I have added Google recaptcha but a second captcha field is displayed after form is submitted.

Hi support,

I send out an order form to our members every month, and this month, several members told me that their form was not submitting because of the reCaptcha that we include at the bottom of the form. It would time out without submitting the form and sending them a confirmation.

I went in to try to address the issue quickly by selecting the Google reCaptcha option, in which Google will only present someone with a reCaptcha question if they suspect something nefarious.

That fix seems to have resolved the issue enough that folks were able to submit their forms. However, when I tried to investigate later by submitting a form myself, the reCaptcha still seemed pretty wonky. For example, sometimes it would ask me to submit a reCaptcha answer on two consecutive pages before submitting. Any thoughts about how to make this process more reliable?

I am sorry for the trouble caused to you. I did check your form and it seems you have added Google reCAPTCHA field. It should ask for captcha verification only once if Google suspects any suspicious activity.

Do you mean to say that sometime a second captcha field is displayed to the user after the form is submitted? I would suggest you to please share a screenshot of the second captcha field / page which is displayed to you and we will take a look. The following guide should help you how to upload image in forum post: https://www.jotform.com/help/438-how-to-post-screenshots-to-our-support-forum

We will wait for your response.

I have moved your second question to a new thread so that we can address it separately. You will be answered in the following thread: https://www.jotform.com/answers/2723485

Hi Ashwin,

Thanks for your responses to my questions last week. I am now experiencing another with reCAPTCHA that I was wondering if you could help me with.

Our payment processor, Braintree Payments, has alerted me that there has been some malicious attempts to steal info from our forms. I have been using a reCAPTCHA for a while now and so I'm not sure why this is happening. They suggested possibly adding a honeypot??

Here I have copy and pasted the info from the email they sent me. They would like for me to report back to them the measures that I have taken to secure my form. Thank you for helping me figure out this issue.

Hi Chas,

Thanks for your response. For specific details regarding Braintree’s Fraud tools, I recommend reaching out to our Technical Support team. They can be reached by emailing support@braintreepayments.com or by calling them directly at 877.434.2894. We also have articles that detail our fraud tools at articles.braintreepayments.com. 

Braintree options:

• Braintree’s basic fraud tools: https://articles.braintreepayments.com/guides/fraud-tools/overview
• Integrating Braintree's Advanced Fraud Tools: https://articles.braintreepayments.com/guides/fraud-tools/advanced/overview

While Braintree's fraud tools are helpful to reject transactions, it won't stop a fraudster from using a bot to test credit cards on your website. Here are a few additional tools for you to consider, outside of Braintree’s scope, which may benefit your business. You should consult with your legal and compliance advisors before deciding which, if any, of these measures you decide to use. Implementing these tools will require the assistance of your developer, or the developer of the shopping cart/plugin you’re using. 

• Block IP addresses, recurring names, and BIN numbers of known fraudulent entities to prevent them from accessing your site 

• Use your customer data within the bounds of your privacy policy to detect patterns and recognize suspicious behavior.

• Build “honeypot” fields into your checkout form. These are fields that are invisible to actual customers moving through your checkout, but that will trick malicious scripts into providing a value; you’ll be able to identify scripts from legitimate customers by the presence of a value in those hidden fields. 

• Detect for botnets setting up illegitimate accounts with different IP addresses. Project Honeypot offers an HTTP Blacklist API that provides structured information about IP addresses that may be used by botnets. 

• Implement ReCaptcha to help catch scripts running on your checkout page. You can read more about reCAPTCHA here: https://www.google.com/recaptcha/intro/v3.html

• Build internal tools to expedite reviews of potential unauthorized behavior and assist with manual transaction monitoring; these are most effective when they monitor for the common indicators of fraud, such as mismatched billing and shipping addresses, uncommonly high-value tickets, and multiple payment methods being used in quick succession under the same customer name. 

As mentioned, these strategies require development work initially, but can be built directly into your site and effectively automated to reduce unauthorized behavior. It is also worth noting that Braintree cannot provide support for these items, as they are outside of the scope of Braintree’s services. It is still advised that you consider discussing them with your developers as well as your legal and compliance teams. 

I hope this has been helpful. Please let me know if you have any additional questions. 

Regards, 

Hi Chas,

There are several different checks that can be added to forms depending on your needs. Here is how to limit submissions to prevent spam:

https://www.jotform.com/help/64-How-to-Set-Unique-Submissions-on-a-Form

It is also possible to add a few different types of Captcha fields:

https://www.jotform.com/help/205-How-to-add-a-CAPTCHA-field

Submissions are stored directly in your JotForm account:

https://www.jotform.com/help/269-How-to-view-Submissions

You can also capture the user agent string along with your form submissions:

https://widgets.jotform.com/widget/get_user_agent