NEW YORK (MainStreet) — With a barrage of bots, you can't always know you're engaging with humans on the Internet. To guard against spam, scams and hackers, small businesses with an online presence must take measures on the front end and measurements on the back end to ensure real results.
Take Captcha — please! The system is supposed to make sure only humans get get access to websites, but Dutch penetration tester Sijmen Ruwhof just disclosed that a flaw in Captcha code in 2007 opened the door to hijacking on 20,000 exposed sites. The code may have spread to millions of websites.
That works against Captcha's mission to automatically detour foul play — to discourage hackers who write programs to sign up for phony accounts, post links to buy products in forums and generally cause havoc on websites.
“Without some sort of defense in place, spam and fraudulent accounts have to be deleted manually, which is very time consuming,” says Reid Tatoris, co-founder of Are You A Human, which analyzes online interaction for 35,000 sites ranging from one-person blogs to AOL and CBS Interactive.
“Until recently, Captcha has been the only alternative, though a terrible one,” Tatoris says, making an argument for people to use his service instead. “Captcha puts the burden on the user by making them decipher often-unreadable text to prove themselves. Out of the 75 percent of users who fail a Captcha on the first attempt, 100% of them become annoyed while visiting your site. In fact, 40% of all the visitors will leave a site when presented with a Captcha.”
One reason: Spammers use optical character recognition to determine what letters are shown in a Captcha, and because this technology has gotten extremely effective over years of development, Captcha has become increasingly challenging for real people to decipher. One joke Captcha asks users to reproduce an intricate painting with their mouse.
All kidding aside, though, today’s complicated Captchas may be warding off more humans than bots.
To make matters worse, since Captcha is a binary test, if hackers do successfully read the letters once, they’re in forever. That’s why companies are turning to alternatives such as Are You a Human's PlayThru, which analyzes user interaction through simple actions and games rather than asking for a code. By taking a more holistic approach and accessing all the interaction happening on the page (from mouse movements to click time to IP address), companies can see if a real user is present and engaged when an ad is displayed.
Using mobile marketing analytics software on the back end — the part programmers and IT departments see and visitors to a site do not — is another way to help filter fraudulent impressions and bots, target only real users and better determine the real effectiveness of online ad campaigns.
“When you are in the business of measuring performance, it is important to be objective,” says Sanjeev Ahuja, chief executive of Oplytic, which offers analytics to Time, Meredith, Deakin University, AARP and AAA, among others. “We have checks and balances in place to look for certain patterns and metrics in the data that alert us to whether someone is trying to cheat the system — whether via human or bot interaction.”
— By Ilana Greene for MainStreet