Importance of the card security code and other online fraud protection measures for nonprofits

I was forwarded a question from a donor this past week asking why our donation forms would require the donor to submit their credit card's card security code. The card security code is that three digit code on the back of Visa or MasterCard cards and four digit value on the front of American Express cards. The digits are typically printed on your card, rather than stamped in the plastic like the digits in your credit card number. These numbers are used by your credit card company to help prevent fraud.

Nonprofit merchants need the card security code and other measures such as address or zip code verification to protect against credit card fraud. Requiring the donor to enter a correct security code or zip code for their card helps to validate that the person entering the information is the cardholder.  Unfortunately, charities are often the targets of credit card fraud. I have been witness to it many times. Thieves will try to "test" stolen credit cards on donation sites. If a card processes on the donation form it is good and can be sold. But these thieves often do not have the security code information or the correct address for the card. Requiring these items can help prevent hundreds of phony charges being racked up on the nonprofit's merchant account (which can cost the nonprofit considerable money).

The donor that contacted us was concerned about the security and integrity of this card security code. Donors should know that the security code number is not stored. It is in fact against the rules and regulations of the major credit card companies to store it. It is discarded after use. 

Have other security questions? Get in touch.