How to use CAPTCHA in a conversational interface?

In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect personal and sensitive information. As stated in the last OWASP 2023 Top 10 Vulnerabilities report, authentication mechanisms are the first line of defence against unauthorized access to online accounts. Furthermore, the new ISO 27001:2022 certification standard dedicates specific controls and clauses to ensure secure authentication procedures.

A robust authentication mechanism is the key to unlocking a great number of self-services. For example, making financial operations, changing insurance policy details or consulting medical test results are operations that individuals can perform online if they pass a strong authentication screening.

However, there are situations where robust authentication mechanisms are not possible. This is the case of quote&buy journeys, where customers are not registered and identified apriori, but also when agents and advisers are about to request some actions on behalf of their clients.

In such cases, the list of self-serve services experiments a physiological reduction because some critical actions won’t be accessible to an unidentified user. Reducing the risk of robots and Denial of Services attacks is also important by using additional security measures like CAPTCHA codes and other techniques.

CAPTCHAs, in particular, are a popular security measure used to prevent automated attacks by requiring users to prove they are human and they nicely fit conversational interfaces. A handy-style text over a noisy background is generated and displayed to the user as an image. Automated Optical Character Recognition (OCR) detectors won’t be able to easily guess the keyword by reading the image.

The main three requirements for a good CAPTCHA code generator are:

All Posts

How to use CAPTCHA in a conversational interface?

In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect personal and sensitive information. As stated in the last OWASP 2023 Top 10 Vulnerabilities report, authentication mechanisms are the first line of defence against unauthorized access to online accounts. Furthermore, the new ISO 27001:2022 certification standard dedicates specific controls and clauses to ensure secure authentication procedures.

A robust authentication mechanism is the key to unlocking a great number of self-services. For example, making financial operations, changing insurance policy details or consulting medical test results are operations that individuals can perform online if they pass a strong authentication screening.

However, there are situations where robust authentication mechanisms are not possible. This is the case of quote&buy journeys, where customers are not registered and identified apriori, but also when agents and advisers are about to request some actions on behalf of their clients.

In such cases, the list of self-serve services experiments a physiological reduction because some critical actions won’t be accessible to an unidentified user. Reducing the risk of robots and Denial of Services attacks is also important by using additional security measures like CAPTCHA codes and other techniques.

CAPTCHAs, in particular, are a popular security measure used to prevent automated attacks by requiring users to prove they are human and they nicely fit conversational interfaces. A handy-style text over a noisy background is generated and displayed to the user as an image. Automated Optical Character Recognition (OCR) detectors won’t be able to easily guess the keyword by reading the image.

The main three requirements for a good CAPTCHA code generator are:

  1. Accessible and human-readable: some CAPTCHAs are not easy to read for humans, yet OCR algorithms can decode them;
  2. One-pad strategy: whenever an attempt to solve the CAPTCHA fails, a new challenge is generated, and the previous keyword is dismissed. Solving the CAPTCHA from the second attempt won’t unlock the service;
  3. Handy typography: some fonts and typography styles help to generate a keyword which is hard to reverse by OCR detectors but at the same time sufficiently accessible by humans.

Here is a graphical example of a conversational interface presenting a CAPTCHA challenge to resolve.

The CAPTCHA code generator feature is available on the Spixii CPA platform. Several parameters can be easily configured directly from the platform, such as the length of the keyword, the number of attempts before rejecting the user, and the background noise level.

Despite some known market CAPTCHA implementations, the Spixii CPA offers a fully GDPR-compliant solution, as no IP address will be collected.

 

For more information on conversational process automation and how it can help your customer service operations to save money, you can download a copy of the most recent Spixii white paper ⬇⬇⬇

Recent Posts

How to use CAPTCHA in a conversational interface?

In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect pers...

Read more

The sweet spot between smooth operations and customer experience

3 min read Gone are the days of interactions where customers and businesses would have to come face-to-face for a transaction. Thanks to the mighty po...

Read more

How can customer service operations save money?

5 min read Efficient and effective customer service operations can significantly impact a company's finances. By providing customers with prompt and a...

Read more

What are the 3 steps to reduce the stress experienced by customer service consultants?

5 min read As a customer service consultant, many factors can cause stress and anxiety in the workplace. One of the biggest causes of stress is dealin...

Read more
2024 Spixii WP - How to deliver expert customer service immediately, consistently and around the clock

Download your FREE Spixii White Paper copy

Discover how to deliver expert customer service immediately, consistently and around the clock:
  • Key KPIs that make or break
  • Making compliance teams happy
  • De-risking the transition to automation