Skip to main content


Using a captcha helps to protect your website against card testing fraud.

A captcha is a challenge designed to make it difficult for an attacker to cheaply process many payments. Usually the user must identify objects, letters or numbers in an image or recording.

This information is technical, you may need to contact your IT provider.

When is a captcha required?

You must put a captcha on your website when:

  • you are using the PayWay REST API or classic API and,
  • your web page or app is generally available on the Internet and,
  • the page or app allows a customer to process a payment using new credit card details.

You do not need a captcha if:

  • your website links to payment or sign-up pages fully hosted by Westpac or,
  • your staff uses a secure system available only to them or,
  • your page has 3D Secure.

How to add a Captcha

We do not offer recommendations for captcha software providers. Free alternatives are available.

You must make sure that:

  • attackers can not bypass the captcha,
  • attackers can not solve the captcha once then process many payments on different credit cards,
  • attackers can not easily and automatically solve your captcha.

You should consider accessibility for all users when putting in place a captcha.

Contact us

For sales, help and technical support contact us.


The information contained in this publication is provided for learning purposes only and is subject to change. Revisions may be issued from time to time that encompass changes or additions to this module.

This is a guide only and it is not comprehensive. It does not impinge on or overrule any formal arrangement you may enter into with the Bank. The Bank and its officers shall not have any liability for any losses of any kind incurred in connection with any action, inaction or decision taken in reliance on the information herein or for any inaccuracies, errors or omissions. In this publication references to the "Bank" are to Westpac Banking Corporation ABN 33 007 457 141 and to any of its operating Divisions, including BankSA and St.George.