I am a web project manager for mid-sized nonprofit that accepts donations online.
I was recently asked to research better options than reCAPTCHA which our donor relations/marketing folks see as a potential barrier to online donations (assumption: the easier the process, the more likely people are to do it). I think I can get a quick win here by demonstrating the “custom theming” abilities (most users appear unaware of the “refresh” button to request another challenge), but I am wondering whether there are even better options.
Whereas most uses of CAPTCHAs are geared towards preventing SPAM, that is not our purpose. Our issue is fraudulent credit card testing by bots in preparation for black market wholesale of stolen credit card databases.
So, here is my question:
What options are out there better than CAPTCHAs that would be more transparent to the user?
Options:
- Honeypots?
- Verification techniques?
Under NO circumstances should you have a CAPTCHA on your donation form. A/B test it and you will be shocked at the suppression the CAPTCHA causes. NPO’s do have a credit card fraud issue because credit card fraud bots will use NPO donation forms to test CC numbers because they generally have lax address verification.
Your best bet if you don’t want to suppress donations is an input field that is hidden from view by CSS (not a type=”hidden”) that if filled out will halt form processing, then make sure that it is properly labled to tell people to not fill it (in case the CSS hide fails, like with a screen reader) – the honeypot, as you say.
The other defense is to throttle multiple donations from the same IP.