Are we human or are we dancer?

My sign is vital, my hands are cold

And I’m on my knees looking for the answer

Are we human or are we dancer?

–        From the song “Human” by the Killers

You may not know what a CAPTCHA is or what the acronym stands for, but you’ve used it if you’ve ever had to view an image of some text and then type it into a form.  Usually, it is required before submitting a comment, sending a message, or registering for a site.  CAPTCHA is used to prove you are a human and not a program/robot (bot) trying to send spam or register malicious accounts to send or post spam.

Many people hate CAPTCHAs.  At best it is an annoyance and at worst it prevents legitimate users from accessing your site due to the increased complexity of deciphering the text in an image.  There are sites that tell you Why you should never use a CAPTCHA.  I, however, can think of at least one scenario where CAPTCHA is very useful.

Recently, we had a merchant report that his payment gateway was going to terminate his service unless he stopped inundating it with bad credit card submissions.  Apparently, a bot was constantly feeding credit cards to his checkout in hopes of finding one that worked.  CAPTCHA can prevent bots from submitting credit card numbers as in the example above.  However, CAPTCHA may also drive away your legitimate customers by distracting them from paying with images to decipher.

Fortunately, the ShopSite shopping cart allows the merchant to specify that a CAPTCHA is to be displayed only after a certain number of failed attempts.  In ShopSite, go to Commerce Setup, then Payment Setup.  At the bottom of the screen, enable the Human Validation feature and indicate the number of failures before the CAPTCHA is activated.  This allows legitimate “human” shoppers to have several attempts to input a valid credit card before CAPTCHA is displayed.

Unfortunately, there is no perfect solution for stopping all bots.  But in this case, CAPTCHA is a perfectly viable solution.