March 07, 2023

Article at GiveWP

View original

Spam Donations: What to Do About Them

Left: a coffee filter. Center: a person in a karate uniform with their hand up in a "stop" formation. Right: a hand-drawn arrow pointing up.

You may have heard of charity scams, but do you understand spam donations?

Donor spam is any donation that is fraudulent or malicious where the spammer or spambot creates many donations at the site that are either declined or for very small amounts for the purposes of testing stolen credit cards.

It’s a type of online fraud and it’s important to protect your systems against spam donations to protect your donors and nonprofit organization.

Understanding Spam Donations

Spam donations are a type of online fraud where scammers send fake donations to organizations in an attempt to steal money or personal information. These messages often look like genuine donations but are identifiable because of odd or small donation amounts from people or places that you don’t recognize or seem unusual.

This is a form of “card testing” the scammers use to try to figure out if they can access funds from stolen credit card information.

Payment processor Stripe explains it like this:

“Card testing is a type of fraudulent activity where someone tries to determine whether stolen card information is valid so that they can use it to make purchases.

A fraudster may do this by purchasing stolen credit card information and then attempting to validate or make purchases with those cards to determine which cards are still valid.

Fraudulent activity such as card testing is an unavoidable part of online commerce. Card testing, however, has consequences for the entire payments ecosystem, so merchants, card networks, and Stripe share responsibility to prevent it.

At Stripe, we’re constantly improving our tools and systems to detect and reduce fraud, but you must remain vigilant with respect to fraud.”

The reason many fraudsters target nonprofits or donations, rather than traditional e-commerce, is that there’s no cart to deal with as an additional hurdle. You often don’t have to include other personal information such as an address, which would be required for shipping.

It’s important to prevent spam donations on your platforms because they can be troublesome down the line and have a negative impact on your organization.

If you accept a fraudulent donation, you can be subject to the negative impacts that come from having payment disputes on your account, higher rates of declined cards, additional fees, and strain on the overall credit infrastructure that damages trust in the online payment ecosystem.

Negative Impact of Spam Donations

The most glaring negative impacts of spam donations is the loss of funds for legitimate causes and the potential loss of trust in your organization.

There are some other serious negative impacts as well:

  • Financial loss: Spam donations can trick individuals or organizations into sending money to scammers, resulting in financial loss.
  • Wasted time and resources: Sorting through spam donation requests can take time and resources away from legitimate donation processing and other important tasks.
  • Damage to reputation: If you accept spam donations, there are reputational losses that can occur if it becomes known that you were tricked by a scammer. This is especially true when it comes to your reputation with payment processing gateways.
  • Risk of fraud: Scammers may use spam donation requests to steal personal information or to gain access to sensitive data or systems.
  • Disruption of services: If your nonprofit organization’s systems are compromised due to a donation scam, it can result in service disruptions and other issues that can negatively impact operations.
  • Legal issues: Accepting fraudulent donations can lead to legal issues for individuals and organizations, including financial penalties and legal action.

Preventing Spam Donations

There are two ways to help protect your nonprofit against spam donations and help prevent them – organizational policies and training and the use of security tools or services.

Preventing spam donations starts with clear guidelines for your team and organization. Start with a donation policy that outlines your organization’s guidelines for accepting donations, including what types of donations you will accept and under what conditions.

One easy policy is to require a certain minimum donation on forms to help prevent tiny pings from scammers. Bots tend to test forms with $1 or up to $5 amounts. If your form only accepts donations of $10 or higher you can prevent these low-hanging easy bots.

Train staff on how to identify and respond to spam donation requests. Teach them to be cautious when receiving unsolicited donation requests and to report any suspicious activity. Stay up to date on the latest fraud prevention techniques and tools, and modify processes and procedures as necessary to stay ahead of scammers.

Require donors to verify their identity and payment information before accepting a donation. This can include requiring a valid email address or phone number, as well as verifying credit card information.

Monitor donation activity regularly to identify any suspicious patterns or activity, such as multiple donations from the same IP address or unusual payment amounts.

Use reputable payment processors and tools to help make your systems as secure as possible online. Many payment processors have built-in fraud detection and prevention tools that help screen for suspicious transactions.

You can also integrate additional tools for even greater protection:

  • Install or activate the free Akismet plugin. GiveWP users can navigate to “Donations > Settings > Advanced” and ensure that the Akismet protection is enabled.
  • The Zero Spam Plugin also works with GiveWP, and it’s always a great idea to handle spam with a solution that’s different from the Donations Plugin itself. This also gives you another support team (who are experts in spam, specifically) to go to for help!
  • Implement reCAPTCHA or other verification tools on your website’s donation form to prevent bots or automated systems from submitting fraudulent donation requests.
  • Consider a service such as Cloudflare or Sucuri that help both speed up your website and provide protection against bot attacks and donor spam at the server level.

Spam Donations Stop Here

It’s important for nonprofits to be vigilant and stay up to date on the latest fraud prevention techniques to keep your organization and donors safe.

With the right training and tools, you have a better chance of stopping spam donations at their inception so that you don’t suffer the lasting impacts of this type of online fraud.

About the Author

Carrie Cousins

Carrie Cousins has more than 15 years of experience in media, design, and content marketing. She’s a writer and designer, has an MBA from Virginia Tech, and is passionate about creating amazing experiences for businesses online. Her work has been featured in publications such as Design Shack, Webdesigner Depot, The Next Web, and Fast Company. She's an avid runner, which comes in handy with a trio of Australian shepherds at home.