Credit Card Phishing Checklist

If your organization is experiencing credit card phishing, here are some helpful tips you can check to help prevent the fraudulent activities.


  1. Make sure your campaigns are set with a minimum amount. Usually, bots that do the phishing either pushes $1 donations to test if the cards can go through successfully. Setting up a minimum amount higher than $1 can help prevent those bots from even attempting. We suggest to set at least $9 as a minimum amount.

    *Note: Before setting up a minimum amount, please contact your processor first as some processors need to set the minimum amount donation on their side as well. Once your processor side is set, you can go ahead and add the minimum in Site Stacker.

Please refer to this link on how to set up minimum/maximum amounts for campaigns.


  1. Make sure you have Google reCaptcha set in your checkout page. Setting up a Google reCaptcha can also help with preventing bots in phishing fraudulent donations. Most of the time, Google reCaptcha can stop the transactions from the checkout page before the bots can even submit the donation process. If you are experiencing credit card frauds, we highly suggest that the Google reCaptcha is set.

Please refer to this link on how to setup the Google reCaptcha in your Checkout page.

  1. For successful fraudulent donations, you will have to refund those transactions back. You can also choose to delete the transactions after you refunded them and delete the donor’s CRM record as well.

Please refer to this link on how to refund donations.

  1. Report the fraudulent transactions to your payment processor. They can provide more information on how to handle this situation and maybe able to help you in refunding some of the successful transactions.

    *Note: For Payment Spring clients, we suggest that you enable AVS and CVV verification. This can be done in your Payment Spring dashboard. You can connect with their support to better assist you in enabling those.

  1. Lastly, if the fraudulent transactions still persist, the last resort we can do is to put the site offline. This is not the ideal solution, but putting the site offline for a specific time can help in stopping active credit card phishing activities in your website. We highly suggest connecting with our support team should you wish to put the site offline for a specific timeframe.

Or filter by: