Skip to main content
Skip table of contents

Fraud management

In the world of processing credit card payments, online fraudsters have been increasingly targeting nonprofit donation pages. Not only does fraud waste the time of our clients’ teams, and of our own team – fraud also results in chargeback costs, and it muddies the data in our clients’ accounts. It can even weaken email sender reputation.

Detailed below is a brief overview of best practices for combating fraud based on internal observations and researching fraud prevention tools that are being introduced.

At the time that a payment is processed, it’s the payment gateway (e.g. Worldpay, PayPal, Stripe, Moneris, etc.) — and not Engaging Networks — that possess the best information to determine whether a credit card number is valid. For example, the payment processor can know if the credit card number submitted was issued by a bank in the United States, United Kingdom, or a bank in another country. When this information is combined with the address information entered in the form, the payment processor can assess the level of risk.  Your payment gateway is the best line of defense to prevent and/or minimize the impact of fraud.

Email and SMS alerts in your account

In the platform, we have exposed an “IP Block rejection alert” directly to our clients. By using these alerts, internal teams can act quickly, possibly adding a CAPTCHA challenge to targeted donation pages. To learn more on how to add notifications, please review adding Notification Alerts, including email and SMS notifications.

Enable CAPTCHA

Please click here to see full steps of adding CAPTCHA to a page.

In additional to a traditional CAPTCHA, Engaging Networks provides clients with a “Country Restriction” ruleset, enabling you to specify which countries should automatically display a CAPTCHA challenge. It’s a conditional feature that only appears on your donation pages when needed.

The system will detect the supporter’s country by noting their IP address when they submit a page. You will decide which are the primary countries for which no CAPTCHA challenge will be displayed. Conversely, you can also decide which are the other problematic, higher risk countries for which a CAPTCHA challenge will be displayed, to deter fraud. Examples of countries that are higher risk (because they are often the location of IP addresses that are testing stolen credit card numbers) are Ukraine, Brazil, Romania, and China. Our new feature will make it easy for you to make the conditional CAPTCHA challenges appear on donation pages whenever someone from the designated “high risk” countries visits the page.

Other considerations and tips

  1. Spam Trap – Add a field to your forms that is not visible to human supporters, but can help prevent spambots from submitting the page.

  2. Donation amount validator – Fraudsters will often test credit cards using very small donation amounts like $1. Adding a donation amount validator with a minimum donation amount can help mitigate fraud.

  3. Third party email validators – Spammers will often use correctly formatted but fake email addresses to submit pages. A third party email validation service such as ZeroBounce can ensure that supporters use a legitimate email address when submitting pages.

  4. Close pages that are not in use – Close pages after your campaigns have ended and the forms are not longer being used.

  5. If all else fails, a Managed Challenge can be added to a page or pages. Please talk to your Support team.

  6. Complete the Security Academy courses which includes fraud mitigation topics.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close