How Can Nonprofits Protect Themselves Against Card Testing?

With a majority of nonprofit donors preferring to give online with a credit or debit card, card testing has become a major problem for today’s charitable organizations. This online fraud tactic is used by criminals to test stolen credit card numbers and check their validity by making a small, nondescript donation. Every card that a cybercriminal can validate online equates to more money on the black market and can often be quickly used to fraudulently purchase other goods and services.

These types of small donations happen quickly and at scale. With bots, fraudsters can execute hundreds of small donations in minutes, using thousands of different credit cards in many different countries. Nonprofits are increasingly seen as easier targets than larger entities. Simple online donation pages (where no shipping address is required) offer a perfect place for fraud to occur―not to mention that small charitable donations are less noticeable by unsuspecting consumers. Additionally, lean operating budgets coupled with a lack of IT and security resources to support fraud-prevention efforts make nonprofits enticing―and easy―targets for cyber criminals. 

Cyber criminals frequently identify the most opportunistic, “cardable” websites and share their names and URLs on pages dedicated to showing other hackers how to commit online fraud. It’s an increasingly threatening online landscape that nonprofits face today.

So, how are nonprofits protecting themselves in today’s digital environment?

National Nonprofit Reduces Fraudulent Transactions Before They’re Processed 

One approach to this type of cybercrime is to dedicate a staff member’s time to monitoring donations for irregular patterns, but that strategy is time consuming and impractical because fraudsters operate 24/7.

On the other hand, many proactive charities have started to incorporate third-party fraud-prevention tools to augment the basic―and often intrusive―services offered through their payment providers or donation software platforms to stop card testing and reduce chargebacks.

One nationwide voluntary health organization with more than 100 years of service has been able to proactively authenticate online donors and verify the legitimacy of their transactions. 

The organization was getting hit with thousands of credit card testing events on its fundraising page, experiencing upward of 500,000 attempts in some months that came from all directions (i.e. individual criminals, bots, organized crime, etc.).In turn, the nonprofit was getting stuck with the associated fees―the transaction process fee on the front end, the chargeback fee on the back end (which averages $5 per transaction), and the refund of the fraudulent donation. 

To help identify suspicious online donation attempts before they were processed―and to preserve its stellar reputation in the nonprofit world―the organization made the decision to add Digital Resolve’s authentication technology as a module to the Blackbaud Luminate online fundraising platform it was currently using. 

The implementation of this technology has allowed the nonprofit to validate the thousands of online credit card donations that occur monthly and stop the vast majority of fraudulent transactions early in the process. The organization’s more proactive approach has also resulted in the following:

• Reduction of costs associated with unnecessary chargebacks; 
• Boosted reputation for security; 
• More seamless experience for web donors; and 
• Renewed confidence to legitimately fundraise online. 

Read the full case study to get more details on how easy this cost-effective technology was to integrate within the nonprofit’s current online fundraising platform to help authenticate and legitimize credit card transactions from the first click.