Learn about our newest features and enhancements!
How to Evaluate Fraudulent Transactions
Authored by:
on 3/9/2023 1:34:00 PM

Introduction

CharityEngine has a patent-pending proprietary fraud tool that helps prevent fraudulent transactions from being processed and helps reduce the number of costly chargebacks. Organizations using our advanced fraud tool should review their fraud on a daily basis. During their review, users can delete transactions that they have confirmed as fraud and charge transactions that were captured as fraud but were deemed to be true donations upon research.



Prerequisites

If your organization is interested in learning more about the CharityEngine Fraud Prevention Tool, please contact your account manager. 


Instructions - How to Access Pending Fraud Transactions

Step 1: To monitor this list, navigate to the Donations App > Transactions > Search & Manage

Step 2: Click on the Review Fraud Transactions within the blue bar at the top of the Transactions Listing Screen



Step 3: A list will be displayed with all transactions CharityEngine has deemed to be a possible fraud transaction and will be identified as a status of Pending


Instructions - How to Evaluate a Transaction for Potential Fraud

When evaluating if a transaction is fraudulent, there are several key things you must review include:

  1. Contact Name
  2. Contact address
  3. Contact email
  4. IP Address
  5. If the donation is the form minimum
  6. Multiple charge attempts

CharityEngine has made evaluating these identifiers easier by flagging them as suspicious.

  1. If you notice a red or yellow triangle, that signifies a suspicious identifier that needs further exploration.
  2. If you notice a green checkmark, the identifier has been deemed as non-suspicious





Below is an actual fraud attempt that was automatically placed in a pending state. The data that was analyzed to determine fraud has been identified.



1. The unusual name pattern (duplicate first & last)
2. The common email domain (Gmail) is free and relatively easy to create.
3. The address does not follow standard formatting.
4. A donation of $5 or less is a common indicator of fraudulent activity.
5. The IP address is flagged as a highly suspect network.
6. Location - Uruguay is flagged as a potential location source for originating fraudulent activity.
7. The Blacklist Ratio and Decline Ratio for this region are displayed with additional information to inform whether to allow the transaction or terminate.

If you notice something suspicious, an easy way to confirm if the transaction is fraud is to search the identifier online.

  • Using the above fraud transaction, if the address is searched online, it will not return with an actual address.
  • Searching the identifier can be done for the name, phone number, and email address as well.
  • Another way to identify a false address is if the search returns as a hotel or another business that does not make sense with the contact who tried to make the transaction.







If CharityEngine has identified the IP address as either suspicious or unknown, there are several things to look at to identify if the transaction is a fraud.

  1. By hovering over the IP address, you will be able to see more information such as the location, the trust rating, if and when the IP has been blacklisted, and how malicious the IP address is.
  2. If the location of the IP address is not in the same region or area as the contact address, the chance the transaction is fraud increases, as well as if the malicious ratio is a high percentage.







The last major identifier that a transaction is fraud, is multiple transactions form the same contact with different payment information or multiple transaction attempts made in subsequent attempts.

  1. Someone who has stolen multiple credit cards is likely to try different methods of payment to try to see if one of their many methods will process.
  2. Note: Multiple payments from the same contact does not always mean fraud payments. If someone did not receive a receipt email, they are likely to try again, however, they are more likely to use the same method of payment rather than a different method, therefore multiple transactions should not be the only identifier of a fraud transaction.






Instructions - How to Delete Potential Fraud Transactions

Once you have determined if a transaction is a fraud or real, you will need to either delete or process the payment.

Note: Deletion of a transaction will result in the transaction being removed from the transaction listing screen as well as deletion from the contact's Transaction panel

Step 1: From the Donations App > Transactions > Search & Manage > Review Fraud Transactions > transaction listing screen for pending transactions

Step 2: Using the check box to the left of each transaction, select all transactions deemed as potential fraud

Note: The deletion can also be completed if a donor inaccurately submitted subsequent transactions

Step 3: Once all identified transactions have been identified, navigate to the top drop down box, using the arrow to select Delete

Step 4: Confirm total transactions for deletion and click OK


Step 5: Proceed to the next section to complete the processing of all remaining Pending transactions


Instructions - How to Process Pending Transactions

Once you deleted all potential fraud (or duplicate transaction attempts), please proceed with authorization of remaining transactions. 

Step 1: Use the top left check box to select all transactions (or select individually)

Step 2: Once all identified transactions have been identified, navigate to the top drop down box, using the arrow to select Process

Step 3: Verify total processing count (see Charge # Selected Transactions), complete selections for acknowledgement, click CHARGE

Step 4: Confirm total transactions for processing

Step 5: Once bulk processing has been complete, a green message bar will appear confirming total transactions process, total approvals and declines with transaction id

Note: Based upon total number of transactions, please allow ample time for processing 


FAQs & Additional Reading

Q. How often do I need to review for fraud transactions?
A. Depending upon your organizational transaction volume or time of year, your organization will need to determine the necessary business rules for processing. As a best practice, CharityEngine recommends processing at least daily Monday - Friday. Any transaction that is not processed will remain in a pending status. Delays in processing may result in donors contacting your organization or the donor attempting additional transactions. 

Q. I am seeing a consistent fraudulent IP address. Am I able to block an IP address?
A. Yes. Navigate to the Configuration App > Security > IP Blacklist > Create New. From here input the IP Address or Range, elect to block from all web forms, and/or set an expiration date/time (leave null to block indefinitely). 

Q. What are best practices in protecting web forms from fraud attempts?
A. If your donation form contains credit card as a form of payment, CharityEngine recommends requiring a CVV when submitting a credit card transactions. In addition, if your form does not contain payment, utilize the CAPTCHA option to validate against bots. 

Q. Can I create custom fraud triggers?
A. Yes. This can useful for recurring fraudulent attempts, for example with a consistent fraudulent address. Please use cautiously to avoid blocking legitimate transactions. Navigate to the Configuration App > Security > Online Settings > Fraud tab. From here Add new fraud keyword and select ADD. Once complete, click SAVE to secure your changes. Any transactions triggered by this keyword will automatically be assigned a pending status for fraud review. 

Q. Am I able to block specific emails from use of my web forms?
A. Yes. This can useful for recurring fraudulent attempts with a recurring or known fraudulent email address. Navigate to the Configuration App > Security > Email Blacklist > Create New. Enter the email address or pattern, elect to block from all web forms or unselect to select specific forms, elect to set an expiration date/time (leave null to block indefinitely). Click SAVE to secure your changes. 

Q. Online Screening Guidance



Related Articles

Powered by Powered By CharityEngine