Perhaps one of the most heated website design debates I've read recently was about the use of CAPTCHA on website forms. You know what CAPTCHA is, right? It's that annoying string of characters or words you have to retype before you can submit a website form.
CAPTCHAs are used to prove that a real person is submitting the form on your website rather than a computer program. Spammers use automated programs to send solicitations through your website forms. The reason behind this Nugget in the first place is a recent flurry of such form spam submission, coming from a loose diamond dealer based in India. This spam is directly targeting retail jewelry stores.
Online forms are also the easiest targets for hackers trying to gain access to your customer database. In this situation, automated programs are used to quickly submit strings of characters through those forms. Without knowing it, your website might be susceptible to this type of hacking attack if your web server doesn't have the latest security patches.
CAPTCHAs are used because they block the automated attacks.
CAPTCHAs come in many different types, and I hate most of them. The one I hate the most has a strings of mangled serif (Times New Roman) type characters. These letters twist and swirl in such a way that the letters blend together making it very difficult to decipher.
One type that has become very popular is the "re-CAPTCHA" system which uses two real words displayed slightly distorted. Every time someone uses re-CAPTCHA, they are helping in a massive effort to digitize old books, which is where the words are coming from.
Some CAPTCHAs use simple math problems, like "What is 5+2?"
My personal favorite CAPTCHA shows several images and asks you to click one or several of them. A drawback with this image recognition type of CAPTCHA is a potential language barrier if you have an international audience. The CAPTCHA might ask them to click on the photo of a cat, but they might click the zebra simply because they can't read English.
As I said, there's a growing debate over the use of CAPTCHA. Designers hate them because they are ugly. Customer acquisition analysts claim that they lower the number of people who contact you through the website. Your website server administrator probably loves them because they lower the CPU load on the server, and prevent clogging of email accounts.
On any given day, I might play the role of a website designer, a business analyst, and a server administrator, which means I understand all the arguments, but before I give you my own opinion on CAPTCHA I'd like to propose a few scenarios.
Scenario 1:Without CAPTCHA, you will fall prey to serious spam emails through your website. Do you want to waste your time sifting through those emails just to delete the majority of the ones that come in every day?
Scenario 2:E-commerce websites require CAPTCHA as part of PCI-DSS compliance. There's no telling what new hacking method will be figured out tomorrow and your bank will require protection on your online forms.
Scenario 3:How detailed is your online form? I've read a lot of studies that show the benefits of simple forms which only require the customer to entertain heir first name, email, and their comments. These 3 field forms are easy to submit, and you will get a lot of potential sales leads. I've frequently seen studies that indicate fewer people submit the form as you increase the number of fields on a form.
CAPTCHA is just another field on this form. Your website analyst will tell you that removing it will increase the number of people who submit the form. Their advice is accurate; removing it will truly increase the number of 'people' who will fill out the form.
You always want the most potential sales leads, right? Maybe not quite. What you really want are the best potential sales leads, of which there are always very few.
Of the last 20 people who filled out your online form, how many turned into real customers? Perhaps 1 if you were lucky. Of course you now have 19 more people to add to your email marketing list, but if they weren't the right customer this first time around, they probably never will be. How much time did you spend trying to convert those 19 people into customers? Was that a valuable use of your time?
Scenario 4:Do you save customer information on your website? Even without e-commerce, what would be the cost of the embarrassment of having to notify your customers that your site was hacked, and their information was stolen? How bad would it be if their passwords were stolen too?
CAPTCHA will make each of the above 4 scenarios better. It will prevent the massive spam email you would have to sift through in Scenario 1. It protects you as is required by your bank in Scenario 2. It helps to weed out some of the customers you wouldn't want from Scenario 3; if someone is annoyed by filling out a CAPTCHA then they will most likely have no patience to mailing lists, or perhaps much in-store interaction.
And finally, CAPTCHA is the best defense against hacking that could reveal customer information. In the wake of hacked stores, such as Target and Nordstrom in late 2013, you should use every security measure available to you to protect your customers, and your own embarrassment.
So what's my opinion on CAPTCHA? I know it's a necessary evil, but I don't like most of the methods out there. Ask your website programmer to install a CAPTCHA that's super easy to read so your users can get it right on the first attempt.
The next time a website expert tells you to remove your CAPTCHA, you should simply tell them that you have no interest in wasting your time sifting through spam email, that you like being able to filter out annoying customers, and that you want to protect your website from basic hacking attempts.
Keep the CAPTCHA on your site; just make sure you use one that's easy to read. All the CAPTCHA studies I've seen came to the wrong conclusions because they were analyzing difficult to read CAPTCHA methods.