What do I do with low Scores in reCAPTCHA v3?

Question

I have set up reCAPTCHA v3 on my ASP.NET MVC project. Everything is working fine and is passing back data properly.

So the code below depends on another dll I have, but basically, the response is returned in the form of an object that shows everything that the JSON request passes back, as documented by https://developers.google.com/recaptcha/docs/v3

It all works.

But now that I know the response was successful, and I have a score, what do I do? What happens if the score is .3 or below? Some people recommend having v2 also set up for secondary validation (i.e. the 'choose all the stop signs in this picture' or 'type the word you see'). Is that really the only 'good' option?

Obviously the code isn't perfect yet. I'll probably handle the solution in the AJAX call rather than the controller, but still. What should I do if the score is low?

I read this article reCaptcha v3 handle score callback and it helped a little bit, but I'm still struggling to understand. I don't necessarily need code (although it would never hurt) but just suggestions on what to do.

VIEW:

<script src="https://www.google.com/recaptcha/api.js?render=@Session["reCAPTCHA"]"></script>

grecaptcha.ready(function () {
    grecaptcha.execute('@Session["reCAPTCHA"]', { action: 'homepage' }).then(function (token) {

        $.ajax({
            type: "POST",
            url: "Home/Method",
            data: JSON.stringify({token: token }),
            contentType: "application/json; charset=utf-8",
            dataType: "json",
            success: function (response) {
                console.log('Passed the token successfully');
            },
            failure: function (response) {
                alert(response.d);
            }
        });
  });
  });

CONTROLLER:

[HttpPost]
     public void ReCaptchaValidator(string token)
    {
        ReCaptcha reCaptcha = new ReCaptcha();
        Models.ReCaptcha response = new Models.ReCaptcha();          
        response = reCaptcha.ValidateCaptcha(token);
        //response returns JSON object including sucess and score

        if (response.Success)
        {
             //WHAT DO I DO HERE????
        }
    }

Answer 1

Maybe it's not what you're looking for, but you can set a lower score while you find a better solution... I'm considering to switch back to v2

Answer 2

Ended up getting the answer from another forum. Basically, the answer is "anything you want". There is no right or wrong when handing a successful response.

So what could be done, is if the response is successful and CAPTCHA doesn't throw a flag, do nothing. But if CAPTCHA is unhappy, you could display an alert or a banner that says 'could not process', or you could even add in CAPTCA version 2, which would make them do the picture test or the 'I am not a robot' checkbox, etc.