Despite attempts by banks to make online transactions safer, as much as 60-70 percent of card fraud still occurs online. And it seems that no sites are sacred. Unscrupulous hackers are increasingly stealing from well-meaning nonprofit organizations, and even running transactions on insecure nonprofit websites to test stolen cards, costing groups thousands of dollars in chargeback fees from fake donations.
Traditionally designed to protect consumers from fraud, chargebacks enable card holders to dispute any “mystery” expenses that appear on their bills directly with their banks or credit carriers. Since new legislation which came into force in October 2015, it’s now the merchant’s responsibility to repay chargeback funds if they cannot prove fraud occurred—a liability that has the potential to devastate small nonprofits trying to do good.
So to avoid these costly situations, let’s delve into three ways nonprofits can prevent fraud, so they can spend their funds where it really counts:
Check the billing address and CVV code
Many nonprofits have pretty basic websites, and that’s OK. When it comes to accepting payments, however, it is vital to have professional systems in place. Having poorly protected payment systems could really land nonprofits in hot water by ruining the trust of donors, and costing organizations extensive chargeback fees.
A key first step to preventing fraud is to check the CVV codes and billing addresses associated with the card used for every donation. Upon payment, ask donors to supply their CVV codes and be sure to use an address verification service (AVS), which compares the billing address a customer provides to the address the card has on record. If these don’t match up,the transaction should not be accepted.
And while this may seem complicated for non-tech savvy non profits, products such as Visa 3-D secure, masterpass by mastercard, and American Express’s expresspay can take care of it all. The platforms not only offer consumers a secure payment experience—that is, they don’t have to give their payment information to an unfamiliar website—but it also means nonprofits don’t have to worry about being responsible for holding all that card data.
All in all, having these security features on board makes it difficult for consumers to request illicit chargebacks successfully, as it’s tough to prove the transaction wasn’t valid. Having the right systems in place reduces the risk of having to pay the charge and return needed funds.
Be suspicious of multiple small donations
When fraudsters use charity sites as testing platforms, they usually do not spend large sums of money—they want to keep their heads low and avoid being noticed. It’s therefore important for nonprofits to be on the lookout for multiple small donations.
If these are out of the ordinary, nonprofits need to speak to their payment processors for advice on how to handle the situation—that is, if the processor doesn’t contact the nonprofit first. A good payment processor will likely send a fraud specialist to the rescue, which is a huge advantage to partnering with a trusted company.
To prevent these fraudulent “donations” from happening in the first place, nonprofits might want to consider blocking small contributions all together. For example, a nonprofit may decide to not accept donations of less than $2 on its website, an amount that doesn’t count for much after processing fees, anyway. A payment processer would happily speak to the charity’s webmaster and help get the ball rolling and put the change in place.
Require the donor to create an account on your site
Yes, scammers can be relentless. But they likely won’t jump through online hoops in order to commit their crimes.
To discourage fraudsters from testing their cards on your donation site, your shoud consider asking donors to make online accounts on the website before they make a donation. A genuine donor is unlikely to have a problem sharing a bit of information with a nonprofit they’d like to help. But a fraudster? Well, upon being faced with making an account, they’ll likely just move onto another insecure nonprofit website that doesn’t require one.
Not only do these account requirements help prevent fraud but they also give nonprofits a rich set of data about their donors. On the sign-up page for each account, nonprofits have the opportunity to ask donors for their gender, interests, concerns, cities, names, and email addresses to help develop donor personas—basically, profiles that represent the types of people the nonprofit wants to market to. This will help nonprofits convey content that really makes an impact—and, hopefully, get more donations coming in. It also means that they can use this data for targeted marketing campaigns, and also share the results of fundraising campaigns with the people who supported them.
Nonprofits generally have a tough time making ends meet as it is, without having to add fraud into the mix too. It is important to have the right online security precautions in place to keep cherished funds out of harm's way and allow nonprofits to spend the majority of their time doing what they do best: helping the community.