Protecting Your Donors From Fraud | A Quick Guide

As a fundraising leader, two of the most rewarding parts of your job are building meaningful relationships with donors and raising revenue for your mission. Luckily, modern fundraisers are equipped with online tools and digital engagement methods, making it easier than ever to connect with your supporters and collect gifts on the go.

With online fundraising increasing in popularity, this also means that data breaches, hacks, and other forms of fraud can become more prevalent. That’s why investing in the best tools and keeping fraud protection tips in mind is crucial for your organization. One donor data scandal can mar your nonprofit reputation for a good amount of time. 

At iATS Payments, we work with over 14,000 nonprofits to help them process their online gifts safely and securely. We’ve written about online fraud protection for nonprofits before and have compiled some of the essential information and top tips that any fundraising leader needs to protect your online donors in this quick guide. Specifically, we’ll answer the following questions:

  1. What are some common payment scams and risks?
  2. How can you protect your donors from fraud?

Your online donors want to support your mission, but they can’t do so if your tools and giving process are untrustworthy. Ready to learn more? Let’s dive in:

1. What are some common payment scams and risks?

Did you know that 68% of total charitable giving in 2018 in the U.S. came from individual donors, and over half of donors worldwide now prefer to pay online via credit card or debit card? This is extremely convenient since all you need is the card number and some other basic personal information.

However, credit and debit card information is also very delicate. If that information somehow gets leaked, it might be targeted by hackers, scam artists, and even identity thieves. Unfortunately, nonprofit organizations are also targeted more because they tend to be not as aware of the necessary payment security measures that for-profit businesses are familiar with.

For instance, the most common card scams that you should be aware of are:

  • ACH fraud or direct debit payments. While this offers donors an easy way to give by connecting the payment tool directly to their bank account, it can also open the channel to fraud. Often, fraudsters will try and steal a bank account routing number through phishing or database hacking. They’ll then contact your organization and say the gift was a mistake and ask for a refund via credit card or check. They might even contact the bank associated with the routing number and claim that your nonprofit withdrew an authorized amount and request another refund. This results in two refunds of the original online gift to the hacker!
  • Donation form fraud. Sometimes scammers use online donation forms to test out different stolen credit card numbers. If one of the stolen card numbers works, the individual will make a false donation and then ask for a refund, similar to how ACH fraud works. 

Online fundraising likely makes up a good chunk of your overall nonprofit revenue. That’s why you must approach the online giving process carefully, considering all the risks and challenges and acknowledging them before they can even happen. This can often be done with the right nonprofit payment tool, along with other best practices. 

2. How can you protect your donors from fraud?

Now that you know about the common scams and hacks that can hamper your online fundraising, it’s time to take steps to reduce those risks. Let’s start off by going over the payment solution you should depend on, and then go over some of our favorite tips and tricks.

Choosing the right payment processor

When your supporters make an online gift, they’re likely entering information in the donation form on your nonprofit’s website. According to our iATS Payments article on donation forms, it’s crucial that you have a dedicated online payment tool to process the gift, collect the necessary donor information, and keep their financial details secure.

To ensure that your nonprofit payment processor is doing all it can to keep your donors safe, it needs the following fraud protection capabilities:

  • PCI compliance or certification. The Payment Card Industry has a set guideline of safety standards that all online payment tools must meet. Whether you’re a nonprofit collecting gifts or a corporation selling a product for profit, PCI compliance is the minimum requirement, with PCI certification as the top security level a tool can have. Learn more about this topic here
  • Security assistance. If you ever have a problem with your payment tool or find that you do have a data breach, you must have a dependable channel for security assistance from the service itself.  
  • Nonprofit experience. There are some general payment processors, like PayPal, which are easy to set up but might not meet the specific needs of nonprofits. These payment tools are considered large aggregators, and often collect your donated funds in a shared merchant account with other clients before it reaches your main bank account. This can result in a time delay in usable funds for your nonprofit and make you more susceptible to large-scale data breaches. Consider investing in a more specialized payment processor made for nonprofit organizations, like iATS Payments

With the right nonprofit payment processor by your side, your organization is better equipped to handle your supporters’ information and ensure that it is secure. For additional ways you can protect your donors from fraud, read on for some best practices. 

Best Practices for Donor Fraud Protection

What else can you do for your nonprofit to better secure your donors’ data and set up the stage for a healthy and long lasting relationship? Here are our top tips:

  • Improve password security. If any of your staff, volunteers, or donors ever have to create an account with a password, those passwords must be as secure as possible. To screen password safety, consider requiring certain character length, specific symbols, numbers, and a mix of upper and lowercase letters. For more information on making your passwords more secure, explore this Swoop article on modern passwords.
  • Keep an eye out for phishing emails. Phishing emails are scams that ask the recipient to click on links or attachments. These are often tricks that result in the recipient’s personal information being hacked or malware being installed into the device. Ensure that you, your staff, and your supporters know the common signs of phishing emails, like having poor grammar or being sent from a misspelled email address. 
  • Implement CVV2 verification or address verification. Often, hackers only have the stolen card numbers/routing information and not any other crucial identifiers. An easy way to monitor for fraudulent donations, whether by ACH debit or donation form, is to ask for the CVV2 number or the donor’s billing address. 

While the above best practices can help with donor fraud protection, remember that investing in a dedicated and secure online payment tool is the first step. How you protect your donors, and your fraud prevention strategies, will likely change over time, so it’s essential to have a solid foundation with a capable nonprofit payment processor.


To summarize, your donors are the most important and driving factors for your cause, so it only makes sense to do all you can to ensure they’re protected. This not only keeps your supporters’ important information safe, but also sets the stage for a reliable and trusting relationship going forward. Make sure to use a dependable nonprofit payment processor that is able to meet all your needs and keep your donors safe. Good luck!


Author: Matt Dunne

Driven by his desire to support numerous charitable causes in his home country of Ireland, Matt joined the iATS Payments Team in March 2016 to leverage his entrepreneurial experience in support of the non-profit industry. He empowers partner organizations to provide impartial, accurate, and valuable payment information and knowledge to the Nonprofit community.

Remi in Uncategorized | 0 comments

<< Back to Main