Security and privacy in the online world of data and donor management, payment processing and child sponsorship is a critical issue. We understand its importance and are dedicated to addressing it through as many means as possible.

REACH includes many built-in features and methods to address security and privacy. We encourage you to read our Security and Privacy page.

Unfortunately, card testing is a common activity for fraudsters. If this occurs, you will likely receive a number of failed, fraudulent donations.

What is card testing?#

These transactions frequently take the form of many failed transactions with nonsense names, and occur when fraudsters attempt to charge a stolen card number in order to see if it is a valid number—a type of fraud known as card testing.

In order to ensure that your organization does not incur any fees or penalties from your payment gateway, we recommend preventing these transactions and refunding any transactions like this that have succeeded.

How can we tell if our REACH account has had any of these types of transactions?#

The easiest way to check for this type of fraud is to examine the “Incomplete” and “Error” tabs of the Donations module in the REACH Admin Console. These transactions will typically take the form of many failed donations for small amounts ($0–$5) with strange names and emails.

How can we prevent these kinds of transactions?#

To mitigate the issue, invisible reCAPTCHA is enabled by default for all organizations to provide further fraud protection. 

The invisible reCAPTCHA works behind the scenes and is triggered when a user clicks the donate button. By monitoring how the user interacts with the donation form, reCAPTCHA is able to distinguish bot and human traffic. Only the most suspicious traffic will now need to answer a captcha. 

Is my REACH account data in danger from these transactions?#

No, your REACH account data is safe. It is not possible for fraudsters to access any sensitive data by doing this, as their efforts are focused on testing card numbers. However, it is in your best interest to prevent these kinds of transactions, as they may incur penalties from your payment gateway if they are not mitigated.

It is strongly recommended that you have reCAPTCHA enabled. You can do so by going to Settings > Account Rules > Security tab.