How Nonprofits Can Protect Themselves From Card-Testing Fraud

Americans gave nearly $450 billion in 2019, according to Giving USA. With a majority of donors preferring to give online with a credit or debit card, card testing has become a major problem for today’s charitable organizations.

This online fraud tactic is used by criminals to test stolen credit card numbers and check their validity by making a small, nondescript donation. Every card that a cybercriminal can validate online equates to more money on the black market and can often be quickly used to fraudulently purchase other goods and services.

These types of small donations happen quickly and at scale. With bots, fraudsters can execute hundreds of small donations in minutes, using thousands of different credit cards in many different countries.

Cybercriminals View Nonprofits as Low-Hanging Fruit

Nonprofits are increasingly seen as easier targets than larger entities. Simple online donation pages (where no shipping address is required) offer a perfect place for fraud to occur ― not to mention that small charitable donations are less noticeable by unsuspecting consumers. Additionally, lean operating budgets, coupled with a lack of IT and security resources to support fraud-prevention efforts, make nonprofits enticing ― and easy ― targets for cybercriminals.

Cybercriminals frequently identify the most opportunistic, “cardable” websites and share their names and URLs on pages dedicated to showing other hackers how to commit online fraud. It’s an increasingly threatening online landscape that nonprofits face today.

Unfortunately, this kind of fraud negatively impacts charitable organizations with unnecessary chargeback fees, lost donations, administrative time and damaged reputations. So how can a nonprofit protect itself in today’s digital landscape?

National Nonprofit Reduces Fraudulent Transactions Before They’re Processed

One approach to this type of cybercrime is to dedicate a staff member’s time to monitoring donations for irregular patterns, but that strategy is time consuming and impractical because fraudsters operate 24/7.

On the other hand, many proactive charities have started to incorporate third-party fraud-prevention tools to augment the basic ― and often intrusive ― services offered through their payment providers or donation software platforms to stop card testing and reduce chargebacks.

One nationwide voluntary health organization with more than 100 years of service has been able to proactively authenticate online donors and verify the legitimacy of their transactions.

The organization was getting hit with thousands of credit card testing events on its fundraising page, experiencing upward of 500,000 attempts in some months that came from all directions (i.e. individual criminals, bots, organized crime, etc.). In turn, the nonprofit was getting stuck with the associated fees ― the transaction process fee on the front end, the chargeback fee on the back end (which averages $5 per transaction) and the refund of the fraudulent donation.

To help identify suspicious online donation attempts before they were processed ― and to preserve its reputation ― the organization made the decision to add authentication technology as a module to the Blackbaud Luminate online fundraising platform it was currently using.

The integration of this technology within the nonprofit’s current online fundraising platform has allowed it to validate the thousands of online credit card donations that occur monthly and stop the vast majority of fraudulent transactions early in the process ― essentially from the first click.

Being Proactive Pays Big Dividends When Fighting Fraudulent Online Donations

Like the organization mentioned above, other nonprofits can reap significant benefits when they commit to taking a more proactive approach to preventing fraudulent online credit card donations with more comprehensive authentication technology. Those benefits include:

• Reductions in chargeback fees. Your organization foots the bill for any donation chargebacks that occur ― usually between $20 and $50 per transaction. Stop fraudulent transactions from being processed in the first place.
• Retention of more donations. Charities will have to refund any donations made with stolen or fraudulent credit cards. Authenticate online credit card donations from the first click.
• Boosted reputation for security. When fraudulent charges are linked to a charity, potential donors may start to question the security of your website and their credit card data ― and may potentially look elsewhere to make a donation in the future. Proactively secure online donations and other donor information from start to finish.
• Decrease in lost administrative time. Most nonprofits operate with limited resources, so administrative time is a precious resource that could better be applied to building awareness and/or launching new campaigns. Automate the authentication process by putting customized rules and controls in place to prevent online fraud.
• More seamless online donor experience. The one thing nonprofits don’t want to do is alienate legitimate donors with false-positives. Eliminate frustration with the online experience and assure authenticated donations by legitimate people.

Multiple Levels of Protection Work to Form a United Front

Adding the right technologies to your online donation pages is central to protecting your organization from card-testing attacks. Unfortunately, there is no single technology that can prevent card-testing fraud for today’s digital nonprofit. Having a layered security strategy is an important response to today’s cyber-threat landscape. Nonprofits should utilize the latest fraud-prevention technologies to proactively secure online accounts, information, transactions and interactions from donor login to logout.

Combined with other tactics, such as educating and training staff, following security best practices and deploying modern protocols, these authentication technologies can form the foundation for strong online security that will help thwart cyber criminals and protect your organization from the monetary damage they can inflict through tactics such as card testing.