Your financial admins are ecstatic. When you walk into the office on Monday morning, you learn that your online giving program has earned you an unexpected boost in donations over the weekend. This is fantastic news!
That is until you notice that all of these donations were made under suspicious-looking names like “Jane Doe” or “John Smith” — and none of them are for more than a few dollars. In short, you’ve just realized that you are the latest victim, an unwilling participant, in credit card fraud.
But why would anyone come after you? Your mission is to make a positive impact, to help your members change the world. So why are you being targeted?
It’s not your fault. Your online donation site — all online donation sites in fact — are the favorite prey of web predators called “fraudsters.” Fraudsters are cyber criminals who focus their energy on credit card and identity theft. They gather a list of stolen card numbers, usually from other online villains, then test them out on low-risk, easy to use platforms where they can make small purchases to see whether or not the card will work for them. Unfortunately, this includes your site.
The Achilles’ heel of most online giving sites lies in their desire to make their platforms user friendly and hassle free. Most sites like this don’t require any form of account validation or the use of a username and password for visitors to make financial transactions. They don’t even need to validate your email address. On top of all this, the majority of donation sites don’t have a minimum transaction requirement, meaning fraudsters can test out stolen cards with incredibly small amounts (often a few dollars or less) that are less likely to be detected by the unsuspecting credit card owner.
So what does this mean for your organization? Now that you know that these charges are illegitimate, what are you supposed to do with them? Can you prevent this from happening in the future? The tricky part here is that making it harder for fraudsters to enter your online donation site also makes it more difficult for valid users and regular patrons to do so.
Recovering from a fraudster attack will, unfortunately, mean quite a bit of rework for you, your team members, but mostly your online giving provider. First, there’s the need to reconcile the chargebacks with your online giving providers and credit card companies once the cards have been declared stolen. Then, there’s correcting the financial statement errors that result from these fraudster transactions. Both are major time commitments. Your online giving provider, can and should take the lead on this, but they need to work with you to help you reconcile your financial statements as these charges are refunded.
Plus there’s the guilt factor; you set out to help change the world for the better and now you’ve found yourself unknowingly complicit with illegal activities. Admitting that your site has been momentarily compromised is tough, but directly acknowledging this and remaining transparent with your online giving community are the first steps in amending the situation.
What We’re Doing About It
Rest assured, we’re not giving up. At LPi, we are committed to combating cyber crime and protecting your online giving platforms in every way we can, without compromising the user experience for your donors.
First, we’ve implemented ReCAPTCHA technology to deter “bots” — or computer-generated hacking technologies — from entering thousands of credit card numbers into your online giving sites at once. This limits the risk of major cyber attacks, meaning less rework for you and more security for your human visitors. We’re also utilizing real-time billing address checks for every donation. This means that fraudsters can’t use a stolen card number unless they’ve also stolen the billing address associated with that card, which is much more unlikely.
While we live in a global world, for added security, we are now blocking access from certain part of the world, including Eastern Europe, Russia and Asia, where a large number of the known fraudster attempts are coming from.
Lastly, we’ve adopted additional fraud-monitoring programs into our site. We are now diligently monitoring successive, repetitive, small dollar transactions a day, and we’re stopping any suspect activity immediately. Think of a war movie with the air raid sirens going off. When the alarm sounds, these security features spring into action.
Though it’s an ongoing battle, the fight against fraudsters is never a lost cause. You’ve worked hard to create an online giving platform that is efficient and user-friendly and that allows you to advance your mission. LPi is committed to helping you change the world for the better. That means we’re prepared to fight alongside you to defend your site and protect your donors.