A few months ago I wrote a paper entitled Demystifying Credit Card Processing for Non-profits. The document has a lot of great information to help not-for-profit organizations understand the types of processing solutions available, merchant account and processing fees, etc., but I have to admit that I was wrong when I said, “I can’t imagine someone who has stolen a credit card going online to make a fraudulent donation to their favorite non-profit, but the credit card companies don’t see it that way.” I was commenting on the higher processing rates (based on greater fraud levels) that are charged for MOTO (the acronym is for mail order/telephone order but also applies to all not face-to-face) transactions .
Well recently I learned that a client of ours that uses our Weblink system for collecting online donations had a spike in their form activity with lots of rejected transactions. It turns out that online donation pages are sometimes targeted by credit card fraud criminals since the forms usually make it very easy to make a card payment — without the complexities of ordering something. That’s perfect for someone who needs to test a lot of stolen cards to see which ones are still valid and can be used.
Often an automated system is used to rapidly make sequential attempts, testing each card in a stolen file. Therefore one solution is to use challenge codes, where the person completing the form has to type in some hard to decipher letters that can’t easily be interpreted by a computer. The problem is that this also creates an impediment (although a small one) to anyone who legitimately wants to make a donation. Nonprofits certainly don’t want to make it harder for someone to give, so instead we implemented a system that monitors form activity and blocks suspicious activity. It has been active for several weeks and has successfully protected at least one other fraud attack.
Needless to say however, I’m revising that section of the whitepaper. Live and learn!