPTCHA's operation and security, not for personalized advertising by Google. See reCAPTCHA Terms of Service for more information.

How It Works

reCAPTCHA is a powerful bot blocker that protects websites from spam, abuse, and fraud. It works by analyzing user behavior and other factors to determine if an action is being performed by a human or a bot. If suspicious activity is detected, reCAPTCHA may take action to prevent unauthorized access, such as presenting a challenge or blocking the interaction altogether. This helps ensure websites stay protected while minimizing interruptions for legitimate users.

Here are three key capabilities:

  • Adaptive risk assessment: analyzes various factors to assess the risk of a user being a bot and adjusts its response accordingly
  • Advanced bot detection: employs sophisticated techniques to distinguish humans from bots, ensuring accurate identification
  • Continuous learning: utilizes machine learning to constantly improve its bot detection accuracy and adapt to new threats

Common Uses

Cybersecurity bot protection

Defend against automated cyber attacks

Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.

Download now
Top 10 use cases for reCAPTCHA Enterprise to defend against OWASP Web-Automated Attacks

    Defend against automated cyber attacks

    Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt customer experience, skew data, and damage brand reputation. reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA, businesses can gain proactive protection against malicious bots, ensuring a more secure and trustworthy online environment for their users.

    Download now
    Top 10 use cases for reCAPTCHA Enterprise to defend against OWASP Web-Automated Attacks

      Account protection

      Mitigate account takeovers

      Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.

      Download now
      Google fraud prevention workflow

        Mitigate account takeovers

        Account takeover (ATO) attacks are a rising security concern, leading to data breaches, fraudulent transactions, and damage to customer trust. reCAPTCHA helps protect against ATOs by offering a multi-pronged approach. Its risk analysis engine detects suspicious login attempts, while features like Password Leak Detection and the Related Accounts API help identify accounts with compromised credentials or linked to known fraud rings. reCAPTCHA allows for customizable actions based on risk scores, enabling businesses to block fraudulent logins, require additional verification, and proactively protect user accounts.

        Download now
        Google fraud prevention workflow

          Fake account protection

          Protect against fake account creation

          Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.

          How fake account creation works

            Protect against fake account creation

            Fake accounts are a major problem for online platforms, enabling spam, abuse, fraud, and the spread of misinformation. reCAPTCHA leverages Google-scale fraud intelligence to pinpoint suspicious behavior patterns associated with bot-driven registration. Using these signals, organizations can deter automated sign-ups while maintaining a smooth experience for genuine users. By implementing reCAPTCHA, businesses can reduce the number of fake accounts, protect legitimate users, and maintain the integrity of their platform.

            How fake account creation works

              SMS toll fraud protection

              Protect against SMS pumping attacks

              SMS toll fraud, also known as SMS pumping, is a cybercrime where attackers use bots to trigger mass SMS messages to premium-rate numbers, which leads to fraudulent charges for unsuspecting platforms utilizing SMS for 2FA. Fraudsters profit from the revenue share they receive from the telecom providers. Using Google-scale fraud intelligence, reCAPTCHA SMS Toll Fraud protection can maintain the integrity of SMS-based verification processes and safeguard financial security.

              SMS Toll Fraud results for SMS pumping

                Protect against SMS pumping attacks

                SMS toll fraud, also known as SMS pumping, is a cybercrime where attackers use bots to trigger mass SMS messages to premium-rate numbers, which leads to fraudulent charges for unsuspecting platforms utilizing SMS for 2FA. Fraudsters profit from the revenue share they receive from the telecom providers. Using Google-scale fraud intelligence, reCAPTCHA SMS Toll Fraud protection can maintain the integrity of SMS-based verification processes and safeguard financial security.

                SMS Toll Fraud results for SMS pumping

                  Transaction protection

                  Protect against fraudulent transactions

                  Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.

                  reCAPTCHA Enterprise fraud prevention components

                    Protect against fraudulent transactions

                    Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses and damages customer trust. reCAPTCHA analyzes transaction behavior and signals to identify fraudulent patterns, minimizing friction for good customers and helping businesses mitigate risks like payment disputes and chargebacks. By integrating reCAPTCHA, businesses can proactively protect themselves against payment fraud and enhance the security of their online transactions.

                    reCAPTCHA Enterprise fraud prevention components

                      Pricing

                      reCAPTCHA PricingPricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.*
                      ItemreCAPTCHA EssentialsreCAPTCHA StandardreCAPTCHA Enterprise

                      Cost per month

                      Free up to 10,000 assessments


                      Free up to 10,000 assessments

                      $8 for up to 100,000 assessments

                      Free up to 10,000 assessments

                      $8 for up to 100,000 assessments

                      then $1 per 1,000 assessments

                      Term

                      None

                      Monthly

                      Monthly, yearly, or custom

                      Assessments per month

                      < 10,000


                      10,000 to 100,000


                      Unlimited


                      Multi-factor authentication

                      No

                      BYO SMS and email


                      BYO SMS and email


                      Password leak protection

                      No

                      Yes

                      Yes

                      Account defender

                      No

                      Yes

                      Yes

                      SMS toll fraud protection

                      No

                      Yes

                      Yes

                      Payment fraud prevention

                      No

                      Yes


                      Yes

                      Mobile SDKs

                      No

                      Yes

                      Yes

                      * Learn how reCAPTCHA billing works.

                      The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.

