The document provides an overview of Google reCAPTCHA Enterprise, which helps protect websites from fraudulent activity, spam, and abuse. It discusses evolving web security threats like credential stuffing and account takeover that have increased in recent years. The document then summarizes reCAPTCHA Enterprise's features for detecting and preventing these threats, including risk scoring, reason codes, mobile app SDKs, and two-factor authentication. It provides steps to get started and a demo of how reCAPTCHA Enterprise analyzes interactions and takes action based on risk scores.

1. Step-by-step guide to protecting
web applications with Google
reCAPTCHA Enterprise
Cy Khormaee, Product
Manager, Google

2. Agenda
● Understand the latest web security threats
● Overview of reCAPTCHA Enterprise
● Review analyst firm ESG’s evaluation of reCAPTCHA Enterprise
● Get started with reCAPTCHA Enterprise today

3. Evolving web security threats
!
30 Billion
attempted logins with stolen
credentials in 2018
Credential
Stuffing
29%
of all breaches involve the
use of stolen credentials
Fraudulent
Logins
300%
increase since 2017
Account
Take Over
!
!

4. Detect Prevent Recover
Evolving web security threats

5. How reCAPTCHA
Enterprise can
help protect your
website from
fraudulent activity,
spam, and abuse.
Fraudulent Transactions
ATOs
Legitimate Users
Synthetic Accounts
False Posts
Money Laundering
reCAPTCHAEnterprise

6. ESG’s evaluation of reCAPTCHA Enterprise

7. ESG’s evaluation of reCAPTCHA Enterprise

8. ESG’s evaluation of reCAPTCHA Enterprise

9. 01 02 03
Enable reCAPTCHA
Enterprise from the
Google Cloud
Platform console
View the
results in the
Analytics
dashboard
Review key metrics
to help you
respond to threats
3 steps to get started with reCAPTCHA Enterprise

10. Enable reCAPTCHA Enterprise in the Google Cloud Platform console01

11. 02 View the results in the Analytics dashboard

12. 03 Review key metrics to help you respond to threats

13. reCAPTCHA
Enterprise key
features
Enhanced Risk Scoring
Risk Identifiers / Reason Codes
Mobile App SDK (Android and iOS)
Risk Tuning / Annotation API
Two-factor authentication

14. 0 .5 1
Higher Risk Lower Risk
.3 .7
Higher granularity risk scores (Enterprise)
0 .5 1
Higher Risk Lower Risk
.3 .4.2.1 .8 .9.7.6
Risk scores

15. reCAPTCHA
Enterprise risk
score
{
'tokenProperties': {
'valid': True,
'hostname': 'www.google.com',
'action': 'homepage',
'createTime': u'2019-03-28T12:24:17.894Z'
},
'confidence': 0.1,
'reasons': ['AUTOMATION'],
'event': {
'token': 'RESPONSE_TOKEN',
'siteKey': 'SITE_KEY'
},
'name':
u'projects/[PROJECT_ID]/assessments/b6ac310000000000'
}
01
02
03
04
05
06
07
08
09
10

16. REASON CODE DESCRIPTION
AUTOMATION The interaction matches the behavior of an automated agent.
UNEXPECTED_ENVIRONMENT
The interaction indicates that the reCAPTCHA snippet is being interacted with
on a page other than its intended location on your site.
UNEXPECTED_USAGE_PATTERNS
The interaction with your site were significantly different from expected
patterns.
TOO_MUCH_TRAFFIC Traffic volume from the event source is higher than normal.
LOW_CONFIDENCE_SCORE
Too little traffic has been received from this site thus far to generate quality risk
analysis.
Reason code

17. Take action on your reCAPTCHA Enterprise score
User enters
credentials
and clicks
Login
reCAPTCHA
server sends
an email with
code to the
user
If risk
score < 0.5,
trigger email
verification
reCAPTCHA
backend
formulates a
risk score of
0.5
If
successful,
user is
allowed to
complete
login
Use the
challenge
Account()
method to
initiate
the 2FA
User enters
the code on
the webpage
1 2 73 4 65

18. Score/Labels
Annotations
End User Client
reCAPTCHA
Enterprise Server Endpoint
Company-specific model with feedback loops

19. ● Native SDKs for both Android and
iOS to detect on device fraud
● Offers comprehensive protection
across all customer endpoints
Mobile App SDK (Android and iOS)

20. Two-factor authentication
● Inspired by Google’s experience in
protecting user accounts
● Support email and SMS-based
verification
● More methods coming soon

21. Demo

22. Q&A

23. Thank You
Learn more at cloud.google.com/recaptcha-enterprise