What measures can my organization take?
- If you believe fraud has occurred, contact your preferred gateway to report the fraudulent activity and to arrange refunds for any card attempts that were fraudulent, but succeeded.
- Ensure that Address Verification Service AVS checks are turned on in your merchant account.
- Ensure that Card Security Code (CSC or CVV) CSC checks are turned on in your merchant account. (NOTE: AVS and CSC are not available for all merchant account gateways but many set these automatically.)
- Ensure you are on the latest version of Blackbaud NetCommunity. Blackbaud continuously reviews and optimizes its products to meet the latest security standards.
- Implement reCAPTCHA on all donation forms. ReCaptcha is available in Blackbaud NetCommunity version 18.104.22.168 and higher. The use of Captcha has been shown to greatly reduce the number of automated attempts on NetCommunity websites as it presents a visual challenge that many automation scripts cannot answer.
- Place the donation forms behind a login by assigning View rights to roles other than the "Everyone" role on the page properties Targeting & security tab. This practice will present one more challenge for automated script attempts to access the donation form.
What proactive automated measures does Blackbaud take?
Blackbaud has implemented a process to automatically blacklist individual IP addresses logging 30 or more failed donation attempts within a 7 day period. If you feel an IP address has incorrectly been blacklisted, click Chat with Support and reference this article to request the IP address to be removed.
Blackbaud also blacklists any IP address within ranges with a high percent of failure that generate 2 or more failures within a 7 day period.
- What additional preventative measures can my donors take?
For information on how your donors can protect themselves, refer to the following online resources:
Federal Trade Commission's Identity Theft Prevention website and Complaint Assistant:
The Internet Crime Complaint Center:
United States Department of Justice: Identity Theft FAQs Page:
OnGuard Online - A joint project of government sponsored websites:
Note: We provide links to third-party websites in an effort to help you resolve your issue. We are not responsible for the information on third-party websites, and we cannot assist with implementing resolutions from these websites.