Learn about our newest features and enhancements!
Transactions: Fraudulent Transactions, Proactive Fraud Management, & Managing Fraud Events (Legacy)
Authored by:
on 7/24/2024 1:27:00 PM

Introduction

Your donation forms are prime targets for malicious bad actors testing stolen credit card information - jeopardizing unsuspecting and innocent card holders. With CharityEngine, we have you covered with our standard fraud protection, but if you'd like true peace of mind, consider purchasing our Advanced Fraud Protection. 

The benefits of using Advanced Fraud Protection are significant. This feature:

  1. Helps stop fraud attempts. The system identifies fraud runs before they hit the payment processor.
  2. Saves time. Reducing the number of attempts during an attack means fewer transactions to review and avoids the need to add IP and email addresses to the blacklist.
  3. Saves money. Transaction fees are assessed on a payment, whether the card is declined or not. By identifying and stopping fraudulent activity before it hits the payment processor, you avoid having to pay these transaction fees.
  4. Allows you to maintain the flexibility to enable it or not. You can enable or disable it at the form level.


CharityEngine has a patent-pending proprietary fraud tool that helps prevent fraudulent transactions from being processed and helps reduce the number of costly chargebacks. Organizations using our advanced fraud tool should review their fraud on a daily basis. During their review, users can delete transactions that they have confirmed as fraud and charge transactions that were captured as fraud but were deemed to be true donations upon research.




Help Center – New User Interface

Click here to access the Help Center legacy user interface article.


Prerequisites

  1. If your organization is interested in learning more about the CharityEngine Fraud Prevention Tool, please contact your account manager. 
  2. Important note:
    1. The design of the CharityEngine Fraud Prevention Tool is designed to deter corrupt or fraudulent activities. Our algorithm will pend transactions if questionable activities is identified. For users of our Fraud Prevention Tool, you may find that review of transactions results in potential false positive pending transactions. While this may seem counter intuitive, blocking one transaction may immediately deter additional fraudulent attempts as fraudsters will not continue to attempt through your web form. You may see several 'good' transactions that can be processed, and this can be expected. If several fraud transactions were identified on a web form, this would indicate the system is not deterring fraudulent activity as expected. 
  3. Note that is Fraud Processing is enabled while a site is actively being targeted, it may take some time for fraudulent activity to subside. While these attempts will be moved to a pending state for organizational review, there may be a lag in which fraudulent attempts begin to subside and bad actors determine the site has monitoring in place. 
  4. Note, if a fraud event takes place your organization may incur additional chargeback fees for transactions. Depending upon your payment processor, these may range between $25 - $100 per transaction. Another key benefit of the CharityEngine Advanced Fraud feature is the usage of big data and logic to detect bad actors before processing a single transaction, it increases the organization's conversation rates. The Advanced Fraud feature not only protects but also frees the organization to remove all of the traditional barriers that make it hard for users to convert. 

Business Process - Considerations Needed for Monitoring and Managing 

As you prepare for usage of the CharityEngine Fraud Prevention Tool, there are a few important organizational decisions that will be needed to ensure you have the proper planning and standard operating procedures (SOPs) in place. These decisions will need to be determined based upon your organization's size, transactional volume, and seasonality.

Activities to consider for your organization's SOP:

  1. Consider the frequency of "Pending Transaction" review. Organizations may determine to review and process "Pending Transactions" multiple times within a day, daily, or weekly. This frequency should be determined by your organization's transaction details and/or in consideration of larger fundraising events and volume. It's important to note that while a transaction is in a pending state, the payment has not initiated authorization which may result in donor inquiries if they are awaiting receipting or account reduction. 
  2. Consider impact of transaction review for weekends and major holidays in which your organization's offices may be closed. Consider staffing needs to support higher volumes when needed. 
  3. Determine donor locations which may flag unusual activity by IP location. For example, if you have donors located primarily in the United States, Australia, and Canada, include these locations within your SOP. When financial transactions are flagged in locations outside of your primary population, consider guidance on how to evaluate and determine if the transaction is not fraudulent. 
  4. Determine your internal verification processes. This may include verification through a search engine, historical donation review at the contact level, or direct donor outreach.
     

Instructions - How to Access Pending Fraud Transactions

Step 1: To monitor this list, navigate to the Donations App > Transactions > Search & Manage

Step 2: Click on the Review Fraud Transactions within the blue bar at the top of the Transactions Listing Screen



Step 3: A list will be displayed with all transactions CharityEngine has deemed to be a possible fraud transaction and will be identified as a status of Pending


Instructions - How to Evaluate a Transaction for Potential Fraud

When evaluating if a transaction is fraudulent, there are several key things you must review include:

  1. Contact Name
  2. Contact address
  3. Contact email
  4. IP Address
  5. If the donation is the form minimum
  6. Multiple charge attempts

CharityEngine has made evaluating these identifiers easier by flagging them as suspicious.

