Captcha Requirements
Captcha will reduce fraud
Adding captcha to your PSJSv2 hosting page is a requirement in order to prevent fraudulent transactions. We have seen a number of ways that bad actors attempt to run thousands of credit cards through client side PMT forms. Captcha is a powerful tool to help prevent this and reduce downtime to your site.
Creating an API Key
https://www.google.com/recaptcha/admin/create
Itâs best to create separate keys for each environment (Development, QA, Sandbox, Production) and to keep the keys extremely secure. Itâs highly recommended (but not required) to set up domain verification with the API key by specifying all the of the domains your code is hosted on in the API key settings page (see here)
https://developers.google.com/recaptcha/docs/domain_validation
Google reCAPTCHA v3 client-side documentation
https://developers.google.com/recaptcha/docs/v3
Itâs recommended to use the âprogrammatically invoke the challengeâ option, and to do that when the âSubmit Paymentâ button is clicked, to avoid tokens timing out while users enter address / payment method information. It is also highly recommended (though not required) to send an âactionâ value when generating the reCAPTCHA token, and verifying that value with the verification response. See here
https://developers.google.com/recaptcha/docs/v3#actions
Verification step back-end documentation
https://developers.google.com/recaptcha/docs/verify
Send the generated token (and âactionâ value, if used) along with payment information to your server, then verify the token with Googleâs API before processing payment. The response will contain a âscoreâ between 0.0 and 1.0 (where 1.0 is the most trustworthy, and 0.0 is the least). Itâs standard to use a threshold âgood scoreâ of 0.5, but you can adjust based on data collected on the reCAPTCHA Admin Dashboard. If the âscoreâ value is below your threshold, then immediately reject the payment attempt.
Updated 9 months ago