What Nonprofits Should Know About Fraud Protection

This post dives into how both Canadian and American nonprofits can protect themselves from fraud and is contributed by Peggah Azarvash, a Sales Executive with iATS Payments.

For nonprofit organizations all over the world, the threat of fraud is a boogeyman that seems to lurk around every corner, threatening to dry up goodwill and irreparably damage reputations.

From phishing scams to hackers trying to break into your donor database you understand what a frightening situation it can be for your organization. That’s what makes it so important to have a strong grasp of fraud prevention best practices.

And beyond just protecting your nonprofit from financial and reputational losses, anti-fraud security measures can boost efficiency, increase public trust, and make it easier for you to create a compelling case for support as donors decide whether or not they should hit the “donate” button.

Leverage these benefits for the good of your nonprofit by:

  • Understanding local fraud laws & measures
  • Formalizing training as your first defense
  • Considering your website as your most valuable (& vulnerable) asset
  • Using securely integrated donation tools


Ready to learn more about anti-fraud training, secure payment processing, and other important fraud prevention techniques? Let’s dive in. 

Understanding local fraud laws & measures

Fraud may be a universal danger for all nonprofits, but the anti-fraud laws and protection standards in your country or province can have an impact on how you go about preventing and reporting fraud. That being said, there is a good deal of cross-over in the handling of fraud for many countries, particularly those within North America.

For example, let’s compare a few key areas of overlap in the legal and structural framework for fraud in Canada and the United States:

  • Indictments against charity fraud. “Charity fraud” is legally understood by both Canada and the US as the defrauding of charitable organizations, which includes falsely posing as a legitimate charity, the diversion of funds, and a variety of other activities. Depending on the severity of the activities, both countries deal with this offense on a similar scale which can range from forfeiture of income made from the scam to jail time and disqualification from claiming tax-exempt status in the future.
  • The investigation and reporting process. This includes protecting the identity of the individual who came forward with the allegations, notifying your insurers and board of directors (if need be), carrying out a thorough investigation before taking action against a particular employee or party, and possibly reporting the issue to your area’s official fraud committee. In the US, this can be a variety of different entities, though the non-emergency police line will redirect you to the proper authorities. In Canada, you should contact the Canadian Anti-Fraud Centre (CAFC).
  • PCI Compliance safety standards. Official anti-fraud safety measures can vary depending on where in the world you are. However, one fraud prevention standard that transcends most borders is PCI compliance, the official standard set forth by credit card companies that labels card and payment processing tools as trustworthy, reliable, and secure. To learn more about PCI compliance, this guide explores PCI essentials, security best practices, and top tools.

Once you have a firm grasp on your area’s legal framework for fraud, you’ll be in a much better position to jump right into action and elevate the issue if you find your organization falling victim to major systemic fraud.

Formalizing training as your first defense

While you may be confident in your ability to fend off the threats of fraud on your own, attempting to manage the situation without the assistance of your team will only frustrate you and result in an inefficient security process.

The fact of the matter is that fraud is practically impossible to predict, as it can come from both outside and inside sources and can strike your organization in a variety of ways. From online hacking to embezzlement, financial threats can enter from all directions, making it imperative that you have as many eyes and ears as possible keeping a lookout.

To spread out the work and ensure that all of your organization’s staff members know how to identify a threat when they see one, implement the following strategies:

  • Organize a fraud identification and prevention manual. By creating a physical or downloadable resource dedicated to the subject of fraud, your employees will have a reliable source to flip back to if they ever suspect something is amiss. This manual should also include a formalized process for how and to whom staff members should report suspicions of fraud, as well as what should be done during a worst-case scenario.
  • Share case studies. Sometimes it’s not enough to hear about fraud and fraudsters in an abstract and theoretical way. Give your staff something more grounded to rely upon by sharing examples of nonprofit fraud schemes and creating fleshed-out profiles of potential fraudsters.
  • Create an audit and security committee. While everyone should be keeping an eye out for suspected fraud, your organization will benefit from a dedicated team of staff who are routinely combing your data for discrepancies. This will not only prevent fraud but can also boost efficiency as they take a look at basic data management practices.


With these formalized defenses among your team of staff, it will be much harder for a potential fraudster (both within or outside of your organization) to take you by surprise.

Consider your website as your most valuable (& vulnerable) asset.

A strong nonprofit website and web strategy is essential for dozens of your different operations—like digital fundraising, online donor engagement, virtual marketing, and especially online fraud protection.

In our digital age, many fraudsters are taking to the Internet to carry out their schemes, and it’s become more important than ever for you to protect your website and the precious digital gateway that your donors are typing their private information into.

In particular, consider these simple yet effective measures to tighten up your website’s security:

  • An SSL certificate. An SSL or “security sockets layer” certificate is a digital installation that authenticates your website’s identity and allows for an encrypted connection.
  • A secure payment processor. A safe, reliable payment processor is one of the many necessities to include in your donation form, as it’s your payment processor that’s responsible for handling, verifying, and organizing financial data.
  • Antivirus software. To protect your website from the many viruses and malware floating around the world wide web, install antivirus software that repeals these attacks and regularly screens your website’s health.

These measures should not only provide an important security boost to one of your nonprofit’s most important resources, but they will also increase donor trust in your website’s legitimacy and your organization’s commitment to donor safety.

Using securely integrated donation tools 

When it comes to fortifying your nonprofit’s anti-fraud security, it only makes sense that your biggest area of focus should be the tools that deal directly with sensitive financial information: your donation and payment processing software.

So, as you go down the list incorporating important fraud prevention systems into your nonprofit’s operations, be sure to take a close look at your chosen tools to accept donations online.

As we’ve mentioned, PCI compliance is a strong measure of safety for payment processing tools, with Level 1 compliance being the highest possible standard of security.

Additionally, be sure to invest in donation tools that have other, dedicated anti-fraud tools in place to defend against any potential attacks, like:

  • Bank Identification Number (BIN) verification
  • Card Verification Value (CVV2)
  • Data encryption features

While your nonprofit team keeps an eye out for signs of internal fraud, these dedicated payment processing systems will be able to fill out your line of defense by protecting you from outside threats and schemes.

With every passing year, fraudsters, hackers, and other malicious parties are employing new methods to try and break through your nonprofit’s security. While this can be frightening and you should always keep a watchful eye on your data, these simple yet powerful security measures will help you to keep pace with the changing times and empower you to continue pushing towards your nonprofit mission.