Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

Card Testing, Chargebacks, and Nonprofit Donation Sites

By Sarah Beldo  / 

31 Mar 2016

What do you get when you take a good cause, create a simple donation form to fund it, and then promote it with a clever social media campaign? Hopefully, you attract a ton of enthusiastic folks who want to pull out their wallets and give generously to fund your cause. But there’s also a not-so-bright side effect of this popularity – you may also attract a cadre of opportunistic fraudsters, using your campaign to quickly test stolen credit cards then moving on to make a fast profit.

Photo credit: EKG Technician Salary
Photo credit: EKG Technician Salary

 

Card testing is rampant

Fraud is a lucrative and organized business, and thieves often purchase batches of stolen card details on the dark web (or, sometimes, even the “regular” web). But before they can make big bucks out of that stolen credit card information, thieves first have to make sure the details are still valid.

They do this by making a small purchases, often on a retail or donation site. These types of small purchases happen quickly and at-scale, and fraudsters are increasingly turning to bots to execute hundreds of small buys in minutes. In fact, Sift Science’s US of Fraud report reveals that online transactions worth $20 or less are more than twice as likely to be fraudulent than larger-ticket purchases.

4 reasons thieves target nonprofits

Unfortunately, donation sites are a prime target for credit card testers, whether human or bot. “There’s a giant target painted on the industry’s back that is very advantageous for credit-card thieves,” Kevin Conroy, chief product officer at GlobalGiving, told Philanthropy.org in September.

Here are a few of the reasons why:

  1. Donation pages are often simple and streamlined. Of course, charities want to make it as easy as possible for people to donate anytime the mood strikes. Ask someone to create an account or enter a password, and the mood might pass. However, that same ease of simple donation opens up the floodgates to fraudsters – who want to test as many cards as possible, quickly. In general, fraudsters will go for the lowest-hanging fruit, and simple donation forms are very enticing.
  2. No shipping address is required. Just like when someone’s buying any type of digital goods, like an online gift card, they typically don’t need to enter a shipping address to complete a purchase. As a result, they’re providing nonprofits with one less piece of data to use when verifying someone’s identity.
  3. Consumers may be less likely to notice or flag donation fraud. If you saw a small purchase charged to a well-known charity on your credit card statement, would you even consider that it might be fraud? Or would you assume that you (or someone else in your family) might have made the transaction at some point and forgotten about it? Also – even if you did suspect fraud, would you bother to issue a chargeback for a $2 charge? The longer a credit card number is kept active for whatever reason, the more damage a fraudster can do.
  4. Not all charity sites are using state-of-the-art fraud detection software. A powerful fraud prevention tool can help nonprofits fight fraud and prevent chargebacks. For example, machine learning-based solutions can effectively block fraudulent donations before they happen. A smart system can also supplement any manual efforts that nonprofits use to review potential fraud, making it faster and easier to get all the information needed to make an informed decision. But smaller nonprofits may not invest in a third-party tool until the financial pain becomes too much to bear.

How fraud hurts charities

The pain of fraud manifests itself in many different ways.

Chargeback fees. What happens when these fraudulent transactions go through? The donation site foots the bill for any chargebacks incurred – usually between $10 and $25.

Lost donations. Of course, charities also have to refund fraudulent donations. Heartbreaking, isn’t it? In 2013, Ireland-based Jack and Jill Foundation revealed that it had refunded $170,000 in donations made using stolen credit cards.

Damaged reputation. When someone sees a fraudulent charge that’s linked to a charity, they may start to question the security of that charity’s website – and be less likely to make a donation in the future.

Lost time dealing with fraud. For nonprofits with limited resources, time is a precious commodity that could better be applied to increasing awareness or building out new campaigns.

How charities can prevent fraud and chargebacks

Amidst this uncertain landscape, what’s a nonprofit to do? One approach is to dedicate someone’s time to monitoring donations for irregular patterns – like a large number of small donations coming in fast and furiously for a short period of time. However, this tactic can be time-consuming, impractical (for example, are you really able to offer 24/7 coverage?), and limited to after-the-fact damage control.

There are also some preventative measure charities can take, like adding additional verification fields to their forms or setting a minimum amount for donations. But the tradeoff with steps like these is that they also place roadblocks in the way of regular folks, who are just trying to give a few bucks to a good cause.

Many charities find that in order to proactively stop card testers and chargebacks, they need to supplement any fraud prevention services provided by their payment provider or donation platform with a dedicated third-party tool. For example, nonprofits including American Heart Association and Zidisha rely on Sift Science’s machine learning fraud detection platform to prevent fraud before it strikes.

Want to learn more about ow to stop the bad guys from taking advantage of your site without turning away legitimate donors? Download our free 36-page ebook, Kickstart Your Fraud-fighting Strategy.

Related

card testingfraudnonprofits

Sarah Beldo

Sarah Beldo was the Director of Content Marketing at Sift.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.