Skip to content
English
Submit a Support Request
  • There are no suggestions because the search field is empty.

reCAPTCHA Overview

How automated security protects donations and donor experience.

reCAPTCHA is a security service provided by Google that helps protect websites from spam, abuse, and automated attacks. It works by analyzing user behavior to distinguish between legitimate human activity and automated or malicious traffic.

This article explains how reCAPTCHA works, the differences between reCAPTCHA v2 and v3, and how it is applied when donors interact with giving forms.

reCAPTCHA Usage on Giving Forms

Giving forms use a layered reCAPTCHA approach to protect against fraud while minimizing friction for legitimate donors. Background risk analysis is performed automatically, and additional verification is only presented when necessary.

What reCAPTCHA Does

reCAPTCHA helps protect websites by analyzing patterns such as mouse movement, click behavior, browser signals, and traffic characteristics. These signals are used to assess whether an interaction is likely human or automated.

The primary goals of reCAPTCHA are to:

  1. Reduce spam and automated submissions.
  2. Prevent abuse and fraudulent activity.
  3. Protect users and organizations from malicious traffic.

reCAPTCHA Versions

reCAPTCHA v2

reCAPTCHA v2 provides visible challenges when additional verification is required.

The most common challenge is the “I’m not a robot” checkbox. Depending on risk signals, users may also be asked to complete an image-based challenge.

This version is only shown when background analysis indicates higher risk.

reCAPTCHA v3

reCAPTCHA v3 runs entirely in the background and does not interrupt the user experience. It assigns a risk score to each interaction based on behavioral signals.

Most donors complete their donation without ever seeing a challenge when v3 determines the interaction to be low risk.

Why Additional Verification May Appear

A donor may be prompted with a reCAPTCHA v2 challenge when reCAPTCHA v3 detects elevated risk. This can happen for several reasons, including:

  1. Behavior that resembles automated activity, such as rapid clicks or repeated submissions.
  2. IP addresses associated with suspicious or abusive traffic.
  3. Unusual browser, device, or software configurations.
  4. Disabled cookies or limited browser storage.
  5. Use of proxies or anonymizing services.
  6. Repeated failed reCAPTCHA attempts.
  7. Access from regions with higher rates of automated attacks

These checks are automated and adaptive. Seeing a challenge does not indicate an error, only that additional verification is required to protect the donation process.