The only time in my years with the BBB that I’ve heard of a charity turning away donations is when items are given, such as used clothing, that would be more efficiently purchased in the countries of need, rather than having to pay shipping for them.
Well, now there’s another type of donation charities don’t want. The scam donation.
In the past month, BBB has heard from two separate organizations regarding questionable activity taking place at the DONATE TO THE FOUNDATION and DONATION sections of their web sites.
In a short period of time, both groups saw a sudden spike in multiple donation posts via credit card coming from Vanuatu and Singapore. Some of the donations were for 15 cents.
One group was notified by its credit card payment processing company about the unusual activity and shut their portal down until they could find answers. Another saw the activity and disabled the pages until they could figure out what was up.
1) Unusual activity taking place at a certain section of a web site, namely a “donate” page
2) Unusual volume of activity (spurt of donations at once)
3) Donations coming from out of country
4) Unusual donation amounts posted
5) Donations posted using a variety of different names using the same addresses, and all using generic email accounts.
WHY IT HAPPENS
The websites were missing an “added security feature” that blocks activity like this. Once the added feature was put into place (which didn’t take long), the hits ceased.
By “donating” tiny amounts on fake or stolen credit cards, scammers can activate them at vulnerable web site pages void of a particular security feature. They randomly targeting websites to see if the sites will “take a credit card.” Once they find that the fields at a donation page will take a credit card, they activate the stolen or fake card to max it out somewhere else.
Seems they are targeting “donation” pages that don’t have this security feature.
If your charity or business sees questionable activity on your website, we urge you to react quickly:
1) Contact your IT staff. The experts may recommend shutting down your portal or donation pages at your web site until they have a) figured out what the extent of the problem is and have b) more fully secured your site.
2) Alert your bank about the situation.
3) Alert the credit card merchant who maintains your online account if they haven’t already alerted you.
4) File a police report to begin a paper trail in case other issues arise as a result of the incident.
5) Contact media and share your story to warn others.
6) Have a complete security scan/review done of your web site. It is well worth the funds to secure your data and site.
7) For more information concerning system security, please go to: http://www.bbb.org/data-security/