reCAPTCHA: Part of Google Cloud Fraud Defense
Stop automated attacks with modern bot protection
Secure your web and mobile apps against sophisticated threats with a frictionless solution. reCAPTCHA provides the core visual challenge engine powering the expanded Google Cloud Fraud Defense platform.
Stop advanced bots and agentic web threats. Discover Google Cloud Fraud Defense.
Features
Advanced bot and automated abuse detection
reCAPTCHA leverages a sophisticated and adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps.
Protect against online account takeovers and fraudulent users
reCAPTCHA provides the front-line bot defense to shield against automated credential stuffing. For comprehensive Account Defense that stops synthetic identities, account takeovers, and agentic abuse across the entire customer journey, take the next step with Google Cloud Fraud Defense.
Bot mitigation with frictionless user experience
Safeguards your website and mobile applications from abusive traffic without compromising the user experience. reCAPTCHA employs an invisible score-based detection mechanism to differentiate between legitimate users and bots or other malicious attacks.
Online scam protection against SMS toll fraud attacks
Stop high-velocity sign-up abuse and costly SMS pumping. SMS Defense is now included with the Google Cloud Fraud Defense platform.
Protect against fraudulent transactions
Shield your checkout funnels from automated carding and promo abuse. Advanced Transaction Defense that evaluates risk signals across the payment process is available through Google Cloud Fraud Defense.
Support for any endpoint
Protects your organization from fraud and abuse when dealing with traffic coming from any endpoint. In addition to website security, reCAPTCHA provides native mobile SDKs for iOS and Android. For endpoints that cannot run web JavaScript or mobile SDKs, reCAPTCHA Express can support clients like smart devices and IoT devices.
Online fraud management at Google-scale
Providing global insights against fraud using threat intelligence telemetry from trillions of transactions, billions of users and devices, and millions of websites, reCAPTCHA provides global insights against fraud. These insights power our detection models to help protect from fraudulent activity, spam, and abuse.
Website bot protection coverage for the entire customer journey
While reCAPTCHA secures your perimeter, Google Cloud Fraud Defense eliminates defensive gaps with a unified layer that protects the entire customer journey—from account registration to final payment.
AI/ML-powered threat detection
Uses a powerful combination of artificial intelligence (AI), machine learning (ML), clustering, and neural networks to uncover the most sophisticated threats. Our AI/ML-driven threat detection is capable of identifying active attacks and uncovering the connections between adversaries and their operations.
Multi-factor authentication
Multi-factor authentication (MFA) with reCAPTCHA offers an enhanced level of security by introducing an additional authentication step for logins and other user flows. This approach helps organizations combat credential stuffing attacks and protect against account takeovers.
Password defense and malicious account identification
Prevent credential stuffing by flagging breached data and securing your platform from human fraud farms and automated agents. These deep identity-based protections are core components of Google Cloud Fraud Defense.
Integrate with your web application firewall (WAF)
Integrates with your existing WAF (web application firewall) to provide enhanced detection and protection at the network edge. This integration works with WAF providers like Google Cloud Armor, Fastly, and Cloudflare. By deploying reCAPTCHA as a service at the WAF layer, you can detect and block abusive traffic before it even reaches your web application's infrastructure.
Comprehensive web app and API protection (WAAP)
Google Cloud's web app and API protection (WAAP) solution combines reCAPTCHA Enterprise, Cloud Armor, and Apigee for powerful protection. reCAPTCHA Enterprise offers advanced bot detection and fraud protection, Cloud Armor acts as a web application firewall (WAF) to block attacks, and Apigee secures your APIs through management and analytics. Together, they provide a multi-layered defense against various web threats.
Adaptive risk-analysis engine
Analyzes a vast array of signals, including user behavior, device information, IP addresses, and historical interaction patterns to assess the risk level associated with a particular action on your site or mobile app. Organizations can fine-tune the risk analysis engine to your site’s specific needs.
Unified visibility and analytics dashboards
Use real-time dashboards and forensic tools to identify multi-stage campaigns by connecting the dots between isolated events. Enterprise-grade visibility for both human and agentic traffic is fully integrated into Google Cloud Fraud Defense.
Privacy preserving out of the box
reCAPTCHA secures data with client-side storage, anonymization, and privacy technologies. Data gathered is used only for reCAPTCHA's operation and security, not for personalized advertising by Google. See reCAPTCHA Terms of Service for more information.
How It Works
reCAPTCHA is a powerful bot blocker that protects websites from spam, abuse, and fraud. It works by analyzing user behavior and other factors to determine if an action is being performed by a human or a bot. If suspicious activity is detected, reCAPTCHA may take action to prevent unauthorized access, such as presenting a challenge or blocking the interaction altogether. This helps ensure websites stay protected while minimizing interruptions for legitimate users.
