Please help!!! Over 265,000 fraudulent constituent accounts created in less than a month
Options
Comments
-
Raj Ajyer, we also use iATS and experienced a similar assault and iATS were the first to alert us to the problem. They do in fact offer us the ability to block transactions based on credit card BIN number (basically which country the card is issued from) and/or based on IP address from where the transaction occurs. I know that IP addresses can be spoofed but it is a starting point. For both of these filters you just specify the country codes for the countries that you want to block. It seems to work pretty well for us. At least we have not had any problems since we set it up.
The problem of fraudulent accounts being added to LO without financial transactions, which started this discussion going, is a separate one and one that we have also experienced. Sadly Blackbaud did not have much in the way of suggestions of how to stop this.2 -
Good Day Robert, when the carding stared we asked IATS to implement AVS but they told they don't have any thing like it to stop the cards based on their billing address. it was shocking. The carding we faced this month on a Friday evening, came from an address in NY, "237 Austin Avenue" with different country codes, different IP addresses and different email addresses. IATS cannot be contacted after 6pm pacific time, on that fatal Friday we could not reach them till Monday Morning 9am. we are disappointed.0
-
Raj - it appears you're now part of Luminate Online's "Yaphank - Holtsville" club! Welcome! Our CVV settings stopped these guys.
2 -
IATS screwed us big time by not implementing the security features ! now the blame game is going high.0
-
Robert, on the issue of Fraudulent constituents created in LO after carding, BB will run a script and remove them immediately. We got it done the same day.1
-
Oddly enough, we ran into this too -- we found that all our providers had implemented security features but at extremely relaxed rules.
We suspect this happens to clients because strictness does sometimes cost you some business -- as a user could get frustrated entered credit card data or being out-of-area or forgetting their billing zip. Impact depends on your foot traffic to the site(s) -- or lack of, and this might be a non issue.
I'd suggest anyone who's reading this thread -- to go through your provider(s) settings and make sure they're optimal. And that you have a process in place.
Locate those shut-off valves before you get flooded!0 -
I'd like to also add this crucial advice for everyone on the thread:
Create a query (and associated group, set to rebuild automatically) to identify any consituents created in your database with a $0 transaction. The basic parameters I used are "accept email = true" AND "system origin application type = donation" AND "last transaction amount = blank". You may also wish to add in date parameters.
Put this group into your "do not mail" default settings for all email campaigns. This ensures that your deliverability rating isn't impacted by any carding runs.
You can also use this group to identify which constituents are bogus and the ones you may need Blackbaud to remove for you.8 -
Erin LevineKrynock:
Just wanted to add an update to this.
We eventually did halt whatever script was running on our donation forms by adding and additional required field to the form, the CAPTCHA was unsuccessful. However, this does not prevent the same thing from happening in the future if the script is updated, and unfortunately since records can never truly be deleted from Luminate, we do now have close to 380,000 records that are "marked as removed."
I agree with Jessica's idea that was submitted (https://luminateonline.ideas.aha.io/ideas/LUM-I-1730 ) to prevent accounts from being created as a result of failed transactions.We're nowhere close to your level of fraudulent attempts... not yet. But the attempts have really ramped up this year. I was just curious about the additional required field? What was the field? Was it visible to the user? What it a honeypot?
Thanks in advance for any feedback you might be able to provide!
0
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 3 Blackbaud Staff Discussions
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board