Credit Card Fraud Prevention Tips for Nonprofits
My wife and I just had twins. Aka, I’m more tired than usual, and I officially need to feed my children in the middle of the night. Being a data nerd, I downloaded an app where we log all the feedings (and “other activities”, if you must know) so we can track their progress. A few nights ago, I reached for my phone to log a nightly feeding, when I noticed a few text messages that looked odd.
My bank was notifying me of some suspicious activity on my account. Someone had used my debit card to take some unauthorized rides in Uber and Lyft. I immediately called to cancel the card and put a stop to the transactions. Oddly enough, there was one transaction that preceded the joy rides, a $0.24 donation to a charity I’ve never supported before.
So let my loss become your gain. We’re going to unpack why credit card fraud targets nonprofits and what you can do about it.
Why do nonprofits get targeted?
Credit card fraud is a big problem, with global losses due to fraud totaling over $21 billion in 2015 and increasing every year. We hear about a data breach of major retailers every few months and there may be more that you don’t know about.
Yet before a stolen credit card can be used, it needs to be tested. Unfortunately, nonprofit donation pages are some of the easiest targets for this.There are a few reasons for this.
- Donation pages are streamlined – obtaining donations occurs when you optimize and make it easy to fill out your form, which is an industry best practice. That simplicity comes at a cost, however, since it means it is easier to target the form itself by a robot programmed to test many cards at once.
- No shipping needed – the more steps a fraudster needs to jump through, the less enticing a target is to test stolen credit cards. eCommerce sites are typically going to require shipping information, whereas a donation form might not have address information required.
- Consumers might not flag donations – while it’s my job to worry about things like credit card security for nonprofits, it isn’t yours. So seeing a charge for a few bucks to a charity might not raise any suspicions. We get asked for donations all the time, such as making an extra donation during checkout at Walgreens. So we might think it was something we just forgot about.
- Nonprofits might not have the best technology – there’s a dizzying amount of credit card vendors out there today. Unfortunately, not all of them are practicing the most up to date practices for security and fraud protection. If a nonprofit is investing in subpar donation page security to save money, it may cost them in the long run.
What are the costs when this happens?
In my situation, my bank was able to immediately stop payments for some of the fees processing while refunding me for the fraudulent charges. I get my money back eventually, but what about the charity that originally was the target for my stolen card? What are the costs to nonprofits?
Chargeback fees – large multinational corporations build into their budgets refunds and chargeback fees, but nonprofits aren’t going to consider this as part of doing business online. Some vendors will assess chargeback fees from $10 to $25 per transaction and may not care that you’re a nonprofit.
Lost donations – seeing a large volume of donations come in may initially excite you. Our campaign finally went viral! But if these end up being the result of a targeted attack, then the revenue you may be expecting suddenly disappearing can be a real disappointment. One nonprofit experienced a loss of over $170,000 because of this.
Staff time – when I needed to get the money returned to my personal account, I had to make three different phone calls due to the rolling nature of processing dates. Imagine the time it would take your organization dealing with hundreds of charges and trying to explain what happened. Your time is valuable and dealing with fraud isn’t a good use of it.
Damaged credibility – that poor nonprofit that kicked off my problems? While I personally understand it isn’t their fault, the average person might not be so forgiving and word of mouth that your organization isn’t secure with online donations can be extremely damaging in the long run.
What can my nonprofit do?
Even though the only sure fire way to not have online credit card fraud occur is not to offer online donations, that just isn’t realistic. The reality is that online donations are growing every year and are an important strategy for an organization’s growth. Being able to offer recurring options are vital to creating a sustaining donors program, for instance. So what options do you have?
Set a minimum donation amount – many fraudulent transactions occur with donations that are only a few cents to perhaps something under $5. Consider establishing a minimum donation amount of $10 to ensure that robots are deterred from using your form. Be warned that this may deter those who want to give a smaller amount.
Be legally compliant – knowing the ins and outs of charitable compliance procedures will ensure that you have a legal cover for any fraud issues that may occur with your organization. If a major issue occurs that requires a federal or state agency to examine your practices, the absolute last thing you want is to also deal with the legal problems of your legitimate appeals.
Invest in technology – when researching vendors for your online fundraising offerings, do your due diligence and ask them about their fraud protection measures for both making donations as well as stopping fraudulent transactions from occurring. When we built out our payment processing solution, we worked with the best technology on the market when it came to fraud protection as well as creating internal controls within NeonCRM itself. Ensure your provider has done the same.