Skip to main content
All CollectionsGetting StartedStore Settings
Credit Card Protection with reCaptcha
Credit Card Protection with reCaptcha

Using Google's CAPTCHA to protect your customers and your store.

Nadia Augusto avatar
Written by Nadia Augusto
Updated yesterday

This documentation provides a guide to help users implement reCAPTCHA for credit card transactions on your storefront. The primary goal of this implementation is to protect customers from attacks and prevent robot spam during the checkout process, saved card management, and account balance payments.

Introduction to reCAPTCHA

What is reCAPTCHA?
reCAPTCHA is a service provided by Google that helps protect websites from spam and abuse. It uses advanced risk analysis techniques to distinguish between human and automated access to websites. By using reCAPTCHA, you can ensure that the person interacting with your site is a real user and not a bot, enhancing security and providing a better user experience.

Why Implement reCAPTCHA?
Implementing reCAPTCHA on your website helps to:

  • Prevent fraud and unauthorised access to payment information.

  • Protect customer data during critical processes such as checkout, saved cards management, and account balance payments.

  • Enhance the overall security of your e-commerce platform by blocking bot traffic that may attempt to exploit vulnerabilities.

Affected Pages in the Storefront

reCAPTCHA will be activated on the following pages of your storefront:

  • Checkout Page: To verify genuine users during the payment process.

  • Saved Cards Management: To protect the customer’s saved credit card information from unauthorised access.

  • Account Balance Payment: To secure payments made towards the customer’s account balance.

How to Activate reCAPTCHA in the Admin Panel

To activate reCAPTCHA protection on your storefront, follow these steps:

In your store's admin area from the main menu, click on Store Settings > Select General > Store Preferences, under the "Customers" tab Scroll down to find the new two selection options in the "Display" section.

Configuration Options

There is three different configuration options:

  • Always: reCaptcha V2 checkbox whenever a new card is added or used

  • When Suspicious Activity detected: Invisible reCaptcha V2 (it provides protection without interrupting the user's flow unless the activity is deemed suspicious)

  • After 2 payment attempts: reCaptcha V2 checkbox whenever a new card is added with two payment attempts

The default setting for reCAPTCHA activation is "When Suspicious Activity", meaning that reCAPTCHA will only challenge users when potentially suspicious behaviour is detected, balancing security with user experience.

These options allow you to customise the level of reCAPTCHA protection to suit your specific security needs.

Guest & Registered Users

Guest users are any user that is not logged into your website using a username and password.

A Registered user is a user that has used your storefront registration form to create an account and does not have anything in the below account fields.

  • For registered users these Account fields must be blank.

ERP Account Users

An ERP user is defined as a user that is synced with your ERP backoffice software. These users will be sync using the following fields.

Any Accounts with something in one or both of the below fields is considered an ERP Account.

Any user that resides under and account like this are considered ERP Account users.

Payment gateways not covered by this feature

Currently, this feature does not support the following payment gateways: PayPal, Adflex, Vantiv without Charge, and Vantiv Worldpay.

Note: this feature is independent of the Storefront Login reCAPCHA process. Read more

FAQs

Where can I find more information about reCAPTCHA Policies?

For more detailed information on reCAPTCHA, visit the Google reCAPTCHA Documentation.

Do I need to add information to my Cookies & Privacy Policy?

Yes, you will need to make sure that you have added information to both your Cookie and Privacy policy to comply with GDPR. See more on our cookies page

Did this answer your question?