Sophisticated credit card crime syndicates love nonprofits. Charities, churches and schools are a big target for online credit card fraud because they have some of the simplest checkout pages on the web.
Unlike other e-commerce applications, donation forms are designed to be simple and static. With no complex shopping cart functionality for crooks to work around, it’s a lot easier for hackers to write automated scripts that can churn hundreds or thousands of stolen cards through their system each day.
Further, visitors can input any donation amount that they want on a nonprofit checkout form. This lets fraudsters easily test transaction limits on stolen cards.
Strategies for theft include phishing schemes, pharming, and automated programs that attempt to run a transaction.
These can be thwarted by IP address blocking, enabling Address Verification System (AVS), using reCAPTCHA, and following some best practices for online giving.
TIPS: Don’t use a blank gift amount on your donation forms. Most fraud starts with $1 gifts that the criminals employ to test the numbers. Set a minimum gift amount or use one in combination with a specific ask string.
Require the 3-digit Card Security Code (CSC) . While the CSC is frequently utilized, sometimes it is still neglected. Enable Address Verification System (AVS) on the card processing. And make sure that you are PCI compliant and using PA-DSS compliant software for processing credit cards.
Finally, as you can probably guess, there are more chapters to this story, not just for nonprofits, but for the payment processing sector as a whole. There will always be that group of people who are determined to make money by dishonest means. They’ll never stop without a fight.
Nonprofits need to pay constant attention to credit card security and stay one step ahead of the bad guys.