>"Why not actually bite the bullet and allow automations to interact with web resources instead of bothering humans to solve puzzles 10 times per day?"
This is a great idea if you've developed your 'full-stack', but if you're interfacing with others, it often doesn't work well. For example, if you use an external payment processor, and allow bots to constantly test stolen credit card data, you will eventually get booted from the service.
I think the comment means we have these “institutional” problems that we’re constantly protecting with tricks like captchas instead of actually addressing why a payment processor would have a problem with that or be unable to handle it in their own way.
The average normal user would go months to years between needing to update payment info, so why would that require them to solve puzzles 10 times a day?
That is also notably a completely unnecessary dumpster fire created by the credit card companies. Hey guys, how about an API that will request the credit card company to send a text/email to the cardholder asking them to confirm they want to make a payment to Your Company, and then let your company know in real time whether they said yes? Use that once when they first add the card and you're not going to be a very useful service for card testing.
What you need is for all card issuers to be required to implement it by the network. Otherwise you'll still have people showing up to test all the cards that don't support it and the payment processors would still kick you off for that.
This is a great idea if you've developed your 'full-stack', but if you're interfacing with others, it often doesn't work well. For example, if you use an external payment processor, and allow bots to constantly test stolen credit card data, you will eventually get booted from the service.