Charity Fraud Awareness, which runs from October 2019, is a timely reminder to check that your organization to doing all it can to mitigate the protection of your payments and donations.
While all organizations, as well as individuals, are at risk of fraud and other cyber-crime, charities need to be particularly alert. Not only are the funds and types of data they hold attractive targets for cyber criminals but charities can be seen as a soft target due to their reliance on volunteers, which can give fraudsters easy access into organizations. Also, people good faith in charities can make them less suspicious with individuals less likely to query payments from their bank accounts to appears to be a charity (especially if it’s from a joint account), or to ask for a fraudster’s ID.
In fact, new figures released in the October 2019 by the charity commission show that 4% of charities have suffered at least one fraud in the past two years, with mandate and CEO fraud, and that relating to an abuse of position the most common, while fraud by trustees and volunteers has doubled since its last study back in 2009.
Thankfully, where mandate fraud is concerned, the advantage with regular giving is that Direct Debit is still recognized as the safest payment method with the Direct Debit Guarantee protecting supporters against erroneously and fraudulently made payments.
However, the financial security of supporters’ data, donations and financial details cannot be over-emphasized. It is vital to ensure your organization is on the ball in all areas where fraud and cyber-crime are a risk, with protection in place to minimize the chances of becoming a target.
Here are some ways to protect your donations
There are some common issues to look out for and the steps to take:
- Online donations pages can be targeted by fraudsters trying to check if cloned or stolen cards are still live, so monitor activity, look out for unusual traffic activity, look out for unusual traffic such as lots of small transactions in quick succession and at unusual hours like the middle of the night.
- To reduce unauthorized fundraising in the name of your charity, ensure you issue fundraisers with identification and advertise that your legitimate fundraisers will be able to identify both themselves and the charity. On social media you can also set up tracking that will flag when your organization is mentioned in case unauthorized fundraising is happening here.
- Fraudsters sometimes gain access to personal and financial information by volunteering, so follow up on volunteer references and consider additional checks if they will have access to financial records or sensitive information.
- Make sure someone is responsible for ensuring you have up to date anti- malware software and that security patches have been correctly applied to all computers. Agree too a simple policy of how patches and malware will be added to any equipment used in your organization’s work and conduct and record regular health checks on computers.
- For greater data security, consider a secure file transfer protocol (FTP) service to send files rather than emails –some simple services are free-and consider storing files centrally for users to log into, rather than everyone having local copies on their machines.
- Ensure everyone has their own login, even with job shares, and keep a record of what access staff have to what systems. When someone leaves, revoke access that day and change the passwords. Apply a password policy-some systems might do this for you and on others you can set the policy to ensure that passwords are strong and renewed periodically.
- If your organization outsources to third party partners for additional expertise and technology, especially around donation management, be sure to carry out sufficient due diligence; reputation counts but also look for ISO certifications and appropriate kitemarks that can be checked, such as FSA and Bacs affiliation.