Artificial intelligence can answer now GooglePEOPLE reCAPTCHAv2 with 100% accuracy, according to new research, I think it makes critical online security measures obsolete and forcing eCommerce platforms to rethink user authentication.
Scientists at ETH Zurich developed AI system, surpassing the previous method that solved only 68% to 71% of CAPTCHAs. Research has revealed that reCAPTCHAv2 relies heavily on user cookies and browser history data, suggesting that AI systems can exploit this vulnerability.
“Bluntly, this paper shows that we are now officially in the age beyond CAPTCHAs,” The research author wrote, raising concerns about the security of image-based CAPTCHAs and their effectiveness.
End of an Era
CAPTCHAs have served as The first line of defense against automated website attacks for years. However, experts say its effectiveness has waned, and this latest breakthrough could signal the end of its usefulness.
“CAPTCHA is cheap, and that’s part of the problem,” Wink founder and CEO Deepak Jain told PYMNTS. “When users encounter a CAPTCHA, it can give the impression of a low-cost product or a brand that doesn’t prioritize security – more of a ‘Protected by’ security sign on your lawn without a proper security system in place.”
The apparent cost effectiveness of CAPTCHA can be deceiving. Jain says they can harm businesses by lowering the perceived quality of brand safety. Industry leaders have moved away from this technology.
“Sophisticated company like APPLES and Amazon Do not use CAPTCHA as it is outdated and ineffective against modern AI bots,” he said.
Some experts take an even stronger stance against CAPTCHAs.
“CAPTCHA should be done away with and never spoken of again,” Analog Informatics founder and President Philip Lieberman told PYMNTS. “They drive the user crazy, easy to defeat, and create a security theater for those who believe they are working.”
There is an irony in the evolution of CAPTCHA technology, he said.
“As vendors have made technology more difficult for AI to figure out, it’s almost impossible for humans to solve the challenge,” Lieberman said.
Breakthroughs in AI-powered CAPTCHA solving are raising more general concerns about online security.
“When AI breaks these defense systems, malicious actors can more easily automate attacks, gaining access to potentially sensitive information,” hunter Vice President of Product Marketing Seth Geftic told PYMNTS. “This means that customer data will become more vulnerable, making businesses that use CAPTCHA as their primary line of defense more vulnerable to risk.
Balancing Security and User Experience
Companies in the eCommerce industry today face a difficult choice in increase their security measures.
“ECommerce companies need to adopt more sophisticated solutions if they rely only on CAPTCHAs,” Geftic said. “It probably involves looking you things like behavioral analytics or advanced multifactor authentication, all of which will require investment in new technology. Unfortunately, getting safer will often mean spending more money, and these costs can add up. Depending on the business structure, this increased cost can be passed on to customers, making it more difficult for the business to remain competitive.
Jain asked for “more robust modern solutions such as multifactor biometric authentication and liveness detection, which verify that the user is not only a human but also a true human, in directly.”
“Yes, things like biometric authentication and device verification require some investment in new infrastructure, but they also reduce ongoing costs,” he said. “You’ll have fewer customer support tickets related to login issues, reduced fraud management costs, and less risk of data breaches.”
Lieberman agreed.
“Using MFA technology to prove identity and contact methods is the current standard to slow down attackers and gain confidence in visitor identity,” he said.
Experts warn that a more complex authentication process can frustrate customers and increase cart abandonment rates.
“It’s a fine balance between security and convenience – and advances in AI will only make this more difficult,” Geftic said. “With CAPTCHAs becoming less effective, businesses will need to introduce more complex authentication processes, which, while they may be more secure, may also make the purchase process more lengthy or difficult.”
Most users and CAPTCHA systems are now proven.
“I find myself failing routine challenges because it requires me to understand if the pixels of the image belong to one box or another,” said Lieberman. “As a result, I went out of my way if not visit a site that uses it.”
The Future of Online Authentication
Experts envision a smoother and more secure authentication process across multiple platforms in the future. Jain said he sees future security as device-agnostic, “meaning it can work across multiple platforms — whether it’s logging in from a car, using a VR headset, or verifying identity at the airport.”
This approach can lead to increase user experience while maintaining high security standard, potentially addressing the dual challenge of AI-cracked CAPTCHAs and user frustration with current security measures.
The challenge lies in balancing strong security with a user-friendly experience, which may require investment and technological innovation.
“Before taking the plunge, weigh the priorities for your business and your business model,” said Geftic.
For all PYMNTS AI coverage, subscribe daily AI Newsletter.
#Scientists #Develop #Defeats #Widespread #eCommerce #Authentication #Methods #PYMNTS.com