Many nonprofits count on their online donation forms for a significant portion of revenue, but these forms can negatively impact their bottom line when credit card testing fraud results in expensive chargebacks. This type of fraud happens when criminals use an online payment form to test stolen credit card numbers with small charges to determine if the credit card numbers are still usable.
Credit card fraud is on the rise
Card testing fraud, also known as card cracking, is a growing problem because of increasing identity theft. According to the Federal Trade Commission (FTC) identity theft accounted for 20.33% of the 3.2 million fraud cases that were reported to them; identity theft was the most-common type of fraud. When someone’s identity is stolen, credit cards can be taken out in their name and their existing cards can be abused. To avoid fraud detection, thieves will test out these card details on web forms that allow for low dollar transaction amounts.
How does credit card testing fraud harm nonprofits?
The impact can be greater than initially meets the eye.
- Chargeback fees: When a card’s true owner reviews their monthly statement and calls their credit card company to dispute the transaction, your organization will not only lose the donation but you will also have to pay a chargeback fee. One report revealed that 30% of chargebacks are the result of transactions made with a stolen credit card. With chargeback processing fees running $15 per transaction and up (on Stripe, for example), it makes sense to take strong measures to prevent them from cutting into your donation income.
- Declined transactions: This happens when cyber criminals test cards that have already been cancelled. If there are too many declines, your payment processor may flag you as a high risk merchant which can come with higher fees and other penalties.
- Higher chargeback rates: If you get too many chargebacks, you may start paying more for each one due to your higher chargeback rate. These rates are charged when your chargeback to transaction ratio is higher than most other merchants.
- Reputation damage: Those whose cards are charged fraudulently will inevitably have a negative association with your nonprofit even though you didn’t cause the harm. Your customer service staff may bear the brunt of receiving these complaints if true card owners don’t file customer disputes with their issuing bank first.
- Wasted staff time: Your staff should spend their time in more productive ways than dealing with these cases. Having to log in and review what happened and fighting chargeback fees can take valuable time away from work that truly supports your mission.
Ways to prevent card testing fraud financial losses
- Add Google reCAPTCHA to your forms. Adding reCAPTCHA is a good way to increase donation form security. It will prevent fraudulent automated or bot activity, although it will not prevent a real person from trying out a credit card number.
- Set a minimum amount per donation. If you have a donation form that offers flexible amount donations, these forms are prime targets for card testing. MembershipWorks recommends setting the minimum donation amount to $50 or more to deter card testing; $100 or more is preferable. The higher the amount, the less likely the donation form will be abused. Fraudsters do not want to charge larger amounts because that risks triggering the anti-fraud prevention from the card issuer. However, it’s understandable that many organizations would like to keep the minimum donation amount low to encourage smaller donors.
- Keep an eye on transactions for unusual charge activity. Multiple small donations within a short time frame are the most likely tip off that your donation form is being abused. If these transactions come from the same IP address, that’s a tipoff as well. If you determine that a transaction is fraudulent, refund it immediately to avoid chargebacks. If you keep a low minimum amount on your flexible donations, it’s important to consistently monitor your website form transactions for any unusual activity.
- Pay for chargeback protection. After implementing the above measures, if you are still experiencing a high volume of fraudulent transactions, investing in insurance may be cheaper than paying for chargebacks. Some payment gateways such as Stripe offer chargeback protection which will protect the organization against any disputed charges. Chargeback protection with Stripe costs 0.4% per transaction. There are also chargeback management companies who specialize in helping organizations find the right mix of tools and settings to prevent fraud and strengthen form security.
Unfortunately there is no software that can guarantee protection against fraudulent transactions. Even companies like Amazon and Google experience fraud. Hopefully by following these tips, you can mitigate the impact of credit card fraud.