In order to minimise the likelihood that a checkout request is bot-driven, Limio supports Google's reCAPTCHA v3 through Zuora's Hosted Payment Method (HPM).
How does it work?
reCAPTCHA v3 is an invisible tool and doesn't add friction to a customer's checkout experience.
Instead, when a checkout request is sent, reCAPTCHA calculates a score for that request and rejects it if it's highly likely that the request is from a bot.
How to configure reCAPTCHA on your site
To enable reCAPTCHA you will first need a license.
On the Limio Commerce app navigate to General Settings > Site Security settings to enable reCAPTCHA.
You'll need to enter:
- your site key (this is set up in Google)
- your secret key (this is set up in Google)
- a deny threshold:
This is a value between 0 - 1 (1 being a good interaction and 0 a high likelihood that it's a bot). If you set it to 0.2 for example, and the score we receive is less than 0.2, the request will fail.
Configuring reCAPTCHA in the Site Security settings page
Where will reCAPTCHA be used?
The following components enable customers to fulfil a purchase or an order change and so support the use of reCAPTCHA:
- single-page-checkout
- checkout
- redeem-checkout
- switch-subscription
- customer-orders
- customer-orders
- redeem-checkout
- payments-table
- form
- offer-cards
If you configure reCAPTCHA to be used on your site, any pages which use these components will utilise reCAPTCHA.
How do I add reCAPTCHA to my Custom Components?
In order to setup reCAPTCHA on your own Custom Components developed through the Limio DevEx, you will need to update your package.json file to include "googleRecaptcha" within the "limioCapabilities" array:
{
"name": "@limio/component",
"version": "1.0.0",
"author": "",
"dependencies": {},
"limioProps": [],
"limioCapabilities": ["googleCaptcha"]
}
Once you have updated your Custom Component, the pages containing it will need to rebuilt and republished to now contain reCAPTCHA on the page.
Setting up further checks
There are additional options for reCAPTCHA that you can set up through Zuora, should you need to introduce further checks.
Please note: if you are adding or updating reCaptcha onto existing pages you will need to rebuild and republish the pages to see those effects.
Comments
0 comments
Please sign in to leave a comment.