MembershipWorks implements our own anti-spam and anti-fraud system by detecting suspicious activity that repeatedly targets the same form. But as web fraud and spam activity increase in volume and sophistication, you can implement an additional layer of security by enabling Google reCAPTCHA. Learn other ways to prevent fraud.

Adding Google reCAPTCHA to your website and entering your reCAPTCHA keys into MembershipWorks can help prevent fraudulent credit card transactions from occurring on your site. Typically these fraudulent transactions are a result of card testing. Card testing is used by criminals to test a batch of stolen credit cards to see if the credit cards are still usable. These criminals like to target legitimate websites that accept small amount transactions (under $100).  

MembershipWorks integrates with the latest generation v3 reCAPTCHA, which is invisible to users – your members do not have to actively identify any text or objects when submitting the form. Google detects robot activity through advanced risk analysis techniques  based on how the user is interacting with your website. 

Google reCAPTCHA is also an industry accepted anti-spam / anti-fraud system that may be required by your payment gateway (Stripe, PayPal, Authorize.net, etc) if you have been a victim of previous fraudulent activity on your website.

Google reCAPTCHA is available free for up to 10,000 assessments, and $8/month for up to 100,000 assessments.

Sign up for a Google Cloud account and navigate to the reCAPTCHA page: https://console.cloud.google.com/security/recaptcha.

Create a new project on the reCAPTCHA page with an appropriate project name, then click Enable for the reCAPTCHA API. Then click "Set up reCAPTCHA protection".

Provide a suitable name for the new reCAPTCHA key, select "Web" as the application type, and click "Add a domain". Enter the domain name of your website and click Done. Note that if you use MembershipWorks forms on sub-domains or on other websites (eg. allow partners to embed your event registration forms), you will need to specify all the additional domain names as well, otherwise the forms will stop working on those websites.

Next enable "Allow this key to work with Accelerated Mobile Pages (AMP)" and click Create key at the bottom of the screen. 

Once the key is created click on "Integrate with a third-party service or plugin". If you do not see this section, click "Use legacy key".

Copy down the "legacy secret key" shown on the popup. In addition copy down the ID/key shown at the top of the screen next to the reCAPTCHA key name.

In MembershipWorks, log in as the primary admin and go to Organization Settings > Security. Enter the keys from Google in the applicable fields. Note that the reCAPTCHA key ID is the "site key". 

You will also need to specify the minimum score required for MembershipWorks to allow the transaction through. A score of 0.0 means the transaction is likely generated by a bot, while a score of 1.0 means the transaction is likely a human interaction. The default minimum score is 0.5. Note that Google will take some time to learn user patterns on your website and it will usually score transactions as 0.5 initially, so do not require a score of higher than 0.5 in the beginning or users will not be able to signup or register for your events. 

After adding the keys and specifying your minimum score, click Save & Continue at the bottom of the page.

Test your website forms to be sure they work properly.