Protecting Nonprofits from Spam Donations & Carding Attacks | Donorbox Security

With the popularity of online giving using debit or credit cards, fraud is on the rise. Donorbox's industry-leading security helps protect the over 80,000 organizations that use our platform from spam donations and carding attacks. Read on to learn how!

6 minutes read
Protecting Nonprofits from Spam Donations & Carding Attacks | Donorbox Security

There are approximately 10 million nonprofit organizations around the world, out of which roughly 1.8 million are situated in the U.S. alone. 80% of donations to these organizations come from individuals. And with the rise in online fundraising trends, 54% of these donors now prefer to give via credit or debit cards.

This means the number of online transactions for nonprofits has significantly increased and so has their potential for falling prey to cyberattacks, fake donations, carding attacks, and other online fraud.

But, surprisingly, 80% of nonprofits don’t have a policy in place to address these vulnerabilities. Whether or not you’re one of them, this article will help you gain awareness of fraudulent donations and cyber attacks.

Why Nonprofits are Prone to Online Fraud & Spam Donations?

Be it online donations or online ticket sales for fundraising events, nonprofits are getting more comfortable with accepting payments online. But, unfortunately, with few resources at hand, these organizations often fail to pay close attention to online security measures.

Fraudsters and hackers are aware of this fact – they know many nonprofits operate on a lean budget and lack strong IT and security resources. On top of that, organizations that use online donation platforms without fraud detection, two-factor authentication, and other crucial security measures are more prone to these attacks.

How fraud affects nonprofits

Attackers consider nonprofit donation pages and form links as low-hanging fruit. They share these details on sites that are easily accessible to hackers around the world.

Unlike e-commerce sites, there’s no cart on these pages, and payments are made directly with a form. This makes it easy for hackers to test stolen credit cards.

To test these cards, hackers will make various small donations on the donation form to see which cards get through. And, finally, they will make a false donation with one of the working cards – only to request a refund! Due to this spam activity, the nonprofit’s account is then flagged as “at risk” by its payment processor, blocking even legitimate donations from coming through.

Nonprofits also end up with increased chargeback fees when fraudulent donors dispute the transactions and the banks charge nonprofits to process these claims.

Another potential threat nonprofits face is password attacks. When they use an online donation platform and donor database without two-factor authentication, their organizational and donor information can be easily stolen by those hacking into their accounts.

How Donorbox Keeps Your Nonprofit Secure Against Spam Donations and Cyber Security Threats

At Donorbox, we understand what nonprofits want – a simple-to-use and hassle-free solution that works well for them and their donors.

But we also take care of what nonprofits need – an easy and effective solution that stands strong against online security threats!

Therefore, we have built an online donation platform where security never sleeps so that nonprofits can rest easy and focus on continuing their mission and making a difference in the lives of others.

Let’s take a look at Donorbox’s industry-leading security features that are keeping 80,000+ organizations across 96 countries safe against cyber threats.

1. Automated fraud detection and 24/7 monitoring

Credit card fraud is a prevalent problem when it comes to online payments, especially with online donations to nonprofits. That’s why Donorbox partners with Stripe to securely process vital donations made to your organization!

Stripe Radar, Stripe’s native fraud detection technology, uses machine learning to detect and block fraudulent transactions, ensuring that your funds are safe.

PayPal is our other payment processing partner. It uses advanced fraud detection technology, data encryption, Transport Layer Security (TLS), and secure HTTPS connections to ensure the security of your account and information.

Even with this well-developed technology in place, some fraudulent attacks can still pass through. Donorbox tackles this challenge by adding 3 additional layers to our fraud detection technology.

1.1 Billing ZIP or postal code validation

Verifying billing postal codes is one of the best practices to block spam donations in the US. Donorbox gives you the option to utilize ZIP or postal code validation.

It is enabled by default when you connect to your Stripe account on Donorbox.

zip validation on Donorbox for spam donations

Accept Donations Securely - Sign Up!

Non-US-based organizations or those that accept donations from countries where billing postal codes aren’t common practice can contact our support team to have this disabled.

1.2 reCAPTCHA on Donorbox donation forms

All Donorbox donation forms come enabled with the reCAPTCHA version 3. This reCAPTCHA process is based on activity fingerprinting. Donors’ mouse activity and keystrokes are monitored and a pattern-matching technique is used based on algorithms to assign them a score.

This score ranges from 0.0 to 1.0. The higher the score, the lower the risk, and vice versa. If a donor’s score is above the threshold, they won’t see a version 2 reCAPTCHA visual challenge. Only those below the threshold will have to face it.

This ensures your giving experience is not compromised while also prioritizing security on all campaign forms. Once again, if you want to disable this option (which is not advisable), our security team would be happy to help!

1.3 Blocking scammers with multiple failed attempts

Donorbox has an additional layer of security to ensure that scammers cannot get through with credit card testing attacks. To achieve this, we have added “Fraud Prevention Settings” to your Donorbox account.

Under “Account” on the Donorbox dashboard, you can click “Fraud Prevention” to access this setting. By default, this is enabled for all your campaigns.

fraud prevention settings on Donorbox

Block Spam Donations With Donorbox

This setting will auto-block scammers that are trying to donate frequently in a short period of time as well as auto-blacklist frequent offenders in our network. Under the toggle switch, you will find a scam report analysis section, where you can see the details of these attempts and auto-blacklisted scammers.

Note: Organizations that switched to Donorbox saw a significant fall in their chargeback fees and spam donations. However, we also make it possible for you to monitor all your donations on Donorbox. Any strange formatting you see in donor names or email addresses may indicate that these are fraudulent donations. So, do continue to check and report such payments.

2. Tokenization of donor credit card information

First and foremost, no credit card information is stored on Donorbox servers. We also don’t share your donors’ card information with any third party apart from the payment processors (Stripe and/or PayPal) you choose to link with your Donorbox account.

In addition, all card and bank information is tokenized by our system. For example, each number is changed into an indecipherable string before the cards or accounts are charged.

This process ensures that your donors’ payment information is secure against potential attacks from online fraudsters. Share this with your donors so they – as well as you – can breathe easy!

3. High-level protection from DDOS attacks

Distributed Denial of Service (DDOS) attacks are made on nonprofit websites in order to overwhelm them with fake traffic. As a result, your website becomes unavailable to its intended audience.

This can be highly destructive to your organization. You could end up losing out on donations when an urgent fundraising campaign is underway. Donors will be driven away and they might not care to come back to make a donation later. These attacks can also be a popular means for hackers to carry out other malicious activities on your donation page.

Donorbox has a high standard of security measures and a dedicated security team in place that will monitor your donation form and page 24/7 to keep these attacks at bay.

Our team members are highly experienced in these security issues and they work throughout the day and night with the aim to keep your and your donors’ information secure at all costs.

Get Started With Donorbox

4. Two-factor authentication on your organization’s account

Password stealing is a common problem nonprofits face with their online fundraising platform and donor database. And, in turn, all their valuable organizational and donor information ends up being at risk of malicious cyber attacks.

How do you tackle this? Simple – Donorbox enables two-level verification on your organization’s account! With this extra layer of security, you have to input a secure session token every time you want to log in to your account.

This means that, even if your password is stolen, the attacker will fail to access your account.

Donorbox also keeps your third-party integrations secure against cyber attacks by implementing secure session tokens and access controls on these connections.

5. SSL/TLS encryption and PCI compliance

All Donorbox forms are protected by SSL/TLS (Secure Sockets Layer and Transport Layer Security) encryption technology. Which means your checkout process is secure at all times.

Donorbox is also PCI compliant under “PCI validation: SAQ A (PCI Self-Assessment Questionnaire)”. We utilize Stripe Elements technology with financial input fields and Stripe is certified as a PCI Level 1 Service Provider. It ensures your online donations and payment information are secure around the clock!

6. Donorbox security team

Organizations using Donorbox have reduced chargeback fees and the risks of security attacks by a huge margin – thanks to our most adept and ever-vigilant security team!

Our team is highly qualified and holds years of experience in this field. They work 24/7 to ensure that your donation pages and forms as well as your donor data are safe against all possible threats.

If you have any security-related questions or concerns, we are reachable at

If you happen to find a potential Donorbox security vulnerability, give our Responsible Disclosure Policy a read for further steps.


Online security is a growing concern in the nonprofit field; especially with many organizations lacking the necessary policies and resources in place to address these issues.

That’s the reason your nonprofit requires an all-inclusive system that takes care of everything. Your fundraising platform should not only make fundraising simple for you but also tackle your security concerns with the utmost responsibility and urgency.

Take a look at Donorbox, for example! Our dedicated security team works in tandem with multiple layers of security controls like reCAPTCHA, ZIP validation, PCI compliance, and more to protect your account and the checkout process at all times.

Learn more about Donorbox, its powerful range of features and integrations on our website. Sign up for free to start fundraising today!

Our Nonprofit Blog is the ultimate hub of everything you need to know about fundraising, donor management, communications, management, and more. Subscribe to our newsletter to receive a curated list of our best resources in your inbox every month.

Chirasree Bose is the Content Editor at Donorbox. Apart from editing and writing, what holds her interest the most is reading books. Chirasree loves to explore the world of fiction and has authored some books herself. Connect with her on Facebook, Instagram, LinkedIn, and Twitter.

  • facebook
  • instagram
  • linkedin

Join the fundraising movement!

Subscribe to our e-newsletter to receive the latest blogs, news, and more in your inbox.

Take your donor experience to the next level!
Join the 50,000+ nonprofits already raising funds online.
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join Our Newsletter
Get a monthly curated round-up of our best posts and feature updates. (You can unsubscribe anytime.)
Join a 30min Demo to see how Donorbox can help you reach your fundraising goals!
Join a 30min Live Demo to see how Donorbox can help you reach your fundraising goals!