Skip to content
English
Submit a Support Request
  • There are no suggestions because the search field is empty.

Preventing Credit Card Testing on Donation Forms

Identify fraudulent activity and protect your organization from card testing attempts.

Protecting your donation forms from fraudulent activity helps safeguard your organization's reputation and prevents unnecessary processing fees. This guide explains how to identify credit card testing attempts and the steps you can take to prevent them.

What is Credit Card Testing?

Credit card testing, also known as carding, is a type of fraud where criminals attempt transactions using stolen credit card numbers on online forms. Fraudsters often use automated scripts or bots to test multiple stolen cards quickly to determine which ones are valid before using them for larger purchases elsewhere.

How to Identify Credit Card Testing

Credit card testing attempts often show distinct patterns:

  • High Transaction Velocity: Multiple transaction attempts in a short time period.
  • Repeated Declines: A large number of failed authorization attempts.
  • Duplicate Information: Transactions using the same donation amount, cardholder name, email address, or IP region.
  • Small Amounts: Testing transactions are typically small to avoid detection.
  • Geographic Inconsistencies: Billing addresses that don't match the IP location.

Prevention Methods

Configure Security Settings in CardPointe

Adding card verification requirements and setting minimum donation amounts makes it significantly harder for fraudsters to use stolen card information successfully.

Card Verification Value (CVV or CVV2) is the three or four digit security code printed on credit cards. Requiring CVV ensures the person making the donation possesses the physical card.

Address Verification Service (AVS) matches the cardholder's billing address with the address on file at their credit card company.

Minimum donation amount prevents fraudsters from testing card validity with small, inconspicuous charges. Consider setting a minimum that aligns with your typical donation patterns while still being accessible to legitimate donors.

To configure these settings::

  1. From the CardPointe dashboard, navigate to Administration > Security.
  2. In the CVV / AVS Validation section
    1. Enable the checkboxes for CVV and AVS validation.
    2. Set your preferred minimum donation Threshold amount.
  3. Click Save.

Enabling these protections may increase declined transactions if donors enter incorrect address information or can't access their CVV. Most declines can be resolved by donors contacting their card issuer. If your organization experiences a large number of declines from multiple donors, contact iDonate support.

Refer to the CardConnect Security Settings documentation for more information.

Enable Email Notifications

Stay informed about unusual transaction activity by enabling email notifications in your CardPointe Portal. The CardConnect Risk Mitigation team will alert you when credit card authorization velocity exceeds normal ranges, and your merchant account will be temporarily disabled to prevent further fraudulent attempts.

Refer to the CardConnect User Settings documentation for more information.

If Fraud Occurs

Refund Fraudulent Transactions

Refund any fraudulent transactions that were processed to avoid chargeback fees from your payment processor.

Before issuing refunds:

  1. Check the Chargebacks tab in CardPointe to confirm the cardholder hasn't already been refunded through the chargeback process.
  2. Process refunds only for transactions that haven't been charged back.
  3. Document all fraudulent transactions for your records.

Refer to Managing Donations in CardPointe for details on processing refunds.

iDonate's Built-in Fraud Protection

Your iDonate platform includes automated fraud protection that works behind the scenes:

  1. reCAPTCHA blocks automated bots while allowing legitimate donors to complete transactions smoothly. See the reCAPTCHA Overview to learn more.

  2. Risk tolerance scoring automatically evaluates and rejects high risk transactions based on factors including account velocity, geographic inconsistencies, proxy usage, free email domains, and known fraudulent patterns.

  3. Real time fraud detection analyzes session behavior and device signals to identify and block card testing attempts before they can exploit your payment forms.