Nov 3, 2014
November and December are two of the most lucrative months for nonprofits, but organizations need to guard against donation fraud. In fact, data analytics firm Feedzai revealed November is the busiest month for fraudsters, with card present activity peaking on Black Friday, as reported by Mobile Payments Today. However, Feedzai's assessment of 2013 transactions found that the 10 busiest days for card not present fraud are in November.
Because nonprofits rely on this time of year to meet their fundraising goals, it's important to know the warning signs of fraud. This is especially true because many cybercriminals test a stolen card number on a charity website before making purchases at retailers.
How to detect online fraud
Teaming up with a quality nonprofit payment processing provider is crucial for avoiding the risks of online fraud. However, organizations still need to be aware of the warning signs. Nonprofits are often selected for test transactions because people whose credit card information has been compromised are less likely to contest charitable gifts, according to NPO Accounting News. In many cases, thieves will donate a few dollars to test the stolen number. If it works, they will move on to expensive purchases. However, another complex scheme that nonprofits face is overpayment donations. Someone will make a large gift with a stolen card and contact the organization to say it was in error. He or she will then request the amount be repaid, often to a different card or account.
A donor asking for a refund to a different account is a serious warning sign. Additionally, poorly worded emails should also raise red flags. Because nonprofits are required to return fraudulent gifts, it can be detrimental for meeting year-end goals and it can harm an organization's reputation.
How to minimize the risks of fraud
One option nonprofits can consider is requiring a minimum donation. This may not work for all organizations or in all circumstances, but this relatively small change can reduce fraud, npENGAGE stated. Nonprofits should require a three-digit Card Security Code to complete the transaction. Cybercriminals have various ways of acquiring card information. Because they can use computer programs to generate numbers that they then test, they may not have the CSC code.
Charities that collect international donations may want to create separate donation forms for North American contributors and other countries. This allows them to enable address verification to reduce instances of fraud. If you don't cater to an international audience, IP blocking may be a sound strategy because fraud often comes from other countries.
Donation processing partners are instrumental of reducing and preventing fraud. You need to instill a sense of trust in your organization to encourage people to continue donating. Many payment processors offer advanced security capabilities that can keep organizations and donors safe. Nonprofits should never give a refund to donors unless the funds are being sent to the original account.