On Common Types of Industry Fraud
Keep Your Organization Safe Online
Believe it or not, there are lots of scammers out there depraved enough to try to defraud your organization. Over the last few years, several types of financial fraud perpetrated against non-profit organizations, through their online systems or payment gateways, have become more and more common. Our service, and others like ours, have continually developed fraud protection features to counteract these efforts, but there are two types of fraudulent activity your organization should be on the lookout for, and be able to identify when you see it.
1.) Card thieves testing stolen cards
The most common type of industry fraud is not an attempt to steal directly from your organization, it’s card thieves testing stolen card numbers through non-profit payment pages like the ones our service provides. This often shows up as dozens or hundreds of small payments and payment attempts; in this case, it’s typically a bot built to automatically run payments based on a list of stolen card numbers. Most of these payments will be declined, as card thieves typically don’t have all the info that’s asked for by online payment forms (like address and zip code, CVV, etc.). The financial cost to the organization in the case of these fraudulent payments is typically not significant- most providers will reverse charges associated with fraudulent payments (credit card and transaction fees), or refund chargeback fees incurred when the cardholders file chargebacks after seeing unfamiliar payments on their statement.
Sometimes, these payments are spaced out, made by hand by the card thief, and difficult to identify as fraudulent unless you’re keeping a very close eye on your gateway. We, and most services like ours, offer protection from these thieves in the form of flexible IP-blockers that limit the number of attempts that can be made from a single IP address, and temporarily locks out the IP address from making further payments. This curbs the number of attempts made by bots and lets the scammer know that the page is tracking the activity.
The other way to combat this type of activity is to up the AVS settings on your account- AVS stands for Address Verification Settings, and control of these factors allows you to, in the case of an attack, require payment form fields that the card thief is unlikely to have correct information for. For instance, most card thieves don’t have the full, exact address on field at the cardholder’s bank, so setting your AVS to require the correct address exactly as listed (which normally wouldn’t be the case for a payment page, since this can affect real donors!) helps deter this activity. If you’re concerned about this type of fraud on your account, talk to your provider today about fraud protection options. Our banking partner, IATS Payments, is one of the largest purveyors of non-profit merchant accounts in the world, and they’ve told us that nearly every non-profit will experience this type of fraud in the lifespan of their organization, so be prepared!
2.) Refund Scam
The refund scam is a classic switcheroo- a fraudster makes a large payment online to your organization, then later contacts you with a story about using the wrong card for the payment and a request that the refund be made by check, or to a different card. They will often say they accidentally used the credit card of their spouse or family member, or a business card rather than their personal card, and try to get you to send them a payment in the amount of the contribution. Unlike the first type of fraudulent activity, this one is easy to combat with simple policy in your organization: never refund by check, or to a different card number than the one used to make the payment. If you use this common sense solution, you’ll avoid giving your hard earned donations to a thief.
There are other types of fraudulent activity that can affect non-profit organizations, but these are the two that we’ve had consistent experience with, and that your organization can expect to encounter at some point. Taking security precautions and being aware will help make sure your organization minimizes the impact of these scammers looking to target you. Stay safe!