Enterprise Overview
The features below are only available to Enterprise users. If you'd like access, please contact sales.
Device Intelligence and Advanced Threat Signatures
Fingerprinting is dead.
Browsers now block tracking methods like detailed user agent versions and installed plugins, making them unreliable. Attackers can also fake these details, exploiting security loopholes.
Security teams need a better way to detect and isolate threats, one not so easily manipulated.
hCaptcha delivers exactly that. Instead of relying on fragile identifiers, we take a different and uniquely privacy-preserving approach.
hCaptcha Advanced Threat Signatures are based on a holistic approach, not just surface-level attributes. The system analyzes thousands of dimensions to group similar threats together, letting you distinguish good and bad actors without uniquely fingerprinting legitimate users.
The result is more accurate threat detection, fewer false positives, and no reliance on outdated and easily defeated fingerprinting methods.
Real-Time Risk Scoring
hCaptcha Enterprise risk scores go beyond detecting humanity, targeting both human and automated abuse.
Privacy-preserving machine learning models are uniquely customized to your particular site and flow, using thousands of data points to identify abuse in real time.
These scores reflect the likelihood of fraudulent or malicious behavior and let you immediately react to protect applications without compromising legitimate user experience.
Scores are easily interpreted and acted upon with standardized thresholds, and score reasons are provided for interpretability.
These scores are useful both for many teams. Application security teams can rely on real-time threat mitigation and attack prevention. Fraud and risk teams can receive customized scoring, with adaptive protection against evolving threats and new tools to identify suspicious activity, whether automated or human.
High-level flow of risk scoring and score consumption:
Risk Insights
Risk Insights gives you context about a session across many dimensions. It provides risk attributes like VPN or proxy usage and other details, helping teams make better risk decisions and spot emerging trends.
Whether you want to give your analysts new tools or supercharge your downstream risk engine, Risk Insights helps your security and fraud teams make more informed security decisions without compromising user privacy.
Rules Engine
A system that learns and self-manages is great, but sometimes you want direct control of risk behavior without needing to change code.
The Rules Engine gives you simple visual tools to shape behavior, adjust risk models, and more. Mark a partner network as safe, define restrictions on which countries can access certain features, and more within seconds.
Analysts can create rules by specifying conditions based on risk scores, behavior, and other signals. They also define the actions the system should take when these conditions are met, like blocking or challenging users, as well as more complex policy decisions.
Before deployment, teams can test rules against historical data to refine accuracy and reduce false positives. Versioning, approval flows, and audit logs simplify compliance and transparency.
By letting your human-defined logic shape AI detection, the Rules Engine helps you stay ahead of threats while keeping security flexible and effective.
Account Defense
Account Defense uses a novel, fully blinded approach to help security teams detect suspicious activity across sessions without storing or sharing personal data or user profiles with hCaptcha.
This allows teams to identify account takeovers, new account fraud, new devices, and more with no added friction for legitimate and low risk users.
The system works in real-time, offering immediate insight via APIs, letting organizations automate responses within their existing risk frameworks.
Account Defense makes compliance simple without compromising accuracy, giving you clear insight into user risk without needing to share email addresses, user IDs, phone numbers, or other PII with hCaptcha.
Private Learning: Custom ML Models
Private Learning lets you train custom machine-learning models that combine your own anonymized data with hCaptcha's platform to supercharge detection.
Instead of relying on generic models, you can instantly train Private Learning to assist with your business-specific security challenges, including entirely human fraud and abuse.
By combining hCaptcha's real-time platform with your pre-blinded data, Private Learning creates precise, adaptive models. It processes only anonymized data, ensuring compliance with privacy regulations. Models also improve continuously, reducing false positives and improving recall.
Private Learning integrates seamlessly with other hCaptcha Enterprise features, including Real-Time Risk Scoring and Account Defense, providing a unified and remarkably efficient approach to fraud and abuse prevention.
Transaction Fraud Protection
hCaptcha Fraud Protection is focused on detecting transaction fraud, whether human or automated.
While hCaptcha is certified to PCI-DSS 4.0 Level 1, all transaction fields can be pre-blinded prior to being sent to hCaptcha to avoid transmitting any PII.
The platform works proactively to catch fraud as early as possible, using structured transaction data to provide additional signals. This enables your fraud prevention team to reduce financial losses from account takeovers, chargebacks, friendly fraud, and other threats.
Tunable and fully customized machine learning models provide real-time insights, allowing your analysts to block threats while minimizing friction for legitimate users. Integration with features like the Rules Engine enable rapid customization of behavior, and let you quickly respond to emerging risks.
You can add your own business logic via custom rules and other features, letting you find fraud as it happens, not just after the fact.
Fraud dashboards and analyst review tools provide a complete picture of transaction risk, enabling data-driven decision-making and faster reaction times. The hCaptcha Security Operations Center (SOC) can also be deployed to increase your capacity for 24/7 coverage of emerging threats, with review specifically focused on fraud analysis.
Backend API Protection
hCaptcha is often integrated via web and mobile SDKs, but our Enterprise platform also offers completely agent-free API protection. This can simplify deployment in scenarios where you do not control the end-user environment, or where your API supports machine-to-machine requests.
If your organization has constraints that prevent the use of client-side integrations for all requests, hCaptcha Backend API Protection delivers low latency analysis and operates on data available to your backend, requiring no client-side integration.
This solution uses direct server-to-server calls, allowing you to send metadata from your backend for real-time analysis.
While there are always tradeoffs without a client-side integration, this method can effectively protect against common attacks like aggressive crawlers and credential-stuffing attempts.
Backend API Protection also integrates with our other platform modules like Fraud Protection to deploy advanced and fully customized models for specific abuse cases like transaction fraud.
Looking to stop more fraud and abuse with hCaptcha Enterprise?
- Contact sales for pricing and more details on our Enterprise offerings.
- Try a no-obligation pilot to see how hCaptcha Enterprise can address your specific use case.