How To Protect Your Nonprofit From Online Credit Card Fraud

Fraud Guy
Source: WikiCommons

Sophisticated credit card crime syndicates love nonprofits. Charities, churches and schools are a big target for online credit card fraud because they have some of the simplest checkout pages on the web.

Unlike other e-commerce applications, donation forms are designed to be simple and static. With no complex shopping cart functionality for crooks to work around,  it’s a lot easier for hackers to write automated scripts that can churn hundreds or thousands of stolen cards through their system each day.

Further, visitors can input any donation amount that they want on a nonprofit checkout form. This lets fraudsters easily test transaction limits on stolen cards.

Strategies for theft include phishing schemes, pharming, and automated programs that attempt to run a transaction.

These can be thwarted by IP address blocking, enabling Address Verification System (AVS), using reCAPTCHA, and following some best practices for online giving.

TIPS: Don’t use a blank gift amount on your donation forms. Most fraud starts with $1 gifts that the criminals employ to test the numbers. Set a minimum gift amount or use one in combination with a specific ask string.

Require the 3-digit Card Security Code (CSC) . While the CSC is frequently utilized, sometimes it is still neglected. Enable Address Verification System (AVS) on the card processing. And make sure that you are PCI compliant and using PA-DSS compliant software for processing credit cards.

Finally, as you can probably guess, there are more chapters to this story, not just for nonprofits, but for the payment processing sector as a whole. There will always be that group of people who are determined to make money by dishonest means.  They’ll never stop without a fight.

Nonprofits need to pay constant attention to credit card security and stay one step ahead of the bad guys.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s