This is STAGING. For front-end user testing and QA.
The Chronicle of Philanthropy logo

Solutions

How to Detect Online Donation Fraud

Avatar for Rebecca Koenig

By
Contributor

October 13, 2015 | Read Time: 2 minutes

A streamlined online donation page makes it easy for people to give to your nonprofit — but also easy for credit card thieves to abuse it.

While retailers require online shoppers to provide lots of personal information, nonprofits usually ask for minimal information to eliminate barriers to donating. However, the ease of these transactions makes nonprofit websites ideal tools for testing stolen credit card numbers.

The practice can cost nonprofits a lot of money. Organizations are responsible for returning fraudulent donations and must pay credit-card companies “charge-back” fees of as much as $25 for each unauthorized transaction.

It’s a very common problem, and thieves are hard to stop because their operations are so sophisticated, says Jason Tan, chief executive of fraud-detection firm Sift Science. Nonprofits are not entirely at their mercy, however.


“You can never eliminate all of it, but there are a number of things organizations can do to deter it and prevent it,” says Steven MacLaughlin, director of analytics at Blackbaud.

When The Chronicle talked to nonprofit tech leaders and fraud-detection experts for a recent article about this phenomenon, they offered the following tips for detecting and preventing fraud.

Watch out for these signs of fraud:

  • an unusual burst of donation activity during a short period.

  • a series of small donations, usually less than $5 each, that are not whole numbers; some fraudsters program “bots” to automatically enter stolen card numbers using randomly generated small donations.

  • donations made on a device whose IP address is different from the cardholder’s billing address or whose IP address is linked to multiple transactions from different cardholders.

Take these steps to safeguard your website:

  • Actively monitor all online donations for suspicious activity.

  • Set a minimum online donation amount.

  • Accept donations only in set increments, rather than letting people fill in any number.

  • Require donors to create an account that requires them to log in to donate.

  • Ask for credit-card expiration dates and security codes.

  • Turn on address-verification services.

  • Require donors to provide an email address to which a donation-verification message may be sent.

  • Change the URL for the transaction page each time someone makes a donation.

  • Talk to your payment-processing vendors about their fraud-prevention tools.

  • Consider hiring a fraud-detection firm, such as Sift Science, which uses the same machine-learning principles as email spam filters, or ThreatMetrix, which uses identification fingerprinting technology.

  • Reject donations suspected to be fraudulent to avoid paying charge-back fees later.

About the Author

Avatar for Rebecca Koenig

Contributor

More Solutions

Tax Changes Drove a DAF Boom. Here’s How to Unlock More Giving.
Solutions

Tax Changes Drove a DAF Boom. Here's How to Unlock More Giving.

Avatar for M.J. Prest

By
Senior Editor, Solutions

Have a Plan Ready for When Big Gifts Surprise You
Solutions

Have a Plan Ready for When Big Gifts Surprise You

Avatar for Walter Dillingham Jr.

By
Contributor

Build a Supportive, Active Board: 3 Proven Tactics
Solutions

Build a Supportive, Active Board: 3 Proven Tactics

Avatar for Emily Haynes

By
Senior Editor, Nonprofit Intelligence

Editor’s Picks

Solutions

Have a Plan Ready for When Big Gifts Surprise You

The Commons | Opinion

As War Rages in Iran, Nonprofits Must Fight Islamophobia in the U.S.

Solutions

Build a Supportive, Active Board: 3 Proven Tactics

Opinion

Congress and the Media Should Turn Up the Heat on Nonprofits