Oct 14, 2019
U.S.-based charities lose an average of $85,000 each per year due to cyber crime. Online fraud is one of the top 10 risks cited by nonprofits, according to the 2015 CohnReznick Not-for-Profit Survey.
Fraud exists very differently in the nonprofit world than in the business marketplace. Where online retailers might be concerned with the identity theft of their customers, the issues facing nonprofits lay in preventing being defrauded themselves.
As we get closer to Giving Tuesday and then the year-end giving cycle, fraudulent activity increases significantly. Indeed, as one of the largest payment providers to nonprofits, iATS blocked almost four times as much fraudulent activity in the last quarter of 2018 than the whole of the first half of that same year.
The most prevalent form of fraud in the nonprofit sector is referred to as “carding”. Criminals who have stolen credit cards use online donation pages for micro donations to check which of those credit cards are active. Donations forms, if not properly constructed, secured, and backed by a payment processor that truly understands the way nonprofits are targeted, become ground zero for criminals to test sometimes thousands of stolen credit cards.
It goes without saying that nonprofits want to make the giving experience as seamless and frictionless as possible for the donors. Many “required” fields are kept to a minimum, because nonprofits don’t want to prevent donors from becoming frustrated and abandoning halfway through the process. This behavior is perfectly understandable considering recent studies showed that abandonment rate on shopping carts was as high as 70% in 2018!
However, the flip side to this is that it opens up an opportunity for people to use those sites to test card data. The balance is a fine one.
Some forms of fraud are more brazen and creative. For example, one scam that we encountered had a fraudster make a donation for a large amount like $2,200 on a stolen credit card. They then call/email the charity and insist that the large donation was a mistake, and that they only meant to give a portion of the amount. They request a partial refund on a different credit card, then make off with the refund while the nonprofit gets hit with a large chargeback.
So, what can you as a nonprofit do to prepare for this? Firstly, being aware and prepared is half the battle which is relatively straightforward to remedy:
- Make sure that staff are trained on the various types of credit card fraud and how to spot them. Merchant Maverick does a great job of explaining the various types of credit card fraud here.
- Confirm your adherence to PCI compliance
- Ensure your online pages are properly secure and implement safety protocol like Captcha which is known to be one of the best ways to stop online fraud.
- Talk to your payment provider and ensure they have the tools to combat the specific threats facing nonprofits.
The multiple technology providers that serve the nonprofit space also have a part to play in the prevention of these kinds of fraudulent activities. iATS partners with many of these providers and works closely with them to create integrated payment solutions that combat fraud. We share best practices, maintain a close eye on our mutual clients volumes and communicate closely when red flags are raised. This kind of partnership between a technology and payment provider is critical, especially in the nonprofit sector, where fraud is a constant challenge.
It is obviously tremendously sad that we live in a time where there are individuals that are intent on causing harm to organizations that do the most good. However, there are ways to prevent this kind of behavior, reduce the risk and not impact your donation flow significantly.