Turn Away The Bots, Not Your Customers
We’ve all been there — we’re on our favorite website trying to buy the latest gadget, reserve concert tickets, or claim an advertised reward. We may be in a rush, we may be excited to snag the item we’re looking for, and we fill in our information and click along to complete the transaction. Just as we think we’re almost there … screech! The process grinds to a halt as we’re asked first to identify stoplights or crosswalks.
Why is this happening? The site has presented a challenge to make us prove that we are a person and not a bot.
Malicious bot operators target websites and their users with large-scale automated business logic attacks such as account takeover, inventory hoarding, and card fraud; firms want to repel the bots so that their customers can do business and have a better (and safer) experience. As customers, we share retailers’ bot frustrations — when we lose out on the latest hot product because bots got in before us, we’re disappointed, even angry. But challenges also annoy us — Forrester’s research has shown that some consumers will abandon transactions when presented with Captchas and challenges.
So What’s An Online Retailer To Do?
Bot management solutions today offer a wide array of options for bot responses, including both visual and invisible challenges. Most consumers have encountered Google’s reCAPTCHA at some point, but visual challenges also include solving puzzles, holding down buttons, or drawing boxes around objects. Invisible challenges bypass the human consumer and analyze the request in depth or present the client request with puzzles such as cryptographic challenges. The bot response and challenge options available to you will depend on your bot management solution. In addition, bot detection quality and response rules will drive how often your end users (i.e., holiday shopper customers) even see challenges.
While conventional wisdom is that low-friction challenges are best, the reality is a bit more nuanced:
- Captchas aren’t the only reason for transaction abandonment. Yes, consumers will abandon transactions when faced with high-friction challenges, but there’s more to the story. Abandonment rates vary by generation, with Millennials most likely to abandon transactions and Baby Boomers least likely (although this group also shops online the least). In addition, consumers are more likely to abandon a transaction if the site is slow or unresponsive — so make sure that detection or invisible challenge techniques don’t present to your consumers as a slow site.
- Some consumers feel safer with a visual indicator. One of the most surprising findings in our research was that some end users feel safer when they see a Captcha or other visual challenge. In fact, slightly over half of online adults feel safer when they see a challenge — about the same as those that reported feeling frustrated. This may not feel intuitive, but remember that challenges will block bots attempting account takeover, card fraud, and web recon — all attacks that could result in a loss of customer data. In addition, seeing a challenge may give users the impression that the firm takes security seriously in other areas, too. We’ve found that younger generations — Gen Z and Millennials — are particularly likely to feel safer. If your site caters to a constituency that tends to feel safer with a visual challenge — or your own customer research shows that this is the case — explore trying a low-friction challenge that doesn’t frustrate users but does offer that signal of protection.
Bot management solutions offer a range of challenges with varying levels of friction and visibility. Some tools allow customers to test challenges or responses with a segment of the user population — consider this sort of A/B testing to find the best response approach for your customer base so you can minimize customer frustration, reduce transaction abandonment, and increase customer feelings of safety.
To see more detailed breakdowns on how consumers view Captchas and challenges, read the report, We All Hate Captchas, Except When We Don’t. For more on the bot management market, check out The Forrester Wave™: Bot Management, Q2 2022, or set up an inquiry with me.