Fundraising sites being used to validate stolen credit cards

Unscrupulous individuals and gangs of cybercriminals use fundraising payment sites to test stolen credit card numbers. They have automated ways of making a $1 donation from each card to see if it bounces. They have lists of thousands of stolen credit card numbers that they try consecutively. If a card payment doesn’t bounce, then it’s happy times, and they will go off somewhere else and spend up large on the unsuspecting cardholder’s account. Your fundraising site will end up with hundreds, if not thousands, of failed donations as well as some successful ones. The attack will carry on until you or your payment service puts a stop to it.

Three things to consider if this happens to your fundraising site:

  1. Reputational damage. The fraudulent donation will appear on the legitimate cardholder’s account statement with your organisation’s name against it
  2. Processing costs and reimbursement costs for each fraudulent transation from your payment service provider.
  3. Will you get a bad credit rating from your service provider if you do a large number of reimbursements in a short period of time?

Before this happens to your fundraising site, get to know your payment service provider and ask them what security protections they have in place to detect and stop carding attacks. If you need someone to interpret what they tell you, talk to me.

Your suppliers can get attacked too. So know what security measures they have in place to protect your customer’s information before you sign on the dotted line.

Contact us