                      Requires an extra assessment.

                      reCAPTCHA Pricing

                      Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.*

                      Cost per month

                      reCAPTCHA Essentials

                      Free up to 10,000 assessments


                      reCAPTCHA Standard

                      Free up to 10,000 assessments

                      $8 for up to 100,000 assessments

                      reCAPTCHA Enterprise

                      Free up to 10,000 assessments

                      $8 for up to 100,000 assessments

                      then $1 per 1,000 assessments

                      Term

                      reCAPTCHA Essentials

                      None

                      reCAPTCHA Standard

                      Monthly

                      reCAPTCHA Enterprise

                      Monthly, yearly, or custom

                      Assessments per month

                      reCAPTCHA Essentials

                      < 10,000


                      reCAPTCHA Standard

                      10,000 to 100,000


                      reCAPTCHA Enterprise

                      Unlimited


                      Multi-factor authentication

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      BYO SMS and email


                      reCAPTCHA Enterprise

                      BYO SMS and email


                      Password leak protection

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      Yes

                      reCAPTCHA Enterprise

                      Yes

                      Account defender

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      Yes

                      reCAPTCHA Enterprise

                      Yes

                      SMS toll fraud protection

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      Yes

                      reCAPTCHA Enterprise

                      Yes

                      Payment fraud prevention

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      Yes


                      reCAPTCHA Enterprise

                      Yes

                      Mobile SDKs

                      reCAPTCHA Essentials

                      No

                      reCAPTCHA Standard

                      Yes

                      reCAPTCHA Enterprise

                      Yes

                      * Learn how reCAPTCHA billing works.

                      The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.

                      Requires an extra assessment.

                      Get Started for Free

                      Use reCAPTCHA Essentials for a simple, free solution to safeguard your website against spam and abuse.

                      Request a Live Demo

                      Discover how reCAPTCHA boosts your website's security with a personalized interactive demo.

                      Learn more about reCAPTCHA

                      Report: SANS reviewed reCAPTCHA Enterprise and evaluated its key features by deploying a sample site within a Google Cloud account and testing several common use cases.

                      Webinar: Experts from SANS and Google discuss the capabilities of reCAPTCHA Enterprise in detecting and responding to fraud through real-time user behavior analysis.

                      Webinar: Shielding Your Business from Account-Based Fraud with reCAPTCHA

                      Webinar: Protect your business from account takeovers with reCAPTCHA

                      Webinar: Protecting Your Users from Password Leaks with reCAPTCHA

                      Business Case

                      GoFundMe: Securing donations from fraud with reCAPTCHA Enterprise


                      gofundme logo

                      "Combining Google’s rich security expertise with GoFundMe’s focus on fraud prevention is already showing promising results as we strive to keep our platform the safest place to give online."

                      Matthew Murray, Director of Risk, GoFundMe

                      Learn how GoFundMe uses reCAPTCHA Enterprise to combat financial fraud, fake accounts, and fake campaigns, ultimately improving donor trust and ensuring that all donations go to those in need.

                      Watch the video

                      Featured benefits

                      Frictionless experience

                      Unlocking millions of dollars in additional funds with a frictionless experience.

                      Fraud intelligence

                      Incorporating Google-scale fraud intelligence signals in reCAPTCHA to inform internal ML models.


                      Transaction protection

                      Targeting fraudulent payments and mitigate them in real time, while allowing good payments to go through.

                      FAQ

                      What is reCAPTCHA?

                      reCAPTCHA is a modern cybersecurity monitoring product and fraud prevention platform that protects your website and mobile apps against bots, account takeovers, and fraudulent transactions. Powered by Google-scale fraud intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against cyber fraud to protect any endpoint across the entire customer journey. And with custom AI models, we ensure organizations can protect against sophisticated cyber threats with zero end user friction.

                      To get started with reCAPTCHA, create a free account. Subsequently, integrate a few lines of code into your website. Afterward, connect reCAPTCHA to your backend and design assessments. When users engage in actions like user verification or payment processes, reCAPTCHA will assess the user interaction and provide a score. Based on this score, you can determine appropriate actions for your website.

                      reCAPTCHA provides multiple methods to verify that a user is human, including invisible verification, risk-based scoring, and visual challenges. Since 2020, reCAPTCHA primarily works in the background, continuously analyzing user behavior and assigning a risk score. Organizations can then take actions based on the risk score.

                      Yes, you can integrate reCAPTCHA with various other fraud prevention tools. reCAPTCHA is designed to work alongside existing fraud protection solutions, and by adding reCAPTCHA to your website or mobile app, you gain an additional layer of security that is powered by Google-scale fraud intelligence.

                      Yes, reCAPTCHA is available for mobile apps through our easy-to-integrate SDKs. The reCAPTCHA mobile SDKs enable you to protect your iOS and Android apps from fraudulent activity, spam, and abuse. By adding a few lines of code, you can use reCAPTCHA to verify user responses and prevent automated tools from accessing your app.

                      reCAPTCHA protects against bots, website scraping, account takeovers, fake accounts, credential stuffing, payment fraud, card testing, chargebacks, stolen instruments, and gift card testing.

                      Learn how reCAPTCHA can protect your website
                      Google Cloud
                      • ‪English‬
                      • ‪Deutsch‬
                      • ‪Español‬
                      • ‪Español (Latinoamérica)‬
                      • ‪Français‬
                      • ‪Indonesia‬
                      • ‪Italiano‬
                      • ‪Português (Brasil)‬
                      • ‪简体中文‬
                      • ‪繁體中文‬
                      • ‪日本語‬
                      • ‪한국어‬
                      Console
                      Google Cloud