At least, most of them don't. Either they're simpler and spam gets past them, or they're difficult enough that the average person struggles to read them.
I was setting up a gmail account recently and had to try 4 times to get one I could read. (Interestingly, Google's setup was poor enough that you couldn't even ask for a new image; you had to guess what was there. And then when you guessed wrong, it cleared the password you had set up for it. stupid.)
I don't understand why people use the twisty-word type of captcha. It really doesn't help anything.
And Facebook's check is timed, for some stupid reason ... you can request more words, but in the time it took for me to type and click OK, I had to repeat the process. Also stupid.
Security does not work when it is harder on the user than on the criminal.