Reduce fraudulent use of your online donation forms
In this article:
Online donation forms are prime targets for fraudsters trying to validate stolen credit card information. These criminals typically rely on “bots” (computer programs) to automate their credit card validation attempts. Anyone collecting online donations, whether through Little Green Light Forms or another online donation form, may experience their forms being misused in this way at one time or another.
Safeguarding your forms
Fortunately, Little Green Light has safeguards in place to make it as difficult as possible for anyone to do this. These safeguards, which reduce the damage fraudsters can do without overly restricting your donor’s online giving experience, are described here:
- LGL blocks requests from an IP address (a computer’s Internet location) after 3 failed attempts, for a period of 12 hours
- LGL automatically enables reCaptcha (which presents a barrier to any bot that attempts to complete your form) on any form where suspicious activity is currently taking place
- All newly created LGL forms have reCaptcha enabled by default. We strongly advise you to always leave this enabled on your payment forms and to enable it on any form where it is not yet being used. Note: This is the most effective step you can take to stop bots from completing your form.
You can also take these steps to minimize the chance that your form will be affected:
- Turn on reCaptcha on all existing payment forms (and don’t turn it off when you create new ones)
- Set a minimum amount for your payment field of $5 or more. Many fraudsters try transactions of $1, which they likely expect credit card holders won’t notice on their statements. So setting a minimum of $5 or more could prevent them from using the form for testing. This is not foolproof, of course, because they could try a higher level transaction, but it is still a deterrent
What to do if you see suspicious transactions in your LGL Forms account
Here’s what to do if you find that your form has been used for fraudulent transactions.
- For paid transactions, use your payment processor account to refund the transaction and mark it as fraudulent.
- Make sure not to save these paid transactions to your LGL database. If they happen to have been saved, locate and remove each one by unsaving it.
- Unpaid transactions won’t come through to your LGL account automatically (make sure not to push them through manually). They shouldn’t do any harm if you leave them in your LGL Forms account, but you also have the option to clear them out to remove the clutter. If there are so many that it will be time-consuming to remove them one by one, contact firstname.lastname@example.org for help.