Our REACH account is receiving a number of failed, fraudulent donations. How can we prevent this kind of activity?
We have recently seen an increase in the number of this type of attempted fraudulent transaction on REACH accounts. What you are likely seeing is card testing.
What is card testing?
These transactions frequently take the form of many failed transactions with nonsense names, and occur when fraudsters attempt to charge a stolen card number in order to see if it is a valid number—a type of fraud known as card testing.
In order to ensure that your organization does not incur any fees or penalties from your payment gateway, we recommend preventing these transactions and refunding any transactions like this that have succeeded.
How can we tell if our REACH account has any of these types of transactions?
The easiest way to check for this type of fraud is to examine the “Incomplete” and “Error” tabs of the Donations module in the REACH admin panel.
These transactions will typically take the form of many failed donations for small amounts ($0–$5) with strange names and emails. Even if you do not find any transactions of this type at this time, we recommend enabling reCAPTCHA to prevent such activity in the future.
How can we prevent these kinds of transactions?
To mitigate the issue, we recommend turning on reCAPTCHA for new donations and new supporter sign-ups for your account. We have also added new server-side security measures as well, and we have found that these measures combined with reCAPTCHA are effective at preventing this kind of activity.
Is my REACH account data in danger from these transactions?
No, your REACH account data is safe. It is not possible for fraudsters to access any sensitive data by doing this. However, it is in your best interest to prevent these kinds of transactions, as they may incur penalties from your payment gateway if they are not mitigated.
How do I enable reCAPTCHA?
- From your Admin Console, go to Settings > Account Rules
- Click on the reCAPTCHA tab
- Check both boxes to Require reCAPTCHA for donations & to Require reCAPTCHA for registration
- Click on Save Changes