[MUSIC PLAYING]
VARSHA DATTA: Welcome to
Google Cloud Security showcase,
a special web series where
we will focus on security use
cases that our customers
can solve with Google Cloud.
My name is Varsha, and
I'm a Customer Engineer
at Google Cloud.
Today, we will be
talking through one
of the top questions that
we get from our customers.
How can I use
reCAPTCHA Enterprise
to protect my website from
online fraudulent activity?
Fraudulent web activities
cost enterprises
billions of dollars each year.
Security teams need to
keep the bad actors out
of their websites and ensure
that their customers can always
get in.
Google reCAPTCHA has
been defending millions
of sites for almost a decade,
and the reCAPTCHA Enterprise
service built on this
technology with capabilities
designed specifically for
enterprise security concerns.
In this demo, I'm
going to show you
how reCAPTCHA
Enterprise identifies
the difference between a
real user and a bad actor
and how you can view this within
the Admin Analytics dashboard
to see what is happening
with your website.
Let's say you're a user entering
your credentials on a login
page.
Let's go ahead and enter
some test credentials.
Right, I'll go ahead and log in.
Since I'm a real
user on the web page,
I get the feedback
from the server saying,
thank you for
participating in the demo.
Now, let's dive into the
reCAPTCHA Enterprise Admin
portal to see how this
request for is detected
by reCAPTCHA Enterprise.
Let me go ahead
and refresh here.
Clearly, I see that
this request was
detected as a legitimate one.
Now, let's see how
reCAPTCHA would handle this
if we were a bad actor.
I'll go ahead and run the
bot which is an automated
script at the background.
Now, let's give a few seconds
for the automated scripts
to run.
What happens here is
that reCAPTCHA Enterprise
detects that this is
a fraudulent request,
and therefore forces a
two-factor authentication
to the user to complete
the user verification.
Now, if we go back to the Admin
portal and refresh the page,
we are able to see
that this was detected
as an automation script
activity on the web page.
Let's walk through this workflow
a little bit in detail here.
Every time a user
tries to log in,
reCAPTCHA Enterprise collects
the user behavior patterns
from the web page and formulates
a risk score using machine
learning models on
the reCAPTCHA server.
The risk score can vary
anywhere between 0 to 1,
0 being a bad actor and
1 being a good user.
In this example, the
workflow we have defined
is that if the risk
score is below 0.4,
we will perform a
two-factor authentication.
And if the user is successful
with the two-factor
authentication, the
user is then going
to be allowed to complete
their journey on the website.
Thank you for tuning in.
Please visit
cloud.google.com/security
for more content from
Google Cloud experts.
[MUSIC PLAYING]
