How can we prevent fraudulent activity?

Our REACH account is receiving a number of failed, fraudulent donations. How can we prevent this kind of activity?

We have recently seen an increase in the number of this type of attempted fraudulent transaction on REACH accounts. What you are likely seeing is card testing. 

What is card testing?

These transactions frequently take the form of many failed transactions with nonsense names, and occur when fraudsters attempt to charge a stolen card number in order to see if it is a valid number—a type of fraud known as card testing. 

In order to ensure that your organization does not incur any fees or penalties from your payment gateway, we recommend preventing these transactions and refunding any transactions like this that have succeeded.

How can we tell if our REACH account has any of these types of transactions?

The easiest way to check for this type of fraud is to examine the “Incomplete” and “Error” tabs of the Donations module in the REACH admin panel. 

These transactions will typically take the form of many failed donations for small amounts ($0–$5) with strange names and emails. Even if you do not find any transactions of this type at this time, we recommend enabling reCAPTCHA to prevent such activity in the future.

How can we prevent these kinds of transactions?

To mitigate the issue, we recommend turning on reCAPTCHA for new donations and new supporter sign-ups for your account. We have also added new server-side security measures as well, and we have found that these measures combined with reCAPTCHA are effective at preventing this kind of activity.

Is my REACH account data in danger from these transactions?

No, your REACH account data is safe. It is not possible for fraudsters to access any sensitive data by doing this. However, it is in your best interest to prevent these kinds of transactions, as they may incur penalties from your payment gateway if they are not mitigated.

How do I enable reCAPTCHA?

- From your Admin Console, go to Settings > Account Rules 
- Click on the reCAPTCHA tab 
- Check both boxes to Require reCAPTCHA for donations & to Require reCAPTCHA for registration 
- Click on Save Changes


General FAQ

  1. When do you release new software updates?
  2. Holiday Support Schedule 2020
  3. Managed Missions Integration
  4. Why is my web browser showing up as 'Not secure' when using REACH?
  5. How do I switch from a trial account to a full account?
  6. How do we change our plan level?
  7. What's the difference between full donor management and basic donor management?
  8. Can I allow certain admins access to only certain areas in REACH?
  9. Can we customize our 404 page not found error page?
  10. How do I use your Retainer Service?
  11. What is the Projects module?
  12. What is the Pages module?
  13. What is the Places module?
  14. How do I hide a Place or location from showing on our public site?
  15. How do I update our main image and team images?
  16. How can REACH help with mission trips?
  17. Where can I add my Facebook Pixel code?
  18. How do I delete a supporter, sponsorship or sponsorship type?
  19. How do I update my REACH menu?
  20. Can we sort our items (donation categories, places and projects) in REACH?
  21. What's the difference between a Supporter Group and a Supporter Segment?
  22. What is the External Reference ID?
  23. How does the 'Mark as Current' option work?
  24. How do I update the Copyright date at the bottom of my site?
  25. How do I set up a form?
  26. Can we add a privacy policy page to our site?
  27. What is recorded under a supporter's activity tab?
  28. I'm having trouble logging in. Can you update my password? Can you help?
  29. Why am I not seeing an Upload button to add a photo?
  30. What is the REACH Index and how is it calculated?
  31. Can I use my own domain name with REACH?
  32. How do I set up our online store to sell our products?
  33. What is the preferred browser to use with REACH?
  34. How can I update my logo link?
  35. Sponsorship Type Description
  36. How can we prevent fraudulent activity?
  37. How do I update to the new Events page design?
  38. Can we add and edit General Ledger (GL) Codes?

Feedback and Knowledge Base