Security
      Back to home
      1. Help Center
      2. Security

      What Is Card-Testing?

      Card-testing is a widespread issue that impacts nonprofits everywhere. With card-testing on the rise, we've enacted measures to prevent this type of fraudulent activity from taking place on Snowball donation pages.

      Snowball screens each transaction to filter out card-testing behavior, preventing fraudulent transactions from occurring. This process happens seamlessly behind the scenes, with no extra work for your organization or your donors. 

      Frequently Asked Questions

      Is My Snowball Account Safe? Are My Donors Safe?


      If you suspect that card-testing has occurred, rest assured that your Snowball account has not been hacked. No one has gained access to your Snowball account. No donor data, including credit card information, has been compromised.

      How Do I Know If My Donation Page Has Experienced Card-Testing?

      Every card-testing episode has a different signature, but look for unusual patterns in your Reporting dashboard, such as: 

      • A high number of failed transactions.
      • Many donations in the same range (often $1-$10)
      • Unfamiliar email addresses and names.
      • Missing billing addresses in the Payment Details tab.
      • "Bounce"-status emailed receipts (viewable under the Receipts tab in the transaction), indicating that the email address is fake.

      What Do I Do If I Think There's Been Card-Testing?

      If you suspect that your donation page has experienced card testing, we recommend that you take the following actions immediately:

      • Refund successful fraudulent payments to avoid disputes. Each disputed transaction incurs a $15 fee from Stripe and other payment processors. Refunding successful fraudulent transactions will prevent disputes and third-party fees.
      • Mark the refund as "fraud" to block the email and IP address. While you're refunding the payment, you can also check a box to mark the transaction as fraud, so that any transactions from that email address and IP address will be blocked. Visit our Help Center for more details on refunding donations.
      • Alert Snowball so that we can monitor and help. If you suspect card-testing, contact us. We can take certain steps to help, such as monitoring your account activity and temporarily suspending your payment gateway so that no transactions will process during a card-testing episode. 

      What Is Card-Testing, Exactly?

      During card-testing, bad actors with stolen credit card information use a computer program to run large batches of transactions on public-facing donation forms. The purpose is to identify any valid credit card information, which can then be sold on the dark web. (This card information is not obtained from your donors or anyone affiliated with your organization.)