Cloud for Good
Close this search box.

Guarding Against Online Fraud on #GivingTuesday: 3 Expert Strategies

Guest Post by Patricia O’Connor 

#GivingTuesday, one of the biggest fundraising days of the year, is coming up. For those of you who don’t know, #GivingTuesday was started a few years ago by the 92nd Street Y in New York to lend a giving spirit to the crazy consumer culture that surrounds Black Friday and Cyber Monday. This year’s #GivingTuesday will take place on November 29th!

Ever since, #GivingTuesday has been a way for donors to support their favorite charities and raise awareness about a cause they care about.

Unfortunately, online credit card fraud is at its highest right around #GivingTuesday.

In fact, the ten busiest days for online credit card fraud occur in November, with online fraud peaking on Black Friday (the weekend before #GivingTuesday).

And since nonprofits lose an average of $85,000 a year due to fraud, it’s crucial that your organization is particularly vigilant during #GivingTuesday and the days before and after.

We’ll be covering the top three ways your nonprofit can guard against online fraud during #GivingTuesday and beyond!

Specifically, we’ll be highlighting why it’s important to:

  1. Pick the Perfect Payment Processor
  2. Rethink Your Online Donation Form
  3. Establish or Revamp Your Refund Policy

Learn more about #GivingTuesday and how your organization can get involved on November 29th, 2016.

1. Pick the Perfect Payment Processor


Your nonprofit needs a payment processor to handle any and all online fundraising activities.

If you accept donations, process membership dues, sell merchandise, or sell event tickets online, you need a payment processor to gather these funds.

Just as a refresher, a payment processor handles all of the backend security and financial processes that are required to move funds from a donor’s bank account into your nonprofit’s bank account.

Now more than ever, your nonprofit needs a great payment processor.

Just a few years ago, Americans donated nearly $360 billion to charities (that’s billions with a B!). Many of these contributions were processed through online donation forms and payment processors.

That $360 billion is only set to rise, and with it, the number of online donations.

Additionally, #GivingTuesday is an inherently social and digital fundraising day. Many donors choose to make their contributions online and share the fact that they donated on social media with the hashtag “#GivingTuesday”. This social sharing causes a chain reaction and encourages other people to donate to your cause using your online donation page.

Considering both of these factors, it should be readily apparent that a great payment processor is necessary for your nonprofit.

What services can an awesome payment processor give your organization? Let’s take a look.

A. PCI Compliance

PCI (Payment Card Industry) compliance refers to a set of 12 rules that the payment card industry has set up to ensure that sensitive financial information is handled safely and securely.

Your payment processor should maintain the highest level of PCI-compliance.

If they don’t, your nonprofit could incur serious monetary penalties for every donation that you processed without being PCI-compliant. You could also lose the ability to process donations altogether.

B. Suite of Security Features

PCI-compliance isn’t the only way that your nonprofit can make sure that your donor data is safe.

In fact, if you truly want to safeguard yourself and your supporters from online fraud this #GivingTuesday season, you’ll also need to make sure that your payment processor offers other security features, such as:

  • Address Verification System (AVS) – Checks the billing address a donor gives on a donation form against the address on file with their credit card company.
  • Bank Identification Number (BIN) Checking – Looks up the bank account number a donor provides during a direct debit transaction to make sure it’s legitimate.
  • Card Verification Code Requirement Capability (CVV2) – The 3 or 4 digit on the back of a credit card that donors must type in a donation page to confirm that they are the owner of the card.
  • IP (Internet Protocol) Blocking – A form of security that prevents certain hostile or undesirable IP addresses from accessing your donation page.
  • Tokenization –  A fraud protection tool that replaces sensitive data with a string of alphanumeric characters, called a token. Payment processors issue this token and are responsible for keeping the data safe.

Each of these fraud prevention and protection tools can help your nonprofit detect and avoid fraud, not only during #GivingTuesday, but year-round!

The bottom line: Payment processors are your first line of defense when it comes to online fraud. Make sure that you have a payment processor that can protect you and your donors!

Bonus: Learn more about nonprofit tech strategies here.

2. Rethink Your Online Donation Form


Every piece of advice related to online donation forms will undoubtedly touch on this one best practice:

Keep your donation page short, sweet, and simple.

It’s a great tip! If your donation page is too long and complicated, requires too much information, or is difficult to navigate, most of your donors will abandon the donation process.

However, if you make your donation page too easy to use, it can potentially open your nonprofit to online fraud.

