Categories: Industry Insights

Combat Fraudulent Card Testing

Published On: Apr 4, 2022By

While credit card fraud is far from a new concept, it’s sadly become critical to stay up-to-date on the latest intelligence of how best to arm your association against the alarming impacts to nonprofits of every shape and size.

An unprecedented increase in online and mobile transactions in the past two years created more opportunities for scammers to test methods and increase their tactics — with nonprofits being a ripe testing ground.  “At the end of 2020, the U.S. was seeing about $11 billion worth of losses due to credit card fraud,” said Julie Conroy, a research director for Aite Group’s fraud and anti-money laundering practice.

How does this apply to nonprofits? Here are the facts:

The most common form of fraud reported by merchants is “card testing

  • Card testing is the process of using stolen credit card number to make a small purchase for the purposes of checking the card’s activation status. If the small purchase is successful, the fraudster will use the stolen card for larger purchases.

Nonprofit donation sites are often considered ideal for card testing because minimum donation amount are typically low, little information about the donor is required, and there are no goods or services exchanged.

Many ask: “Why is my nonprofit affected? Does it involve a data breach?” 

The good news is that fraudulent card testing is not a data breach specific to your members or software. The concerning reality is that credit card numbers are purchased by fraudsters on the dark web who then visit donation websites to test card validity.  

It’s a complex landscape to maneuver as you’re striving to protect your organization and your members.

So, how do you know when you’ve been hit?

Fraudulent testing is often accompanied by an important data point: uncharacteristically higher numbers of authorizations accompanied by a spike of card declines is a common indicator of potential foul play.

How do I stop this from happening?

No association wants to be a testing ground for criminals while suffering from increased transaction costs and staff time wasted. Credit card fraud is a complicated battle that we will continue to fight together — and no single strategy will prevail.

The best way to fight back? Multilayered protection.   

  • ReCAPTCHA – You’ve been there…On the verge of buying something online, and suddenly you’re prompted to click the number of boxes containing a bicycle within the image.  This feature is called Google ReCAPTCHA and adds a small and unobtrusive test to your online pages that seeks to block out automated attacks by bots. Daxko customers can quickly enable this feature by contacting the Daxko Support Team at [email protected].
  • Minimum Donation Amount – Your association sets this amount for each individual campaign. Scammers typically try to donate the smallest amount possible as a test for the card before selling it to other buyers or using it for larger purchases. Setting a minimum purchase amount higher than you’ve previously used can often deter further attempts against your system. Consider adjusting your fundraising campaign settings in Daxko Operations or other fundraising solutions to make this change today.
  • CVV Validation – The 3-or 4-digit card verification value (CVV) found on all major credit cards is designed as a vital layer of security to confirm a card owner’s identity. Requiring a CVV for transactions is a commonly adopted practice to prevent and reduce fraud. See below for options to enable this powerful deterrent.

For Daxko Gains customers, CVV Validation is now at your fingertips. As of early April, Daxko welcomed a collection of Early Adopter GAINS customers who have added a new, free service to enable CVV validation for all one-time transactions without impacting stored billing methods used in scheduled payments. For more information about GAINS customers enabling CVV, click here

In addition to these optional settings, Daxko engineers have built robust deterrents to reduce fraudulent donation attempts by people as well as bots. Daxko also continues to collect data in blocked fraudulent attempts to enhance blocking strategies for the future.

Health and wellness has never been more important in our world today. Daxko is here to support your association as you continue to serve your members and impact communities across the U.S. and beyond. Together, we will remain vigilant and adaptable as we partner to combat fraudulence, and the protective measures you take today for your online donation platforms will help us win this war.

– Ron Lamb


Ron Lamb leads our team of passionate, talented, and dedicated professionals to power health and wellness throughout the world. Prior to joining Daxko, he was president of Reynolds & Reynolds, a billion dollar a year software company, where he led a global team to focus on re-engineering their software and services portfolio into a dynamic suite of automotive retailing solutions to transform the customer experience. Ron holds a bachelor’s degree from Princeton University and an MBA from Loyola College in Baltimore.

Learn more about a new setting in Daxko Operations for deterring fraudulent card declines here.

Learn more about Daxko Gains, our payment processing software, here: Find Your Way to Paid

Industry Sources

Go to Top