Here are three key capabilities:
- Adaptive risk assessment: analyzes various factors to assess the risk of a user being a bot and adjusts its response accordingly
- Advanced bot detection: employs sophisticated techniques to distinguish humans from bots, ensuring accurate identification
- Continuous learning: utilizes machine learning to constantly improve its bot detection accuracy and adapt to new threats
reCAPTCHA is a powerful bot blocker that protects websites from spam, abuse, and fraud. It works by analyzing user behavior and other factors to determine if an action is being performed by a human or a bot. If suspicious activity is detected, reCAPTCHA may take action to prevent unauthorized access, such as presenting a challenge or blocking the interaction altogether. This helps ensure websites stay protected while minimizing interruptions for legitimate users.
Here are three key capabilities:
- Adaptive risk assessment: analyzes various factors to assess the risk of a user being a bot and adjusts its response accordingly
- Advanced bot detection: employs sophisticated techniques to distinguish humans from bots, ensuring accurate identification
- Continuous learning: utilizes machine learning to constantly improve its bot detection accuracy and adapt to new threats
Bot protection
Defend against automated cyber attacks
Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt the customer experience, skew data, and damage brand reputation. As our core visual bot defense technology, reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA at your perimeter, businesses gain proactive protection against malicious bots, ensuring a secure environment that serves as the foundation for the broader Google Cloud Fraud Defense platform.
Learning resources
Defend against automated cyber attacks
Cyber bots pose a significant threat across various industries, causing problems like spam, content scraping, account takeovers, fake reviews, and automated resource abuse. This can disrupt the customer experience, skew data, and damage brand reputation. As our core visual bot defense technology, reCAPTCHA offers an adaptable risk analysis engine to shield against automated software, thwarting abusive activities within an organization’s website and mobile apps. By implementing reCAPTCHA at your perimeter, businesses gain proactive protection against malicious bots, ensuring a secure environment that serves as the foundation for the broader Google Cloud Fraud Defense platform.
Account protection
Mitigate account takeovers
Account takeover (ATO) attacks are a rising security concern, leading to data breaches and fraudulent transactions. While reCAPTCHA provides the front-line bot defense against automated credential stuffing, comprehensive Account Defense and Password Defense are now centralized in Google Cloud Fraud Defense. Upgrade to stop synthetic identities and secure your platform from both human fraud farms and automated agents.
Learning resources
Mitigate account takeovers
Account takeover (ATO) attacks are a rising security concern, leading to data breaches and fraudulent transactions. While reCAPTCHA provides the front-line bot defense against automated credential stuffing, comprehensive Account Defense and Password Defense are now centralized in Google Cloud Fraud Defense. Upgrade to stop synthetic identities and secure your platform from both human fraud farms and automated agents.
Fake account protection
Protect against fake account creation
Fake accounts enable spam, abuse, and fraud. Deter automated sign-ups at the perimeter with reCAPTCHA, and step up to Google Cloud Fraud Defense for advanced account defense capabilities. The expanded platform leverages Google-scale intelligence to secure the entire customer journey and distinguish authorized AI assistants from rogue bots.
Learning resources
Protect against fake account creation
Fake accounts enable spam, abuse, and fraud. Deter automated sign-ups at the perimeter with reCAPTCHA, and step up to Google Cloud Fraud Defense for advanced account defense capabilities. The expanded platform leverages Google-scale intelligence to secure the entire customer journey and distinguish authorized AI assistants from rogue bots.
SMS toll fraud protection
Protect against SMS pumping attacks
SMS toll fraud (also known as SMS pumping) triggers massive fraudulent charges for platforms utilizing SMS for 2FA. Specialized SMS Defense designed to block high-velocity sign-up abuse and Artificially Inflated Traffic (AIT) is a core capability of the Google Cloud Fraud Defense platform.
Learning resources
Protect against SMS pumping attacks
SMS toll fraud (also known as SMS pumping) triggers massive fraudulent charges for platforms utilizing SMS for 2FA. Specialized SMS Defense designed to block high-velocity sign-up abuse and Artificially Inflated Traffic (AIT) is a core capability of the Google Cloud Fraud Defense platform.
Transaction protection
Protect against fraudulent transactions
Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses. Advanced Transaction Defense that shields checkout funnels and prevents promo abuse—allowing trusted agents and humans to complete high-value payments seamlessly—is fully integrated into Google Cloud Fraud Defense.
Learning resources
Protect against fraudulent transactions
Payment fraud, through tactics like carding and stolen credit card usage, causes significant financial losses. Advanced Transaction Defense that shields checkout funnels and prevents promo abuse—allowing trusted agents and humans to complete high-value payments seamlessly—is fully integrated into Google Cloud Fraud Defense.
