We’re all pretty savvy about credit card fraud, and we’re pretty comfortable with the idea that the big credit card companies (and the big banks) protect consumers and nonprofits from credit card fraud. But did you know that ACH fraud is different, and your nonprofit has to protect itself?
Fortunately, there are some easy things you can do to ensure you’re never on the hook for a huge sum of money that was fraudulently donated to you.
How ACH Fraud Happens
If you understand how this fraud happens, you’ll see how easy it is to prevent it!
Let’s say a fraudster donates $10,000 to your charity. (Spoiler alert: they don't have $10,000.)
The originator bank is told there’s a $10,000 draw on the fake account, and they go ahead and assume it's a legit account. They fund the donation to your nonprofit's payment processor but haven't actually collected the money from the fake donor.
(Banks have a two- to four-day settlement period between when they fund the transaction to your nonprofit and they take the money out of the donor's account.)
Your nonprofit celebrates a $10,000 donation.
A day later, the bad guy calls you and says, “Oops! I made a mistake. Can I please have that large donation refunded?”
You, being a good organization, say (a bit sadly), “Sure, we can refund it. We'll do it right now!”
The happy little fraudster is $10,000 richer thanks to your nonprofit’s refund.
This story would stink if it ended there. But it gets worse.
Because...the originator bank is triggered to pull the funds from your nonprofit's bank within a day. After all, you approved the refund.
The money you just refunded to the fake donor came from the bank. And they want that money back. So not only did you not get a $10,000 donation, you now owe the bank $10,000.
So now the story would really stink if it ended there. But...hold on to your hat...it gets worse.
Because word gets around that the happy fraudster hit your nonprofit. Once your nonprofit is linked to fraud, supporters might be reluctant to donate, and your fundraising will almost certainly decrease.
Now your nonprofit has lost money, and your reputation has taken a hit, hampering future donations.
And it was entirely avoidable.
We can't stress enough that in the world of nonprofits and donors, your reputation is one of your most valuable assets. Much of what we do, whether it's delivering emails or protecting bank accounts, also aims to keep our clients' reputations pristine.
How Your Nonprofit Can Prevent ACH Fraud
There are a few easy steps you can take to protect your nonprofit’s money and reputation.
Tip #1: The Five-Day Rule
Remember how we talked about the settlement period, during which time the bank withdraws the money from the donor's account?
Think of the four days after you get a donation as a holding period. You don’t really have the money yet. Give the bank some time to make sure the donor really has the funds.
The most important thing you can do to protect your nonprofit from ACH fraud is to implement the five-day rule.
Never, under any circumstances, process a refund within the first five days after a donation.
Day six? Sure.
Note: donors can request a refund for up to 60 days (about two months) after the donation. So, if you’re playing it safe, the money isn’t for-sure, positively yours until that period passes.
Tip #2: Verify and Validate
Another unbreakable policy rule we recommend is to take a look at your donations at the end of every day. A CRM like CharityEngine can automatically spit out this report every evening at 5:00 pm.
Glance through it.
When you see a larger donation than usual, call that donor and thank them.
The result is twofold: your donor feels appreciated, and you learn that your donor exists and meant to make that donation.
What if you see a big donation and the donor isn’t answering the phone?
Put on your sleuthing hat and hit the internet. Google the address, check out the phone number. If something looks suspicious, wait for the refund request to come in, because chances are good it will.
Tip #3: Use CharityEngine’s Payment Processing
Or, if you don’t, make sure your payment processor is as good at preventing fraud as we are.
CharityEngine’s software offers ACH fraud protection. It can be toggled off, but we don’t recommend it.
This feature prevents a nonprofit from issuing a refund in that four-day period.
And it saves our clients money.
One of our clients, Sara, was in the unfortunate position we discussed at the beginning of this article. She commented,
“Our organization was recently the victim of attempted ACH fraud. Thanks to CharityEngine's fraud protection features and proactive team, the transaction was flagged immediately and saved our nonprofit more than $8,000!”
This makes us feel like a million bucks.
It makes Sara feel pretty great, too, knowing that other companies took weeks to connect the dots. Using CharityEngine as her payment processor gave her peace of mind; she knew that our unique technology would protect her donors and her nonprofit.
What does Sara's story mean for you, particularly if you aren't using CharityEngine? Ask your vendor what company processes payments. CharityEngine has native payment processing, meaning we do it in our system, and we, therefore, have access to real-time data. Pair that with our patent-pending fraud protection, and you will see why our clients feel safest with CharityEngine.
No matter your size, we can promise that CharityEngine alone protects more nonprofits and prevents more fraud attacks than anyone else in our industry.
Outsmart the Fraudsters
It’s critical that nonprofits understand that they will be responsible for ACH fraud. There aren’t standard protections because the onus is on you to keep your nonprofit safe.
If you remember nothing more than the four-day rule, you’ll be protected. Layer on some validation and verification, and top it all off with CharityEngine, and you’re practically bulletproof.
Want to talk to us about fraud protection for your nonprofit? Reach out, and we’ll show you what we’ve got.