Protecting your Donors: 4 Tips During and Post Pandemic

As a nonprofit professional, you likely depend heavily on donor funding to bankroll daily operations and mission-based program costs. These donors trust and support you, and decide to contribute significant portions of their hard-earned money to your cause. Yet they don’t want to be taken advantage of!

In the wake of ​COVID-19​, organizations, businesses, and individuals everywhere are facing unprecedented economic challenges. That means now more than ever, donors can’t afford to have their money taken unfairly through a fraudulent scheme.

Nowadays, donors are very careful when it comes to sniffing out scams, and many are acquainted with the warning signs to look out for. However, your nonprofit organization also has a responsibility to do your part and keep your donors safe.

Fundraising in a crisis​ can be difficult, but it’s not impossible. ​Here are four main ways you can protect yourself and your donors during this time:


  1. Make use of an integrated payment processor.
  2. Monitor incoming donations for unusual behavior.
  3. Study up on common examples of online fraud.
  4. Find an effective balance between convenience and security.

Just because your organization is working to further a good cause doesn’t mean you’re exempt from any sneaky scams. But by following these simple steps, you can significantly reduce the risk of you or your supporters being conned.



Make use of an integrated payment processor.

When it comes to accepting donations online, having an effective, reliable payment processor is one of the most essential components. Without payment processing software, you’d have no way of transferring funds from the donor to your own nonprofit bank account!

However, there are tons of different software providers available, so choosing the best nonprofit payment processor can be difficult. Be sure to look for a payment processor that:


  • Is PCI Compliant and/or Certified: ​The PCI Standard is required by all merchants in order to process online credit card transactions, and it’s essential that your nonprofit payment processing tools meet those guidelines. PCI Compliance is a self-assessment by the payment processing provider, while PCI Certification requires an official audit by a qualified sector assessor. While they both work as a measure of payment security, PCI Certified tools have proven to be up to a higher standard!
  • Is able to integrate with your donation software: ​Instead of sending users to a third-party tool to input their personal, sensitive information, try to find a payment processor that can be directly embedded into your donation site. This way, you can save time and money while ensuring boosted security by removing the middle-man. Plus, users will be more likely to trust a tool that’s directly integrated with your website that they already trust.
  • Uses tokenization and encryption: ​Tokenization and encryption are both methods of securely transmitting and storing sensitive financial information. With tokenization, payment information is translated to a series of alphanumeric symbols to avoid interception by hackers (this is required for PCI- Compliance and Certification). With encryption, data is translated to a ciphertext that can only be converted back with a specific key.

A payment processor is one of the most critical parts in keeping donor funding secure and void of any scams during and after the donation process. Employing a low-quality payment processing tool for your ​online fundraising endeavors​ opens the door to all sorts of fraudulent activity. Check out ​iATS Payments’ guide to nonprofit payment processing​ for more information and to find the best tools for your organization.



Monitor incoming donations for unusual behavior.

As supporters give to your organization, it’s a good idea to monitor the donations that are coming in. This way, you can flag suspicious activity and uncover significant issues before they get too far out of hand.

According to Salsa, a nonprofit CRM (constituent relationship management) system can help you collect and organize various donor data. By integrating your donor management system with online giving tools, donor information can be automatically extracted and stored in an easy-to-use database.

These tools tend to store information such as giving history, family relationships, previous event attendance, and volunteer experience. With this data available, your CRM can automatically create donor profiles that allow you to gather a better understanding of each of your supporters and their relation to your organization.


With this information handy, you can start to notice unusual behavior as well. For example, you might want to make note of:

  • Unusually large donations
  • Requested refunds
  • Several small donations at once

These may be indicators of fraudulent behavior. The sooner you catch on to a scam, the faster it can be taken care of so that fewer people are impacted.



Study up on common examples of online fraud.

Just like how it’s important to be on the lookout and monitor your incoming donations, it’s also crucial that you know what to look for! That’s why researching and becoming familiar with common scams and methods of credit card fraud can be useful.

Nonprofit organizations face unique challenges when it comes to fighting fraud. Because scammers may consider organizations like yours to be easy targets, it’s more important than ever to be prepared.

Here are four examples of common scams used to take advantage of nonprofits and their donors:


  • Phishing: ​Just as nonprofits use email outreach to communicate with supporters and solicit donations, scammers can use email to steal sensitive information and take advantage of good-hearted donors. There are a few things the recipient can do to verify the authenticity of the sender and avoid scam emails​, so it’s a good idea to keep your donor network up-to-speed on these tactics! After all, you don’t want a scammer impersonating you to harm your supporters and ruin your reputation.
  • ACH fraud: ​If your online donation tool offers ACH payments for virtual fundraising (and it probably does!), this is a common scam to look out for. If a scammer is able to hack into your database, they might be able to find individuals’ bank account information. Then, they can make a large donation to your nonprofit using the stolen payment information and insist on a refund from both the organization and the bank the next day. This way, they get double the payout while your donor’s bank account is compromised.
  • Donation form fraud: ​This scam involves thieves testing stolen credit card numbers in online donation forms. Often, these numbers are obtained through phishing scams or by hacking your online database. The user might try out multiple cards until they find one that works. Then, once a donation goes through with the stolen card numbers, they can submit a larger donation and request a refund in a similar fashion as the ACH fraud.
  • Card tumbling: ​Similarly, card tumbling also utilizes donation forms to test card numbers, although in this case, the credit card numbers are usually randomly generated. Then, once a generated number is successful in making a donation, the user proceeds like in an ACH or donation form scam.

These scams can be difficult to catch and put a stop to, but you have the upper hand if you’re well-acquainted with basic fraud protection. You can find more examples and tips for avoiding such scams ​here​.

While some of these scams target the nonprofit organization, others tend to approach the donor directly. That’s why it’s so important not only for you to do your part in avoiding and protecting from fraud, but to inform your network of supporters of what they can be doing as well.



Find an effective balance between convenience and security.

Nonprofits often find themselves and their donors victims of fraud due to relaxed security measures and easy-to-manipulate software solutions. In fact, many online scammers have been known to test out their fraudulent strategies on nonprofit donation pages, thanks to the ease with which they can get around the cybersecurity measures.


That’s because some organizations place ​too much of an emphasis on convenience and not enough on security​, which can lead to donors being taken advantage of. On the other hand, organizations that employ excessive security measures can find themselves losing out on potential fundraising revenue due to a too-complicated donation process.

The best solution to this issue of convenience and security lies somewhere in between at an optimized balance. ​Donation pages should be convenient enough​ that a user can complete the form with all necessary information in just a few minutes. However, your donation software should also be able to confirm important information about the identity of the user and maintain the effective storage of any collected data to avoid a breach of security. By balancing the two, you can make sure to create a system of online donation tools that are easy-to-use without being easy-to-hack!

These tips are essential for maintaining an effective organization with safe and secure financial practices. Lacking basic precautions will not only lead to your donors’ being taken advantage of, but you’ll also lose the trust that is so crucial in a donor relationship. Good luck!


Guest Contributor, Matt Dunne



Driven by his desire to support numerous charitable causes in his home country of Ireland, Matt joined the iATS Payments Team in March 2016 to leverage his entrepreneurial experience in support of the non-profit industry. He empowers partner organizations to provide impartial,  accurate, and valuable payment information and knowledge to the Nonprofit community.


Recommended Posts