Hi everyone,
Not sure if this is an IT or Finance question, but I'll check here first. We've been getting fraudulent donations from one account that uses different credit cards each time with fake addresses, always through our website, and they're using a VPN to use a few different IPs. This has been happening since mid-December, just a few transactions a week. They started out as $1 gifts, so we upped our minimum standalone donation amount to $10. That didn't stop them, so now we're considering putting in a ReCaptcha box on our donation page. I'm pretty sure this is just one person, so ideally we don't want to spend much money trying to stop them.
Has anyone else had this problem, and if so, how did you stop it? We're refunding all of these fraudulent gifts as we find them, but I'm still worried about chargebacks and the ethical implications of allowing someone to do this on our website.
Krystle
Following as we've had a couple issues similar to this in the past and I'd love to know how other orgs deal with it.
Hi Krystle,
We did have this issue over a year ago and it turned into thousands of transactions. We did several things to stop it.
1. Added the ReCaptcha to the website
2. Worked with Windcave (Payment Express) to stop any transactions outside of the US
3. We purchased a subscription with CloudFlare.com and our server host set up some IP blocks.
Maybe this is useful information: these kinds of small $1 authorizations are typically a fraudster who has purchased a bunch of stolen credit card numbers from a "black market" data broker, and are making these small authorizations to see which of the numbers they purchased are still usable, and which have already been cancelled. So, the fraudster must have identified your website as one where they can easily leverage your payment processing to do authorizations on the cards. Anything you can do to make this more of a chore for them will make it more likely that they'll go someplace else. ReCaptcha is a good first step.
Thanks! Yeah, that's what I figured - that's why I upped the minimum donation amount to $10, but apparently this person is willing to test the stolen cards with higher amounts of money. I'll update here if we come up with any other solutions beyond the Recaptcha.
We haven't experienced this with any actual transactions, but we did have a lot of fraudulent accounts being created up until recently. We're on TNEW so we looped in the network. They installed bot protection software called Imperva (used to be called Incapsula), free of charge, and the accounts have gone down drastically. Mind you, this was just installed on 12/18, so my data set is pretty small at this point, but that might be another option for you.
I can second the installation of Incapsula (Imperva) helping to decrease the number of fradulent accounts being created as the same thing happened with our organization. (Did not know the name had changed.)
Do we know if the installation of Imperva/Incapsula is now standard for T-New Users? Or is this done on a case by case basis?
How are folks recognizing these "fraudulent accounts"?
No idea as to whether or not it is now standard. I certainly had to ask for it when we installed it, but that was well over a year ago now. As for the fraudulent accounts, those have been indenfitied mostly by sight/feel when the Box Office does its daily new account clean-up sweep.
Mainly by sight/feel for us, but the pattern seems to be accounts with no ticket history, multiple donations a week, fake addresses, fake names, and a different credit card for every transaction. We get a daily report with donation info and go from there.
Hi Both, Incapsula (A web application firewall or WAF for those of you not familiar) is not yet standard for TNEW but will be with the move to AWS later in 2020. John, if you requested this at the time of TNEW go-live then you would have it in place already, but should be able to check that with a support ticket to verify. We install i case-by-base for members who request it right now.
Thanks,
Chris
For us they used the the same name JOE MAC with every transaction and with multiple $1 donations coming through online it was easy to spot. using the Finance/On Account Tracking report for our daily online donations.
Sorry if my response was unclear, but I am not in doubt. I asked, and it was installed. I was merely trying to clarify to Tom that I did indeed have to ask for it. But it sounds like you are headed in the direction of standardization on it as it is, so this should eventually be a moot point.
We had some questionable names/email addresses come up in our merge constituents screen. The bulk of them with an @mail.ru email and our mailing address. I did a search of @mail.ru email accounts in SSMS and found a bunch of them that way.
So funny story. Woke up this morning to dozens of $2 donations in the name of one person but loads of different credit cards and email addresses - all new accounts. Scrambled to contact WindCave, tighten up our security etc.
When we managed to get onto one of them they let on that her partner asked that all her friends contribute an tiny amount to SDC for her birthday in her name. He said they were only small amounts as it was an inside joke. Oh we laughed