BIRMINGHAM, Ala.—New information reveals that criminals are using unsecured charity websites to test stolen credit card numbers on a global scale.
Many charity websites have simplified their donation platform to encourage more people to give to their organizations. This added convenience comes at a price though, costing some organizations thousands of dollars due to false donations made to their websites, explained Bill Hardekopf, CEO of LowCards.com. Transactions processed as "card not present" puts the burden of repayment on the non-profit organization, not the credit card company.
“Cyber criminals are beginning to take advantage of the limited security measures on charity websites to verify the validity of stolen credit card numbers so they can be used for future fraudulent purchases,” said Hardekopf. “Why is this verification necessary? This is how credit card thieves make money. Unverified credit card numbers are not worth much on the ‘dark web,’ the online equivalent of the black market. If a fraudster can verify that a card number is still valid, the card can be sold for a much greater amount.”
"There's a giant target painted on the industry’s back that is very advantageous for credit card thieves," said Kevin Conroy, chief product officer for the charitable group GlobalGiving, told LowCards.com.