In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect personal and sensitive information. As stated in the last OWASP 2023 Top 10 Vulnerabilities report, authentication mechanisms are the first line of defence against unauthorized access to online accounts. Furthermore, the new ISO 27001:2022 certification standard dedicates specific controls and clauses to ensure secure authentication procedures.
A robust authentication mechanism is the key to unlocking a great number of self-services. For example, making financial operations, changing insurance policy details or consulting medical test results are operations that individuals can perform online if they pass a strong authentication screening.
However, there are situations where robust authentication mechanisms are not possible. This is the case of quote&buy journeys, where customers are not registered and identified apriori, but also when agents and advisers are about to request some actions on behalf of their clients.
In such cases, the list of self-serve services experiments a physiological reduction because some critical actions won’t be accessible to an unidentified user. Reducing the risk of robots and Denial of Services attacks is also important by using additional security measures like CAPTCHA codes and other techniques.
CAPTCHAs, in particular, are a popular security measure used to prevent automated attacks by requiring users to prove they are human and they nicely fit conversational interfaces. A handy-style text over a noisy background is generated and displayed to the user as an image. Automated Optical Character Recognition (OCR) detectors won’t be able to easily guess the keyword by reading the image.
The main three requirements for a good CAPTCHA code generator are:
- Accessible and human-readable: some CAPTCHAs are not easy to read for humans, yet OCR algorithms can decode them;
- One-pad strategy: whenever an attempt to solve the CAPTCHA fails, a new challenge is generated, and the previous keyword is dismissed. Solving the CAPTCHA from the second attempt won’t unlock the service;
- Handy typography: some fonts and typography styles help to generate a keyword which is hard to reverse by OCR detectors but at the same time sufficiently accessible by humans.
Here is a graphical example of a conversational interface presenting a CAPTCHA challenge to resolve.
The CAPTCHA code generator feature is available on the Spixii CPA platform. Several parameters can be easily configured directly from the platform, such as the length of the keyword, the number of attempts before rejecting the user, and the background noise level.
Despite some known market CAPTCHA implementations, the Spixii CPA offers a fully GDPR-compliant solution, as no IP address will be collected.
For more information on conversational process automation and how it can help your customer service operations to save money, you can download a copy of the most recent Spixii white paper ⬇⬇⬇
