We’re excited to announce a recent update designed further to safeguard our online giving platform against card testing fraud. If you use our platform for donations, please read on and implement these new settings immediately to enhance security.

What is Card Testing?

Card testing occurs when fraudsters verify if stolen credit or debit cards are active by making small transactions. At TouchPoint, we strive to balance ease of use for your donors with robust security measures to minimize such fraudulent activities. While no system is completely failproof, our continuous updates aim to bolster your protection.

Important Note: If card testing occurs on your system, neither you nor your donors are at risk. The fraudster gains no information about you or your donors.

Why This Matters

Any payment system can be targeted for card testing. Our goal is to prevent large-scale abuse by implementing measures that discourage fraudsters from using our platform. The latest update introduces velocity checks on failed transactions, which you can enable under “Admin Settings” > “Finance > Online Giving.”

Five New Settings

Here’s a detailed look at the new options available:

Enable Failed Transaction Limit: Activates the new security feature, allowing you to customize the following settings.

Failed Consecutive Gift Lockout: This setting sets the number of failed transactions allowed before blocking further attempts. The default is set to three, meaning that after three failed attempts, the user will be blocked on the fourth attempt. You can adjust this to make the system stricter or more lenient.

Failed Transaction Time Frame: Defines the time window for tracking failed transactions. The default is 15 minutes. If someone makes two attempts and then waits 20 minutes before trying again, they won’t be blocked. This ensures genuine donors aren’t accidentally blocked.

Failed Transaction Block Time: This determines how long a user is blocked after reaching the failed transaction limit. The default is 60 minutes, meaning the block lasts one hour. Card testers typically move on after being blocked, reducing the likelihood of repeat attempts.

***Failed Transaction Ignored IPs: (Most Important)
This setting is crucial. It allows you to list IP addresses that are exempt from velocity checks. Separate multiple IPs with commas. Adding your church’s IP is recommended to prevent accidental blocking of legitimate donors with multiple failed attempts. Ensuring your church’s IP is listed will help maintain smooth operation for genuine transactions and avoid disruptions in your regular donation processes.

Emphasizing Security

We want to reiterate that your system and donors are not at risk from card testing. These transactions indicate fraudsters are attempting to test stolen cards on public platforms. By implementing these settings, we aim to make it significantly harder for them to exploit your giving page.

Please contact our support team through the TouchPoint platform if you have questions or need assistance. We are here to help ensure a secure and smooth giving experience for your donors.