Why would fraudsters spend hundreds of millions a year donating to charities?  Fraudsters are the business of stealing money, not giving it away.

But they do.  On the face of it, they appear to be very generous.

Every year, stolen credit card numbers, checks and even bank routing numbers are used to make hundreds of millions in donations to charities and not for profits.

So what gives?  Why in the world are charities on the receiving end of so many stolen funds?

Just A Clever Disguise

It turns out fraudsters and would be scammers are really not that generous.  Their donations are just a roundabout way of turning stolen credit card numbers and checks into cold hard cash.

Fraudsters are targeting charities through several different fraud schemes that may be costing charities hundreds of millions annually:

1.  Using stolen ACH numbers and making online donations.
2.  Using stolen Credit Card numbers and donations through website
3.  Using stolen checks and mailing donations to charities address.

How Does The Scam Work?

When fraudsters make donations using stolen credit card numbers, checks or bank accounts.  It typically follows this pattern:

Large Donation – First the scammers will make a very large donation to a charity or not for profit using a credit card,  or stolen ACH number.

Report the Donation as Unauthorized –  The next day they will contact the charity and advise that the donation was an error or not authorized at all.  For example, they will say that the donation they made for $5,000 was really meant to be $500 and request that you send the money back to them.

Request a Refund From the Charity– The fraudsters will then request a refund back to a credit card, gift card or wire transfer.

Then Request a Refund from the Bank -When the charity send the money, the fraudster than calls the bank and reports fraud and gets a refund from the bank as well.

In all cases, the charity loses money to these fraudsters when both the bank and the fraudster double dip on the charity.

By donating to a charity, fraudsters can double dip and get twice the amount of cash back on a transaction.  If they want to a regular merchant online, they might only get a fraction of the transaction amount after selling the stolen goods.

High Profile Internal Fraudsters Use the Same Trick

Earlier this year, charities in Atlanta fell victim to the same type of scam but it was perpetrated by a Senior Level Executive at Bank of America.

Pam Ace, an SVP of  Bank of America’s global wealth & investment management division, and her husband Jonathan Ace, were each charged with internal fraud stealing over $2.7 Million from the bank.  They perpetrated the scheme by making donations to charities and then later claiming the charities were made in error, requesting money back.

Pam Ace made large donations to charities with Bank of America money, then requested the money back from charities.

Why are Charities Targeted?

Fraudsters target charities for any one of a number of reasons.  Here are some of the primary reasons.

1. Charities Have Less Controls –  Since charities are not selling goods and services, they build in less internal controls around accepting cards and ach transactions.  Fraudsters know this and always follow the path of least resistance.  Charities are targets because it is easy to pass through bad checks and cards because the controls are typically much less than they would have at other merchants online.
2. Charities Are Trusting – 99.9% of the people that charities deal with are generous people that are donating their time and money.  Fraudsters realize this and take advantage of that trusting nature to take advantage.  Charities are just too nice.
3. Charities Websites Are Great For Testing Card Numbers –  Charitable sites provide a great location for fraudsters to test stolen credit card numbers.  Since charitable sites do not have basic checks in place, the fraudsters can type in hundreds of card numbers to see if the card works.  It’s a process called probing and card issuers have learned that a small dollar transaction at a charitable site is often a precursor to a sizable fraud that will happen on that card shortly after the probe.

Fraudsters often target charities for online fraud because charities are often too nice and trusting and may have not built in the right controls into their system.

Up to 2 Billion in losses a year

While the losses are not tracked or well known some organizations such as the FraudAdvisory Panel estimate that losses across all types of fraud that occurs at charities could be as high as 2 Billion GBP annually.

It’s Not Just Fraud But CyberSecurity As Well

A recent study was conducted this week found that charities are just as susceptible to online attacks as businesses, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities.

Because cybersecurity is not a high priority objective of a charity, they will often rely on outside agencies and outsource the work without fully building up their defenses.

You can read the document here – CyberSecurity At Charities

Stay Aware, Invest in Fraud Controls

Charities should invest in fraud controls and cybersecurity measures to ensure that they are not targets of fraudsters and scammers.  You owe it to yourselves, and all of the great people that you are helping with your charitable organization.