Vulnerabilities of CAPTCHA used by IRCTC and an alternative approach of Split Motion Text (SMT) CAPTCHA

Online web services are commonly protected through CAPTCHAs and they are regarded as a class of Human-Interactive Proof (HIP). Numerous CAPTCHA schemes have been proposed in the past to prevent spam and brute-force attacks by automated scripts but many of such CAPTCHAs have been subjected to be broken by decoders. Our paper breaks one such CAPTCHA system used by one of the India´s most visited e-commerce website IRCTC.co.in using modern OCRs and list out its vulnerabilities as well. We also propose an alternative scheme called Split Motion Text CAPTCHA (SMT-CAPTCHA) which capitalizes on gestalt perception of vision to read broken animated text. SMT-CAPTCHA focuses on working against the segmentation part of the decoding by splitting and animating each character randomly, making it difficult for decoders to segment and extract text from the CAPTCHA. On experimentation, it was observed that modern OCRs and decoding methodologies fail to break our SMT-CAPTCHA system, whereas, the average computer success of decoding IRCTC´s CAPTCHA is significantly high.