Card Testing, Chargebacks, and Nonprofit Donation Sites

What do you get when you take a good cause, create a simple donation form to fund it, and then promote it with a clever social media campaign? Hopefully, you attract a ton of enthusiastic folks who want to pull out their wallets and give generously to fund your cause. But there’s also a not-so-bright side effect of this popularity – you may also attract a cadre of opportunistic fraudsters, using your campaign to quickly test stolen credit cards then moving on to make a fast profit.

Card testing is rampant

Fraud is a lucrative and organized business, and thieves often purchase batches of stolen card details on the dark web (or, sometimes, even the “regular” web). But before they can make big bucks out of that stolen credit card information, thieves first have to make sure the details are still valid.

They do this by making a small purchases, often on a retail or donation site. These types of small purchases happen quickly and at-scale, and fraudsters are increasingly turning to bots to execute hundreds of small buys in minutes. In fact, Sift Science’s US of Fraud report reveals that online transactions worth $20 or less are more than twice as likely to be fraudulent than larger-ticket purchases.

4 reasons thieves target nonprofits

Unfortunately, donation sites are a prime target for credit card testers, whether human or bot. “There’s a giant target painted on the industry’s back that is very advantageous for credit-card thieves,” Kevin Conroy, chief product officer at GlobalGiving, told Philanthropy.org in September.

Here are a few of the reasons why:

1. Donation pages are often simple and streamlined. Of course, charities want to make it as easy as possible for people to donate anytime the mood strikes. Ask someone to create an account or enter a password, and the mood might pass. However, that same ease of simple donation opens up the floodgates to fraudsters – who want to test as many cards as possible, quickly. In general, fraudsters will go for the lowest-hanging fruit, and simple donation forms are very enticing.
2. No shipping address is required. Just like when someone’s buying any type of digital goods, like an online gift card, they typically don’t need to enter a shipping address to complete a purchase. As a result, they’re providing nonprofits with one less piece of data to use when verifying someone’s identity.
3. Consumers may be less likely to notice or flag donation fraud. If you saw a small purchase charged to a well-known charity on your credit card statement, would you even consider that it might be fraud? Or would you assume that you (or someone else in your family) might have made the transaction at some point and forgotten about it? Also – even if you did suspect fraud, would you bother to issue a chargeback for a $2 charge? The longer a credit card number is kept active for whatever reason, the more damage a fraudster can do.
4. Not all charity sites are using state-of-the-art fraud detection software. A powerful fraud prevention tool can help nonprofits fight fraud and prevent chargebacks. For example, machine learning-based solutions can effectively block fraudulent donations before they happen. A smart system can also supplement any manual efforts that nonprofits use to review potential fraud, making it faster and easier to get all the information needed to make an informed decision. But smaller nonprofits may not invest in a third-party tool until the financial pain becomes too much to bear.

How fraud hurts charities

The pain of fraud manifests itself in many different ways.

Chargeback fees. What happens when these fraudulent transactions go through? The donation site foots the bill for any chargebacks incurred – usually between $10 and $25.

Lost donations. Of course, charities also have to refund fraudulent donations. Heartbreaking, isn’t it? In 2013, Ireland-based Jack and Jill Foundation revealed that it had refunded $170,000 in donations made using stolen credit cards.

Damaged reputation. When someone sees a fraudulent charge that’s linked to a charity, they may start to question the security of that charity’s website – and be less likely to make a donation in the future.

Lost time dealing with fraud. For nonprofits with limited resources, time is a precious commodity that could better be applied to increasing awareness or building out new campaigns.

How charities can prevent fraud and chargebacks

Amidst this uncertain landscape, what’s a nonprofit to do? One approach is to dedicate someone’s time to monitoring donations for irregular patterns – like a large number of small donations coming in fast and furiously for a short period of time. However, this tactic can be time-consuming, impractical (for example, are you really able to offer 24/7 coverage?), and limited to after-the-fact damage control.

There are also some preventative measure charities can take, like adding additional verification fields to their forms or setting a minimum amount for donations. But the tradeoff with steps like these is that they also place roadblocks in the way of regular folks, who are just trying to give a few bucks to a good cause.

Many charities find that in order to proactively stop card testers and chargebacks, they need to supplement any fraud prevention services provided by their payment provider or donation platform with a dedicated third-party tool. For example, nonprofits including American Heart Association and Zidisha rely on Sift Science’s machine learning fraud detection platform to prevent fraud before it strikes.

Want to learn more about ow to stop the bad guys from taking advantage of your site without turning away legitimate donors? Download our free 36-page ebook, Kickstart Your Fraud-fighting Strategy.