You should take steps to prevent the use of stolen credit cards on your donation pages. Follow our guide below to reduce your exposure to online credit card fraud.
Common types of online fraud
Card Testing - Donations made to your donation page by an automated bot that spams your donation page with donations every few seconds, looking for a credit card acceptance. Without the proper protections in place, a bot could submit thousands of donation attempts in a short period of time.
Refund fraud - when a donor makes a large online donation using a stolen card, then calls the nonprofit claiming that the donation was made in error (aka, “I accidentally donated $2,000 when I meant to give $200), then demands a refund paid to a different account or card.
Steps you can take to help protect your nonprofit from credit card fraud
Step 1 - Configure rules in your Authorize.net payment gateway to detect and prevent fraud and alert you to suspicious transactions.
Each of these 4 steps is reviewed in detail in the video below.
Make sure your Authorize.net account has the Advanced Fraud Detection Suite (AFDS) installed. If not contact Authorize.net support to have that installed.
Configure the AFDS to monitor for credit card fraud.
Set up email alerts to alert your organization of all suspicious transactions taking place. Appoint yourself or a specific member of your staff to take responsibility for these alerts and what action you should take if they occur.
Set up an online response for donors to see when their online donation is denied due to a fraud setting.
Step 2 - Deploy reCaptcha (when needed)
If your nonprofit has been targeted by heavy automated card testing that doesn’t stop after a handful of attempts (10 or so), deploy reCaptcha from Google as another safety measure. This forces users to prove their legitimacy and humanity, thereby stopping automated, robotic submissions. This an option you can enable in 4aGoodCause. Please note: CAPTCHA-like systems can sometimes confuse users, hurt your conversion rate and result in less money raised. We recommend enabling reCAPTCHA only when absolutely necessary.