By Thomas Barnes, Regional Marketing Manager, EMEA at Emailage
It’s a common misconception that non-profit organizations aren’t a target for fraudsters because they don’t sell a product or turn a profit. The fact is, similar to any merchant accepting payment, non-profits are being threatened by fraud and revenue loss at an increasingly alarming rate. The British voluntary sector loses approximately £1.65 billion per year due to donation fraud according to the Centre for Fraud Studies at the University of Portsmouth and BDO. Their recent studies also note that implementing a fraud management strategy could prevent around 40% of those losses and save £659 million in fraud.
Many charities find it hard to put aside money for improving their fraud management strategy. However, with the right fraud management tools in place, the return on investment can be significant. Non-profits are able to protect donations while also reducing the risk of chargebacks that leave charities on the hook for bank and processor fees. The right fraud strategy means money donated goes directly to the cause and donations increase as the public trusts their hard-earned dollars end up in the right hands.
While some larger charities may be able to absorb the losses from fraud, for smaller charities already struggling with cash-flow issues, a loss in the hundreds can still prove critical.
Why Fraud Prevention matters
According to the tackling donation fraud report produced by the Charity Commission for England and Wales, the message is clear: prevention is better than cure. The report had three key findings relating to the threat charities face in today’s online world:
- Size of the threat: According to the Office for National Statistics, there were 4.7 million fraud and cybercrime incidents in 2017. Among these were multiple incidents of donation fraud. It’s no longer a case of if charities will be targeted, but when.
- Overloaded criminal justice system: Police can’t deal with every reported case of fraud, making it important for charities to invest in fraud management and prevention. There’s no guarantee your donation fraud case will ever be investigated.
- Importance of public trust: Charities are seen as a soft target or low hanging fruit. Not only does donation fraud cause lost revenue, but there are payment processing consequences as well. Losing the ability to take, for example, Visa payments could damage a charity’s reputation.
Popular charity fraud attacks
Charities, like any business, face a host of fraud threats. However, non-profits tend to be more vulnerable because fraudsters know they typically don’t have the resources available to invest in fraud prevention tools. While the most well-known types of fraud are grant, banking, and procurement – chargeback fraud may be a real threat to charities. In the fraud world, this falls under the term Card Not Present (CNP), which refers to an individual’s physical card not being present during the transaction like an online sale or donation, where a fraudster could be using stolen credit cards.
Donation fraud testing grounds
According to a U.K. Giving report from CAF, individual donations to U.K. charities increased to £10.3 billion in 2017. Alongside donations, consumer expectations of frictionless user experience have also grown. Non-profit organizations are competing for donations, so they try to make the customer journey for donors as fast and easy as possible. The result is charities have started collecting less identifying data on their websites during account openings or donation transactions, allowing customers to donate without jumping through too many hoops. Too much friction or verification may cause donors to give up and abandon their donations, but this lack of identity verification leaves charities vulnerable to fraudsters.
Fraudsters will use online charity websites to validate credit card details that they have either purchased or stolen. Typically, cybercriminals test a batch of credit cards to see which ones are still active and have credit available by putting through small purchases or donations in groups so inactive or maxed out cards can be discarded. Global organized crime rings then sell this credit card data on the dark web for up to £70 per card.
In the end, the charity ends up losing the income from the donation when the card owner discovers the transaction. When the fraud is reported, the charity also gets hit with expensive and damaging chargebacks. Charities have a balancing act to perform – they want to increase their online donations, but they also need to protect themselves against the increasing threat of donation fraud and chargebacks.
Why are U.K. charities vulnerable to chargebacks?
Fraudsters could go anywhere online to test their stolen credit card data but they seem to prefer attacking non-profit organizations. Here are some factors making charitable organizations particularly vulnerable:
- Lack of fraud management strategy: Many charities both large and small don’t have the funds available to invest in expensive software solutions or fraud prevention partnerships. Fraudsters are aware of this and know that the doors are left wide open for them to exploit charities and operate largely undetected.
- Resources are limited: Again, mainly due to funding, charities usually don’t have the skills and expertise in-house that many for-profit organizations have. Charities don’t usually have a dedicated team fighting fraud and don’t have the resources to manage large fraud prevention platforms that require daily monitoring.
- Identity verification: To keep friction at a minimum – charities request minimal information from their online donations. Some non-profits don’t even require an account set-up, which would warrant an individual to enter details about themselves such as their address, date of birth, email or phone number. This leaves them with little data to predict fraud risk.
- All donations are welcome: Charities are keen to increase the volume and size of their donations online to support their various projects. This leaves them vulnerable because they don’t set minimum donation parameters. Research has shown that smaller transactions tend to be associated with more fraud, especially within card testing.
What can charities do to prevent donation fraud?
There are a few steps that charities can follow to protect themselves without investing heavily in costly fraud management platforms. They include:
- Increase identity verification: Charities can add a few additional steps to the donation process (such as asking for contact details on an individual’s address and CVV card number) to verify payment methods against customer details.
- Appoint a fraud prevention manager: Dedicate an experienced volunteer to fraud management. They can manually check for fraudulent patterns in donations and accounts by the names, cards or email addresses and manually flag transactions that are suspicious.
- Work closely with regular donors: Genuine donors that sign-up for continuous monthly donations to charities sometimes forget about these repeated donations and may request a chargeback when their statement comes. Regular communication will prevent this.
Partner and prevent donation fraud
Emailage has partnered with the Charity Finance Group to help inspire a financially confident and trustworthy non-profit sector. Emailage provides an easy to integrate solution that helps prevent chargebacks and maximizes your donations by assessing the level of risk involved in a transaction.
Find out more about Emailage