Security and privacy in the online world of data and donor management, payment processing and child sponsorship is a critical issue. We understand its importance and are dedicated to addressing it through as many means as possible.

REACH includes many built-in features and methods to address security and privacy. We encourage you to read our Security and Privacy page.

Unfortunately, card testing is a common activity for fraudsters. If this occurs, you will likely receive a number of failed, fraudulent donations.

What is card testing?#

These transactions frequently take the form of many failed transactions with nonsense names, and occur when fraudsters attempt to charge a stolen card number in order to see if it is a valid number—a type of fraud known as card testing.

In order to ensure that your organization does not incur any fees or penalties from your payment gateway, we recommend preventing these transactions and refunding any transactions like this that have succeeded.

How can we tell if our REACH account has had any of these types of transactions?#

The easiest way to check for this type of fraud is to examine the “Incomplete” and “Error” tabs of the Donations module in the REACH Admin Console. These transactions will typically take the form of many failed donations for small amounts ($0–$5) with strange names and emails.

How can we prevent these kinds of transactions?#

To mitigate the issue, invisible reCAPTCHA is enabled by default for all organizations to provide further fraud protection. 

The invisible reCAPTCHA works behind the scenes and is triggered when a user clicks the donate button. By monitoring how the user interacts with the donation form, reCAPTCHA is able to distinguish bot and human traffic. Only the most suspicious traffic will now need to answer a captcha. 

Is my REACH account data in danger from these transactions?#

No, your REACH account data is safe. It is not possible for fraudsters to access any sensitive data by doing this, as their efforts are focused on testing card numbers. However, it is in your best interest to prevent these kinds of transactions, as they may incur penalties from your payment gateway if they are not mitigated.

***If you or your donors are experiencing reCAPTCHA failed errors when attempting to sign in or donate, you have the ability to disable reCAPTCHA for your donations and/or your sign in, sign up, reset password and custom donation forms. You can do so by either going to Settings > Donation Setup or Settings > Account Rules. This will not put your account at risk as REACH has other security systems in place to protect you and your donors.