  1. If you notice a red or yellow triangle, that signifies a suspicious identifier that needs further exploration.
  2. If you notice a green checkmark, the identifier has been deemed as non-suspicious





Below is an actual fraud attempt that was automatically placed in a pending state. The data that was analyzed to determine fraud has been identified.



1. The unusual name pattern (duplicate first & last)
2. The common email domain (Gmail) is free and relatively easy to create.
3. The address does not follow standard formatting.
4. A donation of $5 or less is a common indicator of fraudulent activity.
5. The IP address is flagged as a highly suspect network. This could include a public network (i.e. public institution or free access at merchant locations)
6. Location - Our algorithm will evaluate IPs located within specific areas or regions where questionable traffic may be experienced. In this example Uruguay is flagged as a potential location source for originating fraudulent activity.
7. The Blacklist Ratio and Decline Ratio for this region are displayed with additional information to inform whether to allow the transaction or terminate.

If you notice something suspicious, an easy way to confirm if the transaction is fraud is to search the identifier online.

  • Using the above fraud transaction, if the address is searched online, it will not return with an actual address.
  • Searching the identifier can be done for the name, phone number, and email address as well.
  • Another way to identify a false address is if the search returns as a hotel or another business that does not make sense with the contact who tried to make the transaction.







If CharityEngine has identified the IP address as either suspicious or unknown, there are several things to look at to identify if the transaction is a fraud.

  1. By hovering over the IP address, you will be able to see more information such as the location, the trust rating, if and when the IP has been blacklisted, and how malicious the IP address is.
  2. If the location of the IP address is not in the same region or area as the contact address, the chance the transaction is fraud increases, as well as if the malicious ratio is a high percentage.







The last major identifier that a transaction is fraud, is multiple transactions form the same contact with different payment information or multiple transaction attempts made in subsequent attempts.

  1. Someone who has stolen multiple credit cards is likely to try different methods of payment to try to see if one of their many methods will process.
  2. Note: Multiple payments from the same contact does not always mean fraud payments. If someone did not receive a receipt email, they are likely to try again, however, they are more likely to use the same method of payment rather than a different method, therefore multiple transactions should not be the only identifier of a fraud transaction.






Instructions - How to Delete Potential Fraud Transactions

Once you have determined if a transaction is a fraud or real, you will need to either delete or process the payment.

Note: Deletion of a transaction will result in the transaction being removed from the transaction listing screen as well as deletion from the contact's Transaction panel

Step 1: From the Donations App > Transactions > Search & Manage > Review Fraud Transactions > transaction listing screen for pending transactions

Step 2: Using the check box to the left of each transaction, select all transactions deemed as potential fraud

Note: The deletion can also be completed if a donor inaccurately submitted subsequent transactions

Step 3: Once all identified transactions have been identified, navigate to the top drop down box, using the arrow to select Delete

Step 4: Confirm total transactions for deletion and click OK


Step 5: Proceed to the next section to complete the processing of all remaining Pending transactions


Instructions - How to Process Pending Transactions

Once you deleted all potential fraud (or duplicate transaction attempts), please proceed with authorization of remaining transactions. 

Step 1: Use the top left check box to select all transactions (or select individually)

Step 2: Once all identified transactions have been identified, navigate to the top drop down box, using the arrow to select Process

Step 3: Verify total processing count (see Charge # Selected Transactions), complete selections for acknowledgement, click CHARGE

Step 4: Confirm total transactions for processing

Step 5: Once bulk processing has been complete, a green message bar will appear confirming total transactions process, total approvals and declines with transaction id

Note: Based upon total number of transactions, please allow ample time for processing 


Instructions - What Steps Should I Take To Protect My Web Forms From Fraudulent Activities

Prevention is the best measure. Learn more in our article Web Forms: Preventing Fraudulent Activities with Security Settings & Features on steps you can take to prevent fraudulent activities on your web forms.



Instructions - What Steps Should I Take If There Is An Active Fraud Attack

If your organization is currently experiencing a fraud attack, here are a few recommended steps to take to prevent additional fraudulent transactions.

