FunCaptcha Enterprise

People believe stopping abuse is impossible, futile, ambiguous, passive, hard

With FunCaptcha it's possible, personal, and powerful against all attacks


CAPTCHA has been at the forefront of anti-abuse technology since the foundation of attacks in the late 90s.

Since its inception, CAPTCHA has been plagued by high-risk vulnerabilities and speculative challenges that persecute human users. Instead of providing simple passage for human users, CAPTCHA has been used to aggress abuse and unfamiliar behaviour. This has grounded CAPTCHA in uncertainty and led people to believe it isn’t the solution. Despite the prevailing beliefs, CAPTCHA (a Turing test) is the most effective way to determine humanity – if done right.

FunCaptcha avoids these common flaws and does it right.

Bad CAPTCHA

Trusted at scale

Distil Networks
IMVU
kik
TV.com
ProBoards

CAPTCHA must be defined by its ability to achieve security and high human conversion, simultaneously.

CAPTCHA is a gateway to the most important parts of your product – it holds enough power to lock everyone out, and to let anything in. It should be easy for human users to complete without frustration, but it must also stop automation and sweatshop attacks.

Our patent-pending technology transforms an irritating chore of comprehension into a fun visual activity that resists automation, machine learning, client decryption, and brute forcing techniques.


Why has CAPTCHA been ineffective?

Challenges have been commercially driven

The common CAPTCHA employs value-added challenges that prioritize economic gains, by taxing the user with tasks that have commercial value in solving – such as digitizing books and categorizing imagery, as a test of humanity.

Optical Character Recognition is nearly a 100% accurate technology that can effortlessly, and automatically, solve such challenges. Consequently, these challenges remain unviable as a security measure, and incapable of establishing humanity.

Optical Character Recognition
Image Recognition
reCAPTCHA v2

Reliance on things attackers can easily fake

In a conference paper presented at Black Hat Asia 2016, reCAPTCHA v2 was exposed to be using a Google.com cookie as a measure of humanity, which afforded users the option to skip all verification challenges.

Answer easily recognized with simple OCR

Optical Character Recognition is a highly accessible and accurate technology; off-the-shelf machine vision products provide a near 100% solve rate for the common CAPTCHA.

Solve Media

Answer unsecured and retrievable from client

In some CAPTCHAs, the client can be manipulated to expose the answer. For example, Solve Media can be compromised with its decryption code to solve 100% of some challenges.

Decryption Code

→ Decryption code for Solve Media


Introducing FunCaptcha Enterprise

The managed CAPTCHA service with experts who become a part of your team

  • Patent-pending 3D model approach at core
  • Gamified puzzles that leverage gaps in machine vision
  • Heavily resistant to all forms of automated abuse
  • Easily undoes machine vision and training attacks
3D Model Approach

Trusted by the best

Distil Networks
IMVU
kik
Electronic Arts
StubHub
Air China
ProBoards
CBS Interactive
Check My Trip
Tigerair
Mouser Electronics
TV.com
HK Express

Our Advisors


Defense Techniques

FunCaptcha drives up the cost of abuse by intercepting brute forcing, machine learning, and sweatshop attacks

Defeat brute forcing

  • FunCaptcha has pioneered advanced fingerprinting techniques that associate history with user attempts
  • With bad guesses, FunCaptcha shows more challenges to decrease odds from 1/8 up to 1/1,073,741,824
  • This renders brute forcing attacks impractical in the short-term and impossible at scale
1/8 Chance 1/512 Chance
Defeat Brute Forcing

Defeat machine learning

FunCaptcha makes each training action cost something:

  • Guessing depletes an undisclosed balance of credits associated with the user Fingerprint
  • Using human labor to manually train images costs the attacker money per model trained
  • FunCaptcha changes models frequently and forces attackers to pay these costs repeatedly

Each image uniquely generated to defeat simple attacks:

  • Random noise is introduced to defeat bitmap checksum
  • Indiscriminate image shifting and changing camera angles defeat fuzzy pixel-to-pixel comparisons

Change camera angle:
one model → thousands of images

Model Rotations

Compose images:
two image sets → millions of combos

Stacked Animals
Falling Objects
  • FunCaptcha has a library of different game types to defeat all kinds of attacks
  • All games use unique 3D models that are regularly retired and replaced
  • Existing game types can be quickly repurposed with different 3D models
  • New 3D models and game types constantly developed
Multiple Game Types
Multiple Game Types
Multiple Game Types

Defeat sweatshops

In the absence of automation, sweatshops and solving farms remain the Achilles' heel of CAPTCHA. This vulnerability facilitates the crowdsourcing of challenges for human-powered solving, and can bypass more than a hundred CAPTCHA per minute.

FunCaptcha has expelled such attackers with a series of covert defense measures that attack sweatshops, and regulate their capacity to be financially viable. Thus, removing the economic window necessary to commercialize the solving of FunCaptcha.

Defeat sweatshops
Access critical expertise

Access critical expertise

Beyond these automated defences, FunCaptcha is managed by experts who become a part of your team and existing workflow. Our dedicated data scientists monitor traffic patterns 24/7 to ensure automation is never achieved.

If an attempt at automation is detected, the team can rapidly adjust settings and introduce new models to defeat the attack in its infancy. This is executed within a guaranteed SLA, which renders automated abuse inoperative and immediately disarms attackers before they can recoup their costs.

Multilingual & Accessible

Traditional CAPTCHAs are hard enough as it is, let alone trying to figure them out in another language. FunCaptcha ensures your users receive a meaningful verification experience by providing considerable multilingual support – and unlike some popular CAPTCHAs, FunCaptcha is not blocked for users in Mainland China. Moreover, the service is Section 508 compliant and fully accessible to users whose motor skills and vision are challenged.

Multilingual and Accessible

CAPTCHA Comparison

  FunCaptcha reCAPTCHA v2 reCAPTCHA Solve Media
Automation SLA
Advanced Fingerprinting
Custom Fingerprinting
Multiple Challenge Types
Unrepeated Imagery
Sweatshop Defense
Verbose Logging
Advanced Obfuscation
Bootstrap Loading
99.95% Uptime SLA
Data Transparency
Section 508 Compliance ? ?
24/7 Hotline Support
Account Manager
Curated Reports
Real-Time Analytics
Fully Customizable UI
White Labelling
Unique Integrations
Invisible Option
Bespoke Features
Custom Security Images

Features

Third-Party Logging

FunCaptcha aggregates custom logs that can be used to construct a real-time view of user activity. Logs are pushed when the user loads FunCaptcha, when they interact with it, and when you validate with our server. These logs are verbose; they include curation on the legitimacy of a user, and evaluate requests to isolate IPs of a questionable reputation.

Custom logs are sent to your server and can be deployed to internal dashboards, or integrated with existing reporting infrastructure.

Field Value / meaning Alt. value(s)
client_param Parameter passed by customer to FC. Typically used to request a security tier or UX test mode.
game_type 1: "Roll the ball" game 2: "Move to the middle" game
fingerprint Unique user fingerprint constructed based on the user's device and network capabilities.
+ Many More

Passive Mode

Showing different FunCaptchas

Strong telltales
Passive Mode
No telltales:
Don't show FunCaptcha
Mild telltales:
Show easy FunCaptcha
Strong telltales:
Show hard FunCaptcha
No telltales

But wait, there's more...

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.