When you hear about “fraud” what comes to mind? Is it banks or for-profit companies like Target, Home Depot, or Michaels which have all experienced highly publicized breaches as of late? What about nonprofits? Do any not-for profit organizations come to mind? It’s fair to say that unless the media has publicized the event, or you’ve experienced it personally, it probably doesn’t cross your mind.
As a nonprofit, it’s easy to think that fraud is about “the other guy” and it wouldn’t happen to you. While you may perceive your risk as lower for fraudulent activity keep in mind you can’t be completely exempt.
Refund Fraud: How it Works
As a nonprofit you are ripe for the picking when it comes to refund fraud, due in part to the large, even dollar transaction amounts you typically process.
Refund fraud is very simple and at first can appear perfectly benign. A donor will call asking for a refund of their transaction. (Keep in mind the story that may accompany this request will often be emotionally compelling.) When you locate the transaction to process the refund they will explain they were recently issued a new card, the card tied to the original transaction has been closed. However, they have received their new card. You take their new card number and process the refund.
When this scenario is Refund Fraud, you learn the original transaction was actually processed against a stolen card by the fraudster. When they called requesting a refund, the “new card number” they provided was actually a pre-paid credit card (available for purchase at any grocery store). Now the thief has your nonprofit’s money and is spending it however he/she chooses.
And it doesn’t end there… eventually the card holder of the original transaction will notice the unauthorized transaction from your organization and will dispute it as fraud. That means you are now out those funds as well. It’s a double-whammy.
Preventing Refund Fraud
Many payment solutions will only allow refunds to be issued back to the original form of payment. If you are unsure if your system has this restriction in place, check with their support department to confirm.
Keep in mind, there will be times were refunding to a different form of payment may be the appropriate business decision to make. In these exceptions, be sure you are familiar with the card holder and that they have a positive history with your organization. Implement an internal policy to address refunding to another form of payment to help mitigate the chance of being impacted by fraud of this type.
As always, if something “feels off” about the request being made or you are unsure if it is the right decision to make, let the card holder know you will look into the request and get back to them. Get a phone number where you can call them back and then discuss the request with a colleague, supervisor, and/or reach out to your merchant services provider to discuss.