Fundraising Site Fraud: Prevention Guide

TL;DR

Fundraising sites are vulnerable to various types of fraud. This guide outlines common scams and practical steps for both site owners and donors to protect themselves.

Protecting Fundraising Sites from Fraud

1. Understand Common Fraud Types
   • Fake Campaigns: Scammers create campaigns pretending to be legitimate causes.
   • Stolen Identities: Using someone else’s name and story without permission.
   • Payment Diversion: Redirecting donations to the scammer’s account.
   • Phishing: Tricking donors into giving information on fake websites that look like the real fundraising site.
   • Refund Fraud: Requesting illegitimate refunds after receiving funds.
2. Verification Processes for Campaigns (Site Owners)
   1. KYC (Know Your Customer): Implement a process to verify the identity of campaign creators.
      • Request official ID documents (passport, driving licence).
      • Check against sanction lists.
   2. Bank Account Verification: Confirm ownership of bank accounts before allowing withdrawals.

      # Example using a Python library for basic bank account format validation
      import re
      
      def validate_bank_account(account_number):
        pattern = r'^[0-9]{8,14}$'
        if re.match(pattern, account_number):
          return True
        else:
          return False
      
      # Example usage
      account = "12345678"
      if validate_bank_account(account):
        print("Valid bank account format")
      else:
        print("Invalid bank account format")
      

   3. Story/Cause Verification: Investigate the legitimacy of the cause.
      • Contact relevant organisations or individuals.
      • Check for consistency in information provided.
3. Payment Security (Site Owners)
   1. Use Reputable Payment Gateways: Stripe, PayPal, etc., have robust security measures.
   2. SSL Certificate: Ensure your site uses HTTPS to encrypt data transmission. Check for the padlock icon in the browser address bar.
   3. PCI DSS Compliance: If you handle credit card details directly, comply with PCI DSS standards.
   4. Two-Factor Authentication (2FA): Implement 2FA for all administrative accounts.
4. Monitoring and Fraud Detection (Site Owners)
   1. Transaction Monitoring: Look for unusual donation patterns (large amounts, multiple donations from the same IP address).
   2. IP Address Analysis: Identify suspicious locations or proxies.
   3. Automated Fraud Tools: Consider using fraud detection services that integrate with your platform.
      • These tools use machine learning to identify potentially fraudulent transactions.
5. Donor Education (Site Owners & General)
   1. Clear Reporting Mechanisms: Provide a simple way for donors to report suspicious campaigns or activity.
   2. Campaign Transparency: Encourage campaign creators to provide detailed information about how funds will be used.
   3. Awareness Campaigns: Educate donors about common fraud tactics and how to avoid them.
6. Donor Precautions (Donors)
   1. Research the Campaign: Verify the legitimacy of the cause and the campaign creator.
      • Check for independent verification from trusted sources.
   2. Be Wary of Emotional Appeals: Scammers often use emotional stories to manipulate donors.
   3. Secure Website Check: Ensure the website is secure (HTTPS) before entering any personal or financial information.
   4. Payment Method Security: Use secure payment methods like credit cards, which offer fraud protection. Avoid direct bank transfers where possible.
   5. Review Statements Regularly: Check your bank and credit card statements for unauthorized transactions.