Skip to the main content.
The essentials

What is a donation page?

Start converting more donors with our guide to donation pages.

Donation page A/B testing manual

Donation page A/B testing - no science degree needed.

Optimizing donation page load times

We're showing you how to keep your donation page loading fast - and driving higher conversions.

Digital Fundraising Resources

3 min read

Protecting Your Nonprofit: How to Prevent Donation Page Credit Card Testing Fraud

Protecting Your Nonprofit: How to Prevent Donation Page Credit Card Testing Fraud

Even in today’s age of advanced technology and security, credit card fraud continues to be a widespread issue – and one of the most prevalent methods of fraud overall.

The FTC reported that consumers lost more than $10 billion to fraud in 2023, a 14% increase over 2022.

With over 425,000 reported cases of credit card fraud in 2023 (a 5% increase year over year), it’s becoming more apparent that this issue, despite advancing security, is still a rampant issue.

Unfortunately, nonprofits are not immune to credit card fraud.

Donation pages are often easy targets for credit card testing fraud due to unsecured forms. As long as these pages aren’t updated to meet current security standards, nonprofits remain vulnerable.

While updating security measures won't eliminate fraud entirely, it significantly enhances donor information protection, which is a crucial step forward.

In this blog, we'll cover an overview of credit card testing fraud, how to identify it, its impact on your nonprofit, and how to ensure your donation pages and forms maintain proper transaction security.

What is Credit Card Testing Fraud?

Credit card testing fraud occurs when stolen card information is used to make small transactions online, often as donations on nonprofit websites, to see if the card information is active for additional usage.

Successful small transactions typically mean the card information is valid for additional usage.

Nonprofits are common targets for this type of fraud due to their accessible online donation pages and often less sophisticated security measures, opening the door for testing of solen card information quickly and discreetly.

Signs Your Nonprofit May Be Dealing with Credit Card Testing

Spotting credit card testing patterns can be challenging, especially if you don't regularly monitor your donation transactions.

Here are key indicators to watch for when assessing potential credit card testing fraud:

  • Spike in Small Transactions: An unusual increase in the number of small donations or transactions, typically under $10, which are commonly used to test card validity.
  • Multiple Transactions from the Same IP Address: A high volume of transactions originating from a single IP address or a limited range of IP addresses within a short period.
  • Repeated Declines: A significant number of transactions being declined, indicating that the fraudsters are testing cards and encountering many invalid ones.
  • High Rate of Chargebacks: An increase in chargebacks or disputes from cardholders who did not authorize the transactions.
  • Unusual Patterns in Donor Information: Patterns such as repetitive or nonsensical email addresses, names, or other donor details that suggest automated or fraudulent activity.
  • Geographical Inconsistencies: Transactions originating from countries or regions that do not align with the typical donor base or geographic focus of the nonprofit.
  • Unusual Time of Day: A surge in transactions occurring during unusual hours when legitimate donors are less likely to be active.
  • Inconsistent Donation Amounts: Uncharacteristic donation amounts that don’t match the usual patterns of contributions received by the nonprofit.

The impact of credit card testing fraud for your nonprofit

From reduced trust to negative financial impact, credit card testing fraud can impact your nonprofit in numerous ways.

Alan Saway outlined 5 key ways nonprofits are impacted by credit card testing fraud in his article “How Nonprofits Can Protect Themselves from Card-Testing Fraud”, which can be found below:

  • Reducing chargeback fees: Your organization pays for chargebacks, usually $20 to $50 per transaction. Prevent fraudulent transactions upfront.
  • Retaining donations: Charities must refund donations from stolen cards. Authenticate online credit card donations immediately.
  • Improving security reputation: Fraud linked to a charity can harm its reputation. Secure online donations and donor information thoroughly.
  • Saving administrative time: Nonprofits can use limited resources more efficiently by automating authentication processes.
  • Enhancing donor experience: Preventing false positives ensures a smooth online donation process for legitimate donors.

How your nonprofit can level up it’s donation page security

Your nonprofit may not be able to stop all instances of credit card fraud on your donation pages.

But, by implementing standard security measures, you can significantly reduce the risk of fraud.

Here are a few ways to keep your donation pages and forms secure:

  • Implement Secure Forms: Secure Socket Layer (SSL) encryption, Transport Layer Security (TSL) encryption, and encryption while data is both in transit and at rest are critical to ensuring donor Personally Identifiable Information (PII) is secure during each transaction.
  • Implement Velocity Checks: Add credit card and IP address velocity checks with your payment processor. This limits how many times a credit card or IP address can be used for transactions in a short time.
  • Implement CAPTCHA: Add CAPTCHA verification to prevent automated bots from making fraudulent donations.
  • Utilize Address Verification System (AVS): Require donors to enter their billing address to match with the card issuer's records.
    Example of an iDonate form with address verification.
  • Monitoring Suspicious Activity: Regularly monitor donation transactions for unusual patterns or high-risk indicators.
  • Implement Fraud Detection Tools: Use fraud detection software or services to flag and prevent fraudulent transactions.
  • Ensure your online donation platform vendor is secure: If your nonprofit uses a 3rd party vendor for it’s online donation pages and forms, make sure they hold the following certifications: SOC 2 Type 2 compliant, PCI level 1 compliant, GDPR compliant, and regularly engage in additional security focused activities like penetration testing.

Summary/Closing

Credit card fraud might not be completely avoidable, but you can lower the risk by making sure your nonprofit’s donation pages and forms are secure.

Learn to spot credit card testing fraud and use secure donation pages to protect your nonprofit.

If you need a safe donation page, iDonate has you covered.

Our platform offers top-notch security and lets you create donation pages that fit your brand.

Need more info? Check out our security overview here.

PCI Compliance for Nonprofits

PCI Compliance for Nonprofits

A note regarding recent updates to PCI Compliance Standards: As of April 1st, 2024, a new version of PCI Compliance standards, dubbed PCI DSS 4.0,...

Read More
One-Time Donations Are Costing You

One-Time Donations Are Costing You

For every $1 donated, it likely cost you anywhere from $0.50 to $1.50 to attract new donors. And there’s ZERO guarantee that $1 will be repeated in...

Read More
Digital Continuity: The Missing Piece to Year-End Fundraising Success

Digital Continuity: The Missing Piece to Year-End Fundraising Success

As we approach the giving season, nonprofits everywhere are ramping up their digital fundraising efforts. But here’s one of the giving season tips...

Read More