  1. Deactivate the web form(s) by accessing the web from the Online App and toggling Action to No - replicate a new form and replace where appropriate
  2. If the form accepts credit card transactions, ensure the CVV field is a required field on the form
    1. Navigate to the Layout tab and use the Pencil icon from the Payments section and ensure Include CVV is toggled to Yes
    2. In addition, expose the addition fields within the Payment section and locate CVV Code. Use the Pencil to manage the field from the Basic tab navigate to the Validation subtab and click Required and SAVE to secure your changes. 
  3. If you wish to enable CAPTCHA, follow our article here: Web Forms: How to add CAPTCHA to your form
  4. If you identify approved transactions that are confirmed fraud, follow our article here to process a chargeback: Transactions : Chargebacks
    1. Note: CharityEngine recommends that transactions/contact records should not be deleted as this will eliminate transaction approval codes for downstream tracking and management. Alternatively consider adding a notation to the transaction and/or deactivating the contact record. 
    2. Note: Chargeback fees may apply.
  5. Evaluate fraudulent transactions to determine potential IPs that require blacklisting. You can export transactions from the transaction listing screen to see and evaluate IPs. 
    1. To blacklist one or more IPs, navigate to the Configuration App > Security > IP Blacklist > Create New. From here input the IP Address or Range, elect to block from all web forms, and/or set an expiration date/time (leave null to block indefinitely).

Instructions - Protecting Against ACH Fraud

Stealing Credit cards is not the only way fraudsters may attack your organization. Many fraudsters will attempt to steal money from your organization by donating a large amount via ACH and requesting a refund before the money actually hits your bank account. For this reason CharityEngine has set the default refund return days to 7 days in order the the donation to actually hit your bank account. If the money does not exist in the account, the transaction will be declined. Another way CharityEngine is protecting you form these types of fraud attacks is to automatically places transactions of a certain amount into a pending status. This will prevent a potential fraud transaction from automatically processing before a real human reviews the transactions. The default limit is currently set to $25,000.

Both of these settings can be adjusted as needed by navigating to the Configuration App > General > Account Settings > ACH. CharityEngine Does not suggest changing the ACH refund hold in order to make sure refunds are not processed to these fake transactions. On average it takes 3-4 business days for an ACH transaction to process. If refunds are preformed prior to that date, you risk aiding these fraudsters and giving them the donation money that never really existed. We have found that 7 days prevents this from happening and will cause the transaction to decline with no consequence to your organization.

You will want to check on a regular basis for your pending ACH transactions in order to ensure you are processing donations that are real. To do this, navigate to the Donations App > Transactions > Search & Manage and place these filters:


1. Payment Status = Pending
2. Payment Method = ACH
3. Fraud = No

Review these transactions and either process or delete the transactions accordingly



FAQs & Additional Reading

Q. How often do I need to review for fraud transactions?
A. Depending upon your organizational transaction volume or time of year, your organization will need to determine the necessary business rules for processing. As a best practice, CharityEngine recommends processing at least daily Monday - Friday. Any transaction that is not processed will remain in a pending status. Delays in processing may result in donors contacting your organization or the donor attempting additional transactions. 

Q. I am seeing a consistent fraudulent IP address. Am I able to block an IP address?
A. Yes. Navigate to the Configuration App > Security > IP Blacklist > Create New. From here input the IP Address or Range, elect to block from all web forms, and/or set an expiration date/time (leave null to block indefinitely). 

Q. What are best practices in protecting web forms from fraud attempts?
A. If your donation form contains credit card as a form of payment, CharityEngine recommends requiring a CVV when submitting a credit card transactions. In addition, if your form does not contain payment, utilize the CAPTCHA option to validate against bots. Learn more about this and other proactive steps you can take in our article Web Forms: Preventing Fraudulent Activities with Security Settings & Features

Q. Can I create custom fraud triggers?
A. Yes. This can useful for recurring fraudulent attempts, for example with a consistent fraudulent address. Please use cautiously to avoid blocking legitimate transactions. Navigate to the Configuration App > Security > Online Settings > Fraud tab. From here Add new fraud keyword and select ADD. Once complete, click SAVE to secure your changes. Any transactions triggered by this keyword will automatically be assigned a pending status for fraud review. 

Q. Am I able to block specific emails from use of my web forms?
A. Yes. This can useful for recurring fraudulent attempts with a recurring or known fraudulent email address. Navigate to the Configuration App > Security > Email Blacklist > Create New. Enter the email address or pattern, elect to block from all web forms or unselect to select specific forms, elect to set an expiration date/time (leave null to block indefinitely). Click SAVE to secure your changes. 

Q. Why do I see several 'good' transactions during this process?
A. The design of the CharityEngine Fraud Prevention Tool is designed to deter corrupt or fraudulent activities. Our algorithm will pend transactions if questionable activities is identified. For users of our Fraud Prevention Tool, you may find that review of transactions results in potential false positive pends. While this may seem counter intuitive, blocking one transaction may immediately deter additional fraudulent attempts as fraudsters will not continue to attempt through your web form. You may see several 'good' transactions that can be processed, and this can be expected.



Related Articles

Powered by Powered By CharityEngine