Credit card fraud is a growing problem for charitable organizations. Nonprofit entities that seek to simplify online charitable giving are particularly vulnerable.
Donations are crucial for nonprofits, so organizations often bypass online payment safeguards that can help prevent deceitful practices. This allows scammers to use nonprofits to quickly test many stolen credit card numbers at once. No shipping address is necessary to make donations, so verifying a donor as legitimate is more difficult. And consumers are less likely to report fraudulent activity involving small dollar amounts and charities.
There’s nothing unreasonable about a cardholder making a purchase in person at one location and making a small donation over the Internet on the same day. For this reason, card companies are unlikely to flag fraudulent online donations based on location.
Costs of Fraud
Credit card companies categorize fraudulent online donations as “card-not-present” transactions and place on the nonprofit the burden of recovering the fraudulent charges. This means that the nonprofit then has to return fraudulent donations to the card owners. In addition, the nonprofit is required to pay charge-back fees to the credit card companies for each fraudulent charge. If the charge-back rates exceed a certain threshold, the credit card company may place the nonprofit on probation and charge significant fines. On top of it all, the fraudulent activity can adversely affect the reputation of the nonprofit.
Organizations should be alert for small donations and those made in random amounts, both tactics used by scammers testing credit cards. Another sign to look for is a large flurry of donations in a brief period. Donations made from an IP address different from the cardholder’s billing address or linked to multiple transactions from different cardholders may be another indication of wrongdoing.
To help prevent credit card fraud, nonprofits can:
- Establish a minimum donation amount large enough to discourage scammers
- Enable the Address Verification System (AVS) on the card processing
- Ask for credit card expiration dates and three-digit security codes
Nonprofits should also conduct due diligence on payment processing vendors to find out what measures they use to prevent fraud and discuss with their vendors the best methods to minimize fraud.