Since its inception five years ago, PerimeterX has continued to protect web and mobile applications from malicious bots. The journey started with PerimeterX Bot Defender, a behavior-based bot management solution that enables customers to manage their automated traffic. Today we are proud to extend the power of Bot Defender to help improve your website user experience with the introduction of PerimeterX Human Challenge, a new user-friendly verification.
User verification: Why do we need it?
PerimeterX Bot Defender detects and mitigates malicious bots in real-time, mostly behind the scenes, minimizing the user interruption and preserving the intended website experience.
When using Bot Defender, one could ask why there is even a need for additional verification?
The answer is simple: when Bot Defender determines the user is not human, there are still rare cases where human behavior can get tagged as suspicious or undetermined. For example some users who are familiar with their favorite sites may navigate directly to certain pages unlike most users and get scored as bots. Therefore, instead of just blocking real users that are scored as bots, even when less than one in 10,000 blocked sessions is from a real user, the system serves a verification challenge to make sure that this is indeed a bot. This allows the rare human users to “clear” themselves with ease, whereas the bots fail again and again in solving the challenge until they give up.
To minimize the impact on the users’ experience, PerimeterX keeps the false-positive rate under 0.01%, or one in 10,000 sessions presented with the verification is initiated by a real user. However, Bot Defender offers flexibility for customers interested in more aggressive mitigation, like those in the financial vertical, and this mode can result in more users being presented challenges. In such cases, Human Challenge can significantly reduce user friction.
Would it be better to just reduce the false-positive number to zero?
Not necessarily. Even the most sophisticated system cannot be right every time because cybercriminals keep evolving, so challenges are important for the following reasons:
First, it’s extremely important for a learning system to have a feedback loop to constantly learn and improve the accuracy of detection.
Second, by having another interaction with the user on the challenge page, the system collects additional data about the user behavior and how it interacts with this page, which enhances the detection capabilities for this user, and other similar users will get the benefit of this learning.
The Era of CAPTCHAs
What have we been doing so far, and why did we want to improve?
So far, to verify that a user is indeed a bot, Bot Defender has been using reCAPTCHAs. To be more specific, the most commonly used one - the well known Google reCAPTCHA - was carefully chosen after looking into multiple options.
Based on the extensive experience of using Google reCAPTCHAs for billions of user sessions, we recognized a few alarming gaps that have serious implications for any online business using it.
The first important and well-known challenge with the CAPTCHA is its negative impact on user experience. CAPTCHAs are considered frustrating and irritating, and often they make the user abandon the website or the page, especially if they fail to solve them even after multiple attempts. Users that fail to solve a CAPTCHA, even if it is a very small percentage of the users, are still important, especially for large online businesses, where a small percentage represents a large number of consumers.
The second problem of the growth of CAPTCHA-solving bots is covered in detail in our previous blog - CAPTCHA: Hard for Humans, Easy for Bots. With the use of automated solutions or a human workforce, it is pretty easy today for bots to overcome the CAPTCHA barrier. In short: instead of being easy for humans and hard for bots, CAPTCHAs are hard for humans and easy for bots.
PerimeterX Human Challenge - the next step
As a result of the current gaps, and to enable protection from CAPTCHA-solving bots while minimizing the friction for human users, PerimeterX developed a brand new user verification - PerimeterX Human Challenge.
Today, after more than a year of research and development, and testing with beta customers, Human Challenge is now generally available for Bot Defender customers.
Human Challenge is a simple ‘no hassle’ single-step challenge, such as “press and hold” that is very easy and fast to solve for human users, but effectively protects from CAPTCHA-solving bots.
Users are solving Human Challenge 5X faster than Google reCAPTCHA, and the number of users that abandon the website or page is 10X lower. This is a significant difference for the user experience, which makes a real impact on conversion rates.
Behind the scenes, as part of the Bot Defender solution, Human Challenge collects in-depth data about the user, which is streamed to the detection smart-learning system and improves its accuracy to protect from the most sophisticated CAPTCHA-solving bots.
A leading e-commerce brand already using Human Challenge has said, “It is amazing to see user sessions flowing so smoothly. It is almost as good as no user interruption or challenges. Truly a game changer for our web and mobile applications.”
Sounds Interesting. What else you should know?
- Human Challenge is available for Bot Defender customers.
- Human Challenge can be deployed gradually. Bot Defender can still use Google reCAPTCHA as an extra verification tool or mix both reCAPTCHA and Human Challenge to make it harder for CAPTCHA-solving bots.
- The difficulty level of the challenge and the type of challenge is adjustable based on customer needs and will evolve to keep pace with the sophistication of CAPTCHA-solving bots.
- The PerimeterX team monitors user experience by measuring the average time it takes a human user to solve the challenge, and verifies that the challenge-solve time reduces. In cooperation with the customer, the team also monitors conversion rate changes.
Want to learn more?
Read the Human Challenge product brief
Request a custom demo