On occasion, we get asked why WidgetMakr won’t accept donations under $2. While it’s true that aggregate sums of donations under $5 can raise significant amounts of funds over the course of a campaign, donations of $1 or less are very uncommon and increasingly being used in credit card fraud. They also tend to cost the campaign more than the donation itself due to the cost of fundraising and credit card processing fees.
WidgetMakr intentionally enforces a minimum donation of $2 because transactions under this amount are frequently used to test if stolen credit cards numbers work. Setting this security standard is a simple but effective way to prevent fraudulent transactions on our clients’ donation pages.
In the aftermath of security breaches at Target, Home Depot and the Federal government, online retailers are ramping up security measures on their websites to prevent fraud. This has spurred thieves to use the websites of political campaigns and nonprofit organizations to see if a stolen credit card number is active by making a small donation of $1 or less. They use these websites because donations are easier transactions to test with. You don’t have to setup and account, you don’t have to get a physical item shipped, and charitable organizations less often verify billing address.
The Chronicle of Philanthropy recently covered how criminals are targeting nonprofit organizations in particular:
Criminals are using poorly protected charity websites to test the validity of stolen credit-card numbers, cybersecurity experts said this week, costing some groups thousands of dollars. Simplified online donation pages make it easy for people to give — but also serve as prime testing ground for credit-card thieves.
“There’s a giant target painted on the industry’s back that is very advantageous for credit-card thieves,” said Kevin Conroy, chief product officer at GlobalGiving.
How do credit card thieves target nonprofits and campaigns? An article from May 2014 explains:
“It’s a test transaction,” warned Evan Schuman, editor for StorefrontBacktalk.com, a technology blog read by major retailers.
“If that $1 transaction goes through and nothing happens, they know it’s good to go,” added Terry Thornton, senior vice president, fraud services, for Comerica in Auburn Hills, Mich.
What’s probably happening: Somehow the crooks have your number; maybe it was among thousands stolen in a big security breach. Now they have to see whether it works so they can go on a spending spree.
“You want to establish which of these cards is valid and real,” Schuman said. “It’s a race against the clock.”
Square, a popular credit card processing system for small business owners, does not have a minimum transaction amount. Last October, Forbes reported that the company has seen a sizable uptick in the amount of fraud occurring:
In its IPO registration documents, Square disclosed figures for “transaction and advance losses” a line item under operating expenses that has increased every year. While growth in those figures is expected given the company’s increasing annual payment volume, the rate by which transaction losses is rising suggests that Square is being hit with fraudulent charges in 2015 at a higher pace than in previous years.
Credit card fraud not only hurts donors, but it can be devastating to both the reputation and budgets of campaigns and nonprofits. Whenever a fraudulent transaction is made, credit card companies – such as Visa, MasterCard, American Express and Discover – charge the merchant a chargeback fee. A single chargeback fee typically costs between $10-$25 per transaction, which quickly adds up if a criminal targets a particular organization or campaign to test stolen credit card numbers.
For example, in 2013, a charity in Ireland refunded and paid more than $170,000 in fees and fraudulent charges. In early December, Target also announced that they agreed to pay $39.4 million to banks and credit unions to reimburse them for the costs related to the theft of 40 million credit card numbers over the holiday season in 2013.
While our minimum donation of $2 might be frustrating to a very small group of people who want to make gifts of $1 or less, it goes far in protecting both our clients and donors from being the victims of credit card fraud.
Contact us if you have questions
If you have questions or feedback about CMDI products like WidgetMakr, please contact us. Our Helpdesk is always available, or you can also contact me with any comments.