We run Cloudflare, but as an additional layer of security, as there have been several scripted card attacks found in the Worldpay logs, it’s been decided to add a captcha.
V3 is the obvious choice for checkout as it’s unobtrusive
I have also added a v2 invisible to the account login
I’m aware recaptcha is notoriously hard to debug, we use Cypress to run automated tests, however – they return as a “safe” user scoring 0.1 every time
The threshold is set at 0.5
How can I identify as a nefarious bot – every time, so that I can test correctly whether the captcha is stopping bots and is an effective additional layer of security.