Menu
Feedback
Start here
Tutorials
Frequently Asked Questions
Known Issues
Troubleshooting
Support Rules
Announcements
Status
Developer portal
Using reCAPTCHA at Checkout

reCAPTCHA is a solution for user validation on orders that will be paid by credit or debit card. It anticipates the use of malware for fraudulent purposes, preventing access by fake users.

We recommend enabling it to protect the creation and payment of orders in your store.

reCAPTCHA will be required according to the option set for the store via the checkout configuration API. For more information, read our article on using reCAPTCHA for integrations.

Before enabling it, please pay attention to:

  • Interface adaptation: when enabling the feature, you must adapt your store’s order creation interface (desktop and mobile). Otherwise, order creation will be affected. Learn more about how to adapt the interface in reCAPTCHA's integration guide.
  • Consequences for the account: enabling the feature implies that it will be used in the entire account, including all stores and sub-accounts.
  • Performing tests: you must use the Beta environment with Checkout V6 to test the feature without impacting your store in production.

Application rule

The rule for applying reCAPTCHA on purchases made with credit or debit cards may have different configurations.

VTEX recommends the VTEX criteria option. An algorithm will be applied to decide the need for the reCAPTCHA challenge. It is maintained by VTEX and is more or less comprehensive according to the behavior patterns observed.

It is focused on user experience and aims to minimize the volume of use, while still providing the appropriate protection. Sessions that are deemed trusted are exempt from reCAPTCHA. It is only enabled for potentially malicious sessions.

reCAPTCHA versions

VTEX is integrated with reCAPTCHA enterprise, which offers two validation approaches: checkbox (equivalent to reCAPTCHA v2) and score-based (equivalent to reCAPTCHA v3). Check the table below to see which version applies to your operation.

Store detailsreCAPTCHA version
Native VTEX storefrontCheckbox (v2)
Own storefront - webCheckbox (v2) or Score-based (v3)
Own storefront - mobile appScore-based (v3)

reCAPTCHA v2

You can use reCAPTCHA checkbox (v2). So, when applicable, the user should click the (checkbox), and the validation challenge will only be displayed if Google suspects the user. See below for more details on the shopping experience.

Shopping experience with VTEX Criteria and reCAPTCHA v2

The shopping experience with debit or credit cards tends to follow the flow below. It minimizes the occurrence of some types of fraud and attacks with minimal friction for the user.

{"base64":" ","img":{"width":12943,"height":3785,"type":"jpg","mime":"image/jpeg","wUnits":"px","hUnits":"px","length":1349217,"url":"//images.ctfassets.net/alneenqid6w5/3gA55NZPuxpKOxCZxvbhgj/21964354890c244b42bc479983335b9d/reCAPTCHA_scenarios__1_.jpg"}}
As shown in the image above, there are different possible results in this flow:

  1. If the VTEX Criteria algorithm does not consider the session suspicious, the platform proceeds normally with the purchase.

  2. If the session is considered suspicious, the interface will display the reCAPTCHA Checkbox for the customer to select it. If reCAPTCHA does not consider the behavior suspicious when the Checkbox is selected, the purchase proceeds normally.

    {"base64":"","img":{"width":616,"height":164,"type":"gif","mime":"image/gif","wUnits":"px","hUnits":"px","length":59883,"url":"//images.ctfassets.net/alneenqid6w5/2lv7PfOmkakDcSkNbAITtK/10ed6d11b50a947a6186b549e27c4723/newCaptchaAnchor.gif"}}

  3. If reCAPTCHA considers the behavior suspicious, the interface will display the challenge.

    {"base64":"","img":{"width":305,"height":458,"type":"png","mime":"image/png","wUnits":"px","hUnits":"px","length":194702,"url":"//images.ctfassets.net/alneenqid6w5/3wg7F9nmxJwZ8jxUJKb8OT/3156077db9ee243bea20308c304d183c/desafio_recaptcha.png"}}

  4. If the challenge is successfully solved, the platform proceeds with the purchase. Otherwise, the behavior is considered compatible with that of a bot and the platform does not conclude the purchase.

reCAPTCHA v3

Score-based reCAPTCHA (v3) does not interrupt the user experience in your store. It checks the interactions on the site and returns a score between 1.0 (most likely a regular interaction) and 0.0 (most likely a bot).

When configuring score-based reCAPTCHA for your VTEX store, you have the option to set a minimum score for each added key and a minimum score for your store. Possible values are 0.1, 0.3, 0.7, and 0.9.

The priority for applying the minimum score for a given order is:


Key score > Account score > VTEX default score (0.7)

If you set a minimum score for your key and your account, the key score will be applied. However, if you do not set any score, VTEX will apply the default value of 0.7.

Interactions that return a value less than the applicable minimum will not be able to make a purchase.

To configure reCAPTCHA and set minimum scores for keys or accounts, please contact your development team and see the Integration with reCAPTCHA guide.

Contributors
1
Photo of the contributor
+ 1 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Contributors
1
Photo of the contributor
+ 1 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback