At Engaging Networks, we understand the critical importance of safeguarding your nonprofit’s online transactions from fraud and spam. We understand this is important to all clients, and we have implemented a multi-tiered approach. Our suite of fraud prevention measures helps to ensure that your donor data remains secure and your fundraising efforts are protected from malicious activities. Here’s an overview of the robust security measures we have in place:
Payment Gateway Integration
Engaging Networks integrates with payment gateways such as Worldpay, PayPal, and Stripe, allowing clients to utilize these gateways’ advanced fraud prevention capabilities. By leveraging sophisticated algorithms that assess transaction risks across multiple data points, these gateways help identify and block potentially fraudulent transactions before they can cause harm.
CAPTCHA Challenges
To combat automated bot attacks, particularly on donation pages, we employ CAPTCHA challenges utilizing the reCAPTCHA service to introduce a checkbox on the page. This ensures the page can only be submitted if this box is checked manually. These tests help ensure that only genuine users can complete transactions, safeguarding your organization from automated threats.
Automated IP Blocking
Our system continuously monitors and blocks suspicious IP addresses. By identifying and blocking IP addresses associated with fraudulent activity, we can help prevent unauthorized transactions and protect your data.
Country-Specific CAPTCHA
Fraudulent activity can vary by region, which is why we implement country-specific CAPTCHA challenges. Users from countries with high fraud rates are required to complete additional verification steps, significantly reducing the risk of fraud from these regions.
Cloudflare Integration
We leverage Cloudflare to provide robust protection against various forms of abuse, ensuring a secure and seamless experience for you and your visitors. Cloudflare offers advanced security features designed to defend your website from a wide range of threats. This includes DDoS mitigation, which protects your site from distributed denial-of-service attacks by absorbing and dispersing malicious traffic.
The Web Application Firewall (WAF) acts as a shield against common web exploits and vulnerabilities, such as SQL injection and cross-site scripting (XSS), by filtering and monitoring HTTP requests. The WAF employs both managed pre-configured and pre-configured rules to address known threats, as well as custom rules that allow us to address emerging threats.
We also use bot management to go beyond traditional security measures by effectively identifying and mitigating malicious bot activities that can harm your site and its users, ensuring enhanced protection and performance.
Email and SMS Alerts
Our system provides real-time alerts for blocked IP addresses, enabling quick responses from internal teams. These alerts help your organization stay informed about potential threats and take immediate action to mitigate risks.
Clients can sign up to receive optional, automated email and SMS alerts when Engaging Networks’ detects suspicious activity (e.g. too many transactions per minute) on their EN-hosted pages. The spam alert is triggered by five or more rejected transactions within a 15 mins window from a single IP address or 30 or more reject transactions within a two hour period for a given client for a particular gateway.
Additional Tools
Engaging Networks offers a suite of additional tools designed to enhance security:
- Donation Amount Validators: Prevent small fraudulent transactions by setting minimum donation amounts.
- Spambot Traps: Fields in forms can be added specifically to deter spambots, keeping your data clean and your organization safe.
- Allowed Domains: Clients can specify allowed domains for their pages to reduce spam attacks, ensuring only legitimate domains host their donation forms.
- Third-Party Email Validation: Can be implemented using tools such as Never Bounce. This ensures the legitimacy of email addresses entered in your forms, reducing the risk of spam and fraudulent submissions.
Our Commitment to Security
At Engaging Networks, we are committed to continuously improving our fraud prevention measures to protect our clients and their supporters. Our approach ensures that your team can focus on advancing your mission without the worry of fraudulent activities disrupting your operations.
Our platform offers robust tools designed to help you mitigate fraud and secure your donation pages. However, the most effective fraud prevention strategy involves a comprehensive approach that leverages all available resources, including those provided by your payment gateways.
When a payment is processed, it’s the payment gateway (e.g. Worldpay, PayPal, Stripe, Moneris) — and not Engaging Networks — that possesses the most precise information to determine whether a credit card number is valid. Payment processors have sophisticated algorithms and extensive data resources to assess risk, such as knowing whether a credit card was issued by a bank in a specific country. By combining this information with the address details entered in the form, payment gateways can effectively identify and combat fraudulent transactions.
Your payment gateway is the best “line of defense” to prevent and minimize the impact of fraud. While Engaging Networks provides essential tools to support your fraud prevention efforts, we strongly recommend that clients fully utilize the anti-fraud measures available through their payment gateways. This dual-layered approach ensures the highest level of security for your transactions and maximizes protection for your supporters.
By partnering with Engaging Networks and integrating the advanced fraud prevention capabilities of your payment gateway, you can create a secure and trustworthy environment for your donors. This not only enhances the credibility of your organization but also fosters greater confidence among your supporters, ultimately helping you to achieve your fundraising goals more effectively.
