Migrate from reCAPTCHA v2 Classic to reCAPTCHA Enterprise
Learn how to migrate from reCAPTCHA v2 Classic to reCAPTCHA Enterprise Interactive Test (Checkbox) version to enhance bot detection and ensure continued protection on your hosted payment pages.
The support for reCAPTCHA v2 Classic in Payment Pages 2.0 has been deprecated since 8 November 2022. reCAPTCHA Enterprise Interactive Test (Checkbox) version is recommended as the replacement solution for an improved bot detection experience and to avoid failures due to exceeding the reCAPTCHA quota. If you did not migrate to reCAPTCHA Enterprise before 8 November 2022, reCAPTCHA is disabled on your tenant. Though you can still enable reCAPTCHA Enterprise, your tenant is not protected by the reCAPTCHA service until you enable it.
Migrate to reCAPTCHA Enterprise Interactive Test (Checkbox) version by completing both of the following tasks:
- Update your client code for handling the CAPTCHA challenge user interaction to support the flow of reCAPTCHA Enterprise Interactive Test (Checkbox) version.
- Update your hosted payment page setting in Zuora.
Because the user interaction flows for these two versions of reCAPTCHA services are different, you must update your client code to support the flow for reCAPTCHA Enterprise Interactive Test (Checkbox) version. For reCAPTCHA Enterprise Interactive Test (Checkbox) version, if CAPTCHA challenges are required, end-users resolve the challenges first, and then click the submit button to submit the hosted payment page. You can use the onCaptchaStateChange event handler to implement your logic.
For example, you have integrated your hosted payment page through the Button Outside mode. To support the reCAPTCHA v2 Classic service, you implemented the logic in the onCaptchaStateChange event to remove an overlay when the challenge displays and add the overlay back after the challenge is resolved by the end-user. You now want to migrate to reCAPTCHA Enterprise Interactive Test (Checkbox) version. To support the interaction flow, you must update your code by removing the logic of handling the overlay before the end-user resolves the challenge.
In addition to the client code update, update your hosted payment page setting in Zuora by following these instructions:
- Click Edit to open the settings page of your Payment Page 2.0 in the editing mode.
- In the Security Information > Google reCAPTCHA section, click Google reCAPTCHA Enterprise - Interactive Test (Checkbox) .
- Enter a value for the Risk Score Threshold setting. You can find detailed information about the configuration settings through the UI tooltip.
- Save your Payment Page 2.0.
Alternatively, you can enable the HPM Smart Bot Attacking Prevention feature, which is an opt-in auto-adjusting security feature that dynamically enables and configures reCAPTCHA Enterprise when attacks are identified. See Dynamic enablement and configuration of Google reCAPTCHA for more information.
Google CAPTCHA challenge not displaying problem
After you have enabled the support for Google reCAPTCHA service on your tenant through the Payment Pages 2.0 settings and implemented the Google reCAPTCHA service on your page, sometimes the CAPTCHA symbol appears but the challenge does not show. The presence of the CAPTCHA symbol indicates that Google CAPTCHA is loaded. Whether to display the CAPTCHA challenge is decided by Google. If you want to test your CAPTCHA implementation, using an incognito browser window might increase the chances of displaying the challenge.
-
This feature is not compatible with 3D Secure to avoid redundant security measures. The HPM Smart Bot Attacking Prevention feature takes effect when 3D Secure is turned off.