How Brisbane security startup FunCaptcha got in front of Electronic Arts and Facebook

As bots get better at CAPTCHAs than humans, one company’s focus on “very unique problem” has won plaudits around the world

Overseas success has long been the often-elusive goal of many Australian companies, but one Brisbane startup is seeing doors opening after its participation in an Austrade trade mission to Silicon Valley last month.

That company, FunCaptcha, had already scored some small wins since it began looking to the US market a year ago. Its novel approach to CAPTCHA services – used by high-volume Web sites to ensure that visitors are real humans and not bots written to circumvent access control procedures – has caught the attention of the likes of Electronic Arts and StubHub, which recently tapped FunCaptcha’s managed services platform to control access to online tickets for an in-demand boxing match.

Given that the event sold out in around 20 minutes, the pressure to perform to mission-critical standards was on. But the fact that the platform came through with flying colours is a matter of some satisfaction for Kevin Gosschalk, who founded the company several years ago and is helping push it from strength to strength.

“Everyone who has tried our product has seen fantastic completion rates of more than 97 percent,” he says, noting that conventional CAPTCHAs – ubiquitous challenges that use twisty text that only humans are supposedly able to read – typically have solve rates for real people of around 65 to 70 percent.

Increasingly sophisticated machine-learning tools are helping scammers bypass conventional CAPTCHAs at even higher rates of efficiency – a point that Gosschalk says has driven the company’s efforts to apply gamification to make CAPTCHAs easier for people to use while being harder for machine-learning tools to penetrate.

“CAPTCHA is supposed to be something that 100 percent of people of all capabilities can solve every time,” he explains.

“But companies have been putting things on their Web pages that are more disruptive to humans than they are to bots. We have specifically worked towards gaps in machine vision that no one is trying to solve – and we’re in a good position to scale the security in our product against even the most sophisticated attacker.”

That scalability comes courtesy of a platform built and delivered from Amazon Web Services – which Gosschalk calls “absolutely pivotal to our success, because Australian companies couldn’t have built that kind of infrastructure 10 years ago. But we now have customers in pretty much every country you can think of, and we can service them all really easily with a core developer team based in Brisbane, Australia.”

Having put some runs on the board, FunCaptcha was already starting to turn heads overseas when it joined a trade mission last month. That trip – sponsored by Austrade and led by Australian Cyber Security Growth Network (ACSGN) head Craig Davies – saw FunCaptcha and 25 other promising Australian security companies brought to the RSA conference last month in San Francisco, where they were given the opportunity to network with a range of top-tier companies.

Such connections are hard to come by for companies that find conventional selling difficult – especially when their audience consists of naturally-sceptical security staff with more pressing problems to keep up with. But with the support of the Austrade mission, Gosschalk says, “the network they give to us has enabled us to get in front of these bigger vendors.”

Despite Australia’s long history of information-security innovation – a point that Davies highlighted during an address at Cisco Live this month – the need to look overseas for scale remains an oft-cited obstacle for those Australian innovators.

Once the introductions were made, however, Gosschalk says getting noticed overseas has become a lot easier – and being Australian didn’t hurt either.

“Australian companies are known for integrity and honesty,” he explains. “A lot of companies find it refreshing what we’re doing, and we don’t talk with customers that we can’t help. The US sales approach is very different to what we’re doing, and as an outsider I think they really respect and like that fact.”

Read more: New study finds zero-day flaws live for 7 years, supporting stockpiling

With fewer than 10 people on its payroll, the company is still in growth mode – a CTO is on the cards, for example – but Gosschalk believes its laser focus on the “very unique problem of distinguishing human from bot traffic” has set the company up for surging success overseas and in Australia.

“We’re a pretty small Australian company solving an extremely important problem on the Internet,” he says. “Our technology absolutely works and we have very happy customers. We just need to get that traction.”

Tags FacebookcaptchaFunCaptcha

Show Comments