It's Gotcha for CAPTCHA

London, United Kingdom

The only truly dependable system for verification is Mobile Identity, which leverages a user's phone number as their online identity. A mobile Identity carries unique identifiers, it's easy to verify and difficult to spoof. It has become the only verifiable global identifier.

Other methods just don't cut it. Take CAPTCHA, for instance. Only last month we were told that a US-based start-up claimed to have developed software, which could defeat text-based CAPTCHA tests 90% of the time. Just to recap, CAPTCHA takes the form of a portion of text, graphic or sound, which the user must enter. The text or graphic is distorted enough to make it unrecognizable to pattern recognition software.The trouble is, the more distorted, and so more effective this is, the harder it is for the user to read, and the more frustrating. (ReCAPTCHA, which helps to digitize books for online use, may have a laudable aim, but is just as annoying.)Users with dyslexia, or sight disabilities, have rightfully complained about the implications on accessibility. And the audio versions are little better. “Some of them sound like aliens talking and they put weird background noises over them!” was one reaction, “they are a bit of joke in the blind community. I've spent half an hour on some and had to give up”.The height of this nonsense was achieved when the US Federation for the Blind complained to the White House that an e-petition calling for printed material to be more accessible to the visually impaired received far fewer signatures than it should have done because of CAPTCHA security.

Everyone's Pet HateMan or Machine?

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. And as this nerdy, student-minded acronym would suggest, it was devised by graduates at Carnegie Mellon University thirteen years ago as a defense against bots and other automated attempts to get round verification systems.The ‘Turing test' part of the acronym refers to an experiment proposed by mathematician, code-breaker and computing pioneer Alan Turing, which attempted to define a machine as intelligent if it was impossible for a human interrogator to distinguish it from a human being, based solely on its responses in a conversational exchange.Sticklers for accuracy would insist that the ‘Turing test', as adopted in CAPTCHA, should be more properly be termed a ‘Reverse Turing test', in that instead of attempting to define a computer as ‘intelligent' and so indistinguishable from a human, CAPTCHA aims to identify the human from a machine.Little wonder, as one user experience consultant out it, “It's generally one of the most hated pieces of user interaction on the web”. A view reinforced by the myriad of comments that you will inevitably find below any web-piece dealing with this subject.Appropriately, the recent reportedly successful attempt to crack CAPTCHA involved artificial intelligence software, which mimicked processes in the human brain, part of an attempt to build “the first truly intelligent machines”.And this is not the first time such a breakthrough has been announced. One study in 2008, using a low-cost approach on normal desktop computers, claimed a success rate of at least 60%.Another approach, dubbed ‘virtual sweatshops', hires dozens of low paid workers, typically from emerging economies, to solve thousands of CAPTCHAs for little more than a dollar a day, selling these out by the lorry-load at knock-down prices.And web properties are taking note.

Ticketmaster, the world's largest online ticket retailer has already abandoned this system in favor of one which uses a simple question and answer format. They estimate that the average time for users to solve it has been cut from 14 seconds to just 7. Some apparently effective alternative solutions are even simpler.In short, as we discuss in our ‘Fraud Epidemic' e-guide, there are just too many ways of getting round the CAPTCHA system.And the alternatives? Biometrics are only just starting to gain a foothold (see Apple's Touch ID). Physical tokens are expensive to implement and maintain, and also get lost or left behind. (In the UK, for example, Lloyds Bank will shortly be abandoning its card reader system for business banking, in favor of memorable information).So bye-bye CAPTCHA. You had a good run, but you never really caught on."

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.