Protecting your integration from malicious activity from fraudsters can be achieved through a combination of secure API token management and the implementation of a service like Google reCAPTCHA. This will ensure that your payment integration with the Helcim API cannot be used for card testing by stopping card testers from running the automated scripts that are often used to undertake this process.

reCAPTCHA with the Helcim API

For more information about Google reCAPTCHA and how to implement this in your checkout process using the Helcim API, please visit the Google documentation here.

reCAPTCHA with HelcimPay

Google reCaptcha V3 is built into the HelcimPay modal by default, without any action needed on the developers side.
You may wish to enable additional security by enabling reCaptcha on other aspects of your website or checkout session, before even rendering the HelcimPay modal. This will assist with increasing the security of your integration and filtering out fraudulent transactions.

reCAPTCHA with Helcim.js

Helcim.js is a little different to HelcimPay, as the payment form and input fields are located on the merchant website. Because of this there is some additional code required to implement Google reCaptcha V3 once this has been enabled in your Helcim.js configuration.

The script tag to trigger reCaptcha is copied into the HTML in your website where Helcim.js is implemented. Once the reCaptcha check is triggered on the merchant website, this score is collected then passed to Helcim.js via a hidden HTML input field. Helcim.js will compare that score to the threshold set in the Helcim.js configuration. If it passes, it will process the transaction. If it fails, it will decline instead.

For more information on setting up your Helcim.js integration with reCAPTCHA, review our documentation here.