When adding the captcha validation, dont use the WA Server Validation Entries (Security Code) variable, this is created only when the validation fails.
Use the Security Code binding under the Form binding group, and set it to compare to the captcha_Security_Code session variable.