Credit Card Fraud Trends Targeting Nonprofits

For many nonprofit organizations, the word fraud seems like a concern for the “other guys”, the for-profit entities. It is true that highly publicized fraud typically occurs in the for-profit realm where there is the exchange of goods or services; however, this does not make churches and ministries exempt from fraud. Let’s examine two of the fraudulent practices that often target nonprofit organizations.

Refund Fraud

Nonprofit entities are unique in many ways, one of these being that processing large, even dollar transactions is the norm. For this reason, may fraudsters choose to target these entities for committing refund fraud. This scam is pretty simple; a transaction is processed using a stolen card. The Fraudster then attempts to get the full or partial refund issued to a different form of payment, like a pre-paid card. Luckily, for merchants utilizing our gateway, this practice is not able to be performed. For those that are utilizing different systems that do allow for refunds to be issued to a different card, consider implementing internal policies that require refunds be issued only to the original card.

Sometimes a refund to a different card number may be the appropriate business action to take.  In these rare instances, be sure that you are personally aware of whom the account holder is and that you have a positive history with this donor.

Card Testing

Another unique factor within the nonprofit sect is the fact that money is accepted without the exchange of goods or services utilizing simple checkout platforms. This makes these entities ideal for card testing. Good news! There are elements that can be included in your online giving page to thwart these attempts.

Equal to or Greater than $15

Consider implementing a minimal gift amount. Many times card testers will utilize not-for-profit entities donation pages as a way to test the legitimacy of stolen cards. The transactions processed are typically for low dollar amounts, between $1 and $10.  By setting a minimum amount, many organizations can mitigate this type of fraudulent activity and send these card testers elsewhere. Keep in mind, this practice will not suit everyone, as many organizations want to leave the amount given to the discretion of the donor. In these cases, using other prevention techniques may better serve your company.

Are You Human?

Our QSuite has been equipped to help protect our merchants from the threats of card testing.  One of the features used to impede testing is called CAPCHA. This feature is designed to verify the person submitting the transaction is a human and not a computer running a script.  The QSuite also requires that transactions entered through the donation page be submitted with the 3-digit security code on the back of the card, an additional measure to verify the legitimacy of a card and cardholder.

Address is King

Address Verification is another effective tool in reducing fraud and is available upon request. This requires that either the full address or simply the zip code match the Issuing Banks records for that card number. In the event there is a mis-match, the transaction will automatically fail. Although this is beneficial in verifying the identity of the cardholder, it can pose potential issues, especially for individuals who do not reside in the United States. For this reason, additional consideration may need to be taken before implementing this feature into your standard practices.

In conclusion, credit card fraud is a reality of the world in which we live, but there are things you can do to aid your organization in not being used as an instrument in perpetuating the offense. Creating internal policies for handling specific types of requests such as refunds and utilizing the tools available to you through your donation systems can be pivotal in your fight against fraud. Although we have only covered two common fraud offenses here, remember, fraud comes in many different forms. If something seems off to you, or causes you to question the situation you find yourself in, pick up the phone and reach out to your Relationship Manager. Our mission is to help protect you and your donors so that you can focus on your true passion, the ministries and people you serve.