Cybersecurity Education Series for Nonprofits – Credit Card and Online Donations
For donors, giving a gift to their favorite nonprofit is an efficient way to show their support. For those who process donations, gifts made online are often faster to process than checks they receive in the mail or gifts made over the phone. The ease of online donations is counterbalanced by potential threats from bad actors, as criminals can use stolen credit cards to make fraudulent donations. This allows them to check the validity of the cards, and, if they’re valid, they can then make additional fraudulent purchases. In this post, we discuss how nonprofits can take steps to protect themselves from fraudulent donations made by bad actors.
Why Are Nonprofits Often Targeted by Hackers?
Nonprofits are specifically targeted by hackers because they are often smaller in staff, funding, and resources. All of this makes it challenging for nonprofits to invest in a proper IT department.
Recommendations to Reduce Fraudulent Donations
Despite being a potential target for hackers, nonprofits can be proactive in protecting themselves from threats. Securing information, accounts, transactions, and online interactions through the entire donation process is key to maintaining the integrity of the donation process. Below are recommended steps nonprofits can take to prevent fraudulent transactions.
Dedicate proper technology services for monitoring
Nonprofits can reduce the impact of a breach by utilizing proper technology services for monitoring transactions and interactions between donors and the donation system. For example, nonprofits can utilize the CAPTCHA system. The CAPTCHA system is a type of software that distinguishes human interaction and input from a machine. CAPTCHA can help validate that donors are actual humans submitting the donation form instead of a machine pretending to a human. Further, nonprofits can implement a feature that limits the number of times a device can submit transactions in a given time period. Implementing this feature can help prevent hackers from making multiple false donation attempts in quick manner.
Utilize verification procedures for payments
Another way for nonprofits to protect themselves from a breach is to utilize verification procedures for payments, such as asking for the card’s Card Verification Value (CVV) security code. The three- or four-digit security code can verify whether the cardholder has the card physically with them. In addition to the CVV security code, nonprofits can use an Address Verification System (AVS) for cardholders to verify the respective address on file for the card. Lastly, nonprofits could set a minimum donation amount—as little as $5–to deter hackers from donating small amounts to verify the card’s usage ability. If you still wish to accept donations lower than $5, you can use those verification procedures to help verify their legitimacy.
Employ and educate staff on proper cybersecurity processes
Another key step is for nonprofits to educate staff on proper cybersecurity processes. Hiring and staffing is an expensive process for most nonprofits, but it doesn’t have to be. Investing a little time and funds up front to bolster security can pay off in the long run. If short on funding, nonprofits can appoint a member of the organization to be responsible for alerts and take action in response to any suspicious activities on the donor website. The person responsible for tracking donations can check if any suspicious card transactions are legitimate by placing them on hold for review. Nonprofits can also help decrease the likelihood of a breach by educating and training staff on security practices and protocols. Employees are often the first line of defense of preventing malicious cyberattacks.
This content was written by CLA’s Cybersecurity Team – Darlene Waritay and Javier Young.
How CLA Can Help?
CLA’s cybersecurity team has a deep understanding of the current threat landscape and can assist with credit card and online donation concerns. You don’t have to go it alone. Learn more here, and reach out if you have any questions.
Keep Pace with Our Cybersecurity Education Series for Nonprofits
Comments are closed.