Pricing
| reCAPTCHA Pricing | Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.* | ||
|---|---|---|---|
| Item | reCAPTCHA Essentials | reCAPTCHA Premium | reCAPTCHA Enterprise |
Cost per month | Free up to 10,000 assessments† | Requires a valid billing instrument in Google Cloud 1 - 10,000 assessments: Free† 10,001 - 100,000 assessments: $8.00 flat fee More than 100,000 assessments: $1.00 per 1,000 assessments | Fixed monthly volume commitment at $1 per 1,000 assessments. |
Commitment | None | Monthly + Pay-As-You-Go | Subscription (Minimum 12 months) |
Bot defense | Yes | Yes | Yes |
Password defense | No | Yes‡ | Yes‡ |
Account defense | No | Yes | Yes |
SMS defense | No | Yes‡ | Yes‡ |
Transaction defense | No | Yes‡ | Yes‡ |
Mobile SDKs | No | Yes | Yes |
* More detail on each of the tiers can be found at Compare Tiers.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
reCAPTCHA Pricing
Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.*
Cost per month
Free up to 10,000 assessments†
Requires a valid billing instrument in Google Cloud
1 - 10,000 assessments: Free†
10,001 - 100,000 assessments: $8.00 flat fee
More than 100,000 assessments: $1.00 per 1,000 assessments
Fixed monthly volume commitment at $1 per 1,000 assessments.
Commitment
None
Monthly + Pay-As-You-Go
Subscription (Minimum 12 months)
Bot defense
Yes
Yes
Yes
Password defense
No
Yes‡
Yes‡
Account defense
No
Yes
Yes
SMS defense
No
Yes‡
Yes‡
Transaction defense
No
Yes‡
Yes‡
Mobile SDKs
No
Yes
Yes
* More detail on each of the tiers can be found at Compare Tiers.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
Learn more about reCAPTCHA
Business Case
GoFundMe: Securing donations from fraud with reCAPTCHA Enterprise
"Combining Google’s rich security expertise with GoFundMe’s focus on fraud prevention is already showing promising results as we strive to keep our platform the safest place to give online."
Matthew Murray, Director of Risk, GoFundMe
Learn how GoFundMe uses reCAPTCHA Enterprise to combat financial fraud, fake accounts, and fake campaigns, ultimately improving donor trust and ensuring that all donations go to those in need.
Featured benefits
Frictionless experience
Unlocking millions of dollars in additional funds with a frictionless experience.
Fraud intelligence
Incorporating Google-scale fraud intelligence signals in reCAPTCHA to inform internal ML models.
Transaction protection
Targeting fraudulent payments and mitigate them in real time, while allowing good payments to go through.
Learn how reCAPTCHA can protect your website
FAQ
How do I access the legacy reCAPTCHA Classic Admin Console?
The Classic Admin Console (formerly on google.com/recaptcha) is now accessible here, and via the "Legacy Admin Console" link in the left navigation. You can also continue to access the console using the same URL; there's no need to update existing bookmarks. All the same functionality is available, and your existing login credentials will still work.
What is reCAPTCHA?
reCAPTCHA is the visual bot defense technology that powers the Google Cloud Fraud Defense platform. It helps neutralize sophisticated non-human actors by utilizing adaptive AI and collective immunity derived from Google's global threat network.
What is the difference between reCAPTCHA and Google Cloud Fraud Defense?
reCAPTCHA is the brand that refers to our visual bot defense technology. Google Cloud Fraud Defense is the evolution of reCAPTCHA, expanding it into a comprehensive trust platform for the agentic web. While reCAPTCHA focuses specifically on visual bot defense, Fraud Defense secures the entire customer journey, protecting everything from account creation and login to checkout and payment.
How do I use reCAPTCHA?
To get started with reCAPTCHA, create a free account. Subsequently, integrate a few lines of code into your website. Afterward, connect reCAPTCHA to your backend and design assessments. When users engage in actions like user verification or payment processes, reCAPTCHA will assess the user interaction and provide a score. Based on this score, you can determine appropriate actions for your website.
Is reCAPTCHA only visual challenges?
reCAPTCHA serves specifically as our visual bot defense technology. In addition to visual challenges, it includes AI-resistant controls that use a mobile device to scan a QR code to verify human presence and device integrity. For organizations requiring invisible, frictionless background assessments in over 99% of sessions, those capabilities are centralized within the comprehensive Google Cloud Fraud Defense platform.
Can I integrate reCAPTCHA with my other fraud tools?
Yes, you can integrate reCAPTCHA with various other fraud prevention tools. reCAPTCHA is designed to work alongside existing fraud protection solutions, and by adding reCAPTCHA to your website or mobile app, you gain an additional layer of security that is powered by Google-scale fraud intelligence.
Is reCAPTCHA available for mobile?
Yes, reCAPTCHA is available for mobile apps through our easy-to-integrate SDKs. The reCAPTCHA mobile SDKs enable you to protect your iOS and Android apps from fraudulent activity, spam, and abuse. By adding a few lines of code, you can use reCAPTCHA to verify user responses and prevent automated tools from accessing your app.
What types of online fraud does reCAPTCHA protect against?
As our visual bot defense technology, reCAPTCHA provides critical front-line protection against sophisticated non-human actors and malicious automated bots. To protect against multi-stage fraud campaigns, it integrates seamlessly into the complete Google Cloud Fraud Defense platform. This expanded platform provides specialized protection against agentic web threats, synthetic identities, account takeovers (ATO), credential stuffing, SMS toll fraud, and carding.