How? Well, whenever a fraudster obtains a stolen credit card or credit card numbers, they will often use a nonprofit donation page to “test” the card to see if they can use it to make large purchases.

Because many nonprofits make their donation pages easy to use (for their donors), it’s incredibly easy for a fraudster to go through the donation process without raising a red flag.

What adjustments can your nonprofit make to your online donation page that will 1) deter thieves and 2) keep the donation process simple for your donors?

Let’s look at two strategies:

A. Use an Address Verification System (AVS)

We mentioned AVS in the first section of this article, but we’ll elaborate on it here.

AVS is a security feature that many payment processors offer. It essentially checks the billing address that someone types into a donation form against the address that’s on file with their credit card company.

If the addresses don’t match up or look suspicious in any way, the payment processor will put the donation on hold until the matter can be resolved.

If a donor mistakenly types in the wrong billing address, they’ll simply have to re-do the donation process. Some of these supporters might just abandon the donation form, but most will likely take an extra minute or two to re-submit their information.

However, if a fraudster’s “donation” is denied because they used the wrong address, they will likely move on and try to use the card somewhere else.

While AVS doesn’t necessarily help the victim of the stolen credit card information, it helps to keep your nonprofit clear of any fraud or chargeback fees.

B. Establish a Minimum Donation Amount

Establishing a minimum donation amount does two things for your nonprofit.

  1. It dissuades fraudsters from using your donation page as a testing ground for stolen credit card information.
  2. It automatically boosts your average gift amount.

Many credit card thieves will use online donation pages as “testing grounds” to determine whether the credit card is still good to be used to make large purchases.

They do so by making a small donation in a random amount (i.e., $1.84).

If the donation goes through, the fraudster knows that the card is good to use for at least a little while longer.

However, with a minimum donation amount of $15 or $20, fraudsters typically move on and don’t waste the extra (stolen) money on your online donation page.

Additionally, establishing a minimum donation amount means that, over time, your average gift size will increase. If the smallest online donation you can accept is $15, your average will gradually go up.

The bottom line: Rethinking your online donation page doesn’t mean that you have to go out and buy a whole new suite of online giving software. It does mean that you need to guard your online donation form against fraudsters by using AVS and establishing a minimum donation amount.

Bonus: Check out this list of great online donation tools created by Double the Donation.

3. Establish or Revamp Your Refund Policy


The first type of fraud we covered is the most common type of online credit card fraud that your nonprofit could face this #GivingTuesday.

However, there’s another type of online fraud that your nonprofit needs to be aware of.

Let’s talk about how a credit card refund scam works and how you should take measures to guard your nonprofit against this type of fraud.

A credit card refund typically starts with a fraudster posing as a donor and making a large donation. For this example, let’s say the “donor” made a $2,500 contribution.

The next day, the thief will call your nonprofit and (sometimes, emotionally) explain that the donation was made in error. They might claim that they only meant to give $25 and accidentally forgot to add a decimal point when they filled out the donation form.

The thief will then ask for a refund, saying that your nonprofit can keep the $25 they meant to “donate.”

However, the difference between a credit card refund scam and a legitimate mistake is this: a fraudster will always ask that the donation be refunded to a different card, deposited into a bank account, or mailed via check.

Most nonprofits would refund the money. People make mistakes, right?

In some cases, yes. And sometimes it’s tricky to know if a donor legitimately made an error or if your nonprofit is about to get scammed out of hundreds or even thousands of dollars.

That’s why it’s so important to have a strong and definitive refund policy.

Part of this refund policy should include something about only refunding donations to the same card or account that the initial donation came from.

That way, your nonprofit will only incur a chargeback fee (i.e., the cost of processing the refund) instead of giving away someone else’s money and then having to refund the victim’s funds.

The bottom line: A refund policy will help keep your nonprofit safe from fraud as we go into #GivingTuesday –– and long afterwards!


Truthfully, these fraud prevention strategies work for any time of year. However, you should implement as many of them as you can before #GivingTuesday to ensure that your online fundraising efforts are maximized!

Patricia joined iATS Payments in March 2015 with a sales and tech background in industries as diverse as point-of-sale and renewable energy and as electrifying as parking payment technology. At iATS, Patricia’s sole focus is building relationships with industry-leading solution providers so our nonprofit clients can select the very best tools to fulfill their mission. Patricia lives in Vancouver (the best place on earth) and loves spending time outdoors, reading, and looking up obscure things on the Internet.