Protect Your Congregation: Expert Tips for Secure Year-End Giving

Last year, the Federal Trade Commission reported a staggering $10 billion loss to scams, marking the highest amount ever recorded. Unfortunately, fraud becomes even more prevalent during the end-of-year holiday season when scammers take advantage of the giving spirit. 

Your donors rely on you and the donation platforms they use to ensure their contributions are secure. As a partner of Givelify, you’re already using one of the most secure giving platforms available. However, it is crucial to remain vigilant outside of Givelify too. 

We recently sat down with Hari Krishna, Givelify’s Chief Technology Officer, to get his expert advice on how places of worship can protect themselves and their donors from fraud. 

With a career spanning over 20 years across diverse sectors including healthcare, radiation dosimetry, and financial technology, Hari is passionate about educating others on topics such as cybersecurity and data protection. 

Having joined Givelify at its inception, Hari leads a diverse team across engineering, infrastructure, IT, and research who work together to safeguard data and develop customer-focused solutions. 

In our conversation, Hari shared his thoughts on recent high-profile security incidents, common types of fraud that could impact organizations like yours, and practical steps you can take to keep your organization and donors safe. 

Understanding the growing threat of cybersecurity incidents 

Q: There have been several companies in the news lately impacted by high-profile security incidents. What are your thoughts on these events? 

Despite having multiple layers of protection, large organizations can still fall victim to security threats. Take, for example, the cyberattack that hit MGM Resorts last September. This attack locked guests out of their rooms, shut down employee emails, and even disrupted slot machines. It also resulted in a $100 million loss to the company’s bottom line. 

The MGM attack is a stark reminder that most hacking attempts are not sophisticated. They often involve someone calling or emailing, pretending to be someone else, and gaining access through basic social engineering tactics. 

This is exactly how the MGM hack unfolded. A hacker found an employee’s information on LinkedIn, impersonated them, and called the MGM IT desk. By requesting a password or multifactor authentication reset, the hacker was able to gain access to the employee’s account. 

While stories like these involving large organizations make headlines, the truth is, most fraud occurs in smaller organizations, which may not be as prepared to prevent and respond to these incidents. 

Common types of fraud impacting organizations and donors 

Q: What are some common types of fraud that you see impacting organizations and their donors? 

Several types of fraud commonly impact organizations: 

Account takeovers 

This is the most common type of fraud we see affecting organizations. In these attacks, hackers gain access to your login credentials and use them to infiltrate revenue sources like bank accounts, peer-to-peer payment apps like Cash App, or donation platforms such as Givelify. 

Typically, hackers obtain your login information through social engineering tactics, where they deceive you into revealing your email or password by posing as a trusted individual. Once they gain access, they attempt to reroute your bank account to their own. 

Fortunately, Givelify employs robust fraud prevention systems designed to thwart these bad actors, even if your email credentials have been compromised. 

Fake accounts 

Bad actors may create fake organization accounts in an attempt to confuse donors and divert donations to their fraudulent accounts. This type of scam is particularly common among larger, well-known organizations. 

To combat this, Givelify employs a rigorous verification process that all new organizations must complete when signing up, ensuring that only legitimate organizations can use the platform. This proactive approach helps protect your organization and your donors from falling victim to these deceptive practices. 

Stolen Personally Identifiable Information (PII) data 

Faith organizations often hold extensive Personally Identifiable Information (PII) on their donors. If this sensitive data is compromised, it can be combined with other personal information available on the dark web, enabling hackers to steal donor identities. 

These bad actors can then use the stolen identities to open credit cards, take out loans, and commit other fraudulent activities — all without the donors’ knowledge. 

To safeguard against these threats, we take advanced security measures, including the use of secure third-party vaults, encryption, and a distributed storage system. 

In addition to those protections, our dedicated fraud monitoring team works around the clock to detect and prevent potential breaches. 

Stolen credit card or bank account information 

Many places of worship store donors’ bank account and payment information on their laptops or accounting software, which poses a significant risk. If this data is compromised, it can be used to steal money directly from your donors. 

Payment information is most commonly compromised when someone inadvertently shares it with a bad actor or when it is obtained through illegal means, such as the dark web. 

This is where Givelify stands out among other donations platforms. We do not store credit card information. Instead, this data is hosted in an encrypted and untraceable format directly with credit issuers like Visa and Mastercard. 

Additionally, our advanced anti-fraud systems, combined with 24/7 monitoring, provide the highest level of security for your donors’ financial information. By choosing a donation platform like Givelify, you benefit from these robust security measures, enhancing protection for both your organization and its supporters. 

Practical steps to protect your organization 

Q: What steps can organizations take to safeguard themselves and their donors from these types of fraud, especially as we approach the end-of-year giving season? 

Givelify boasts over a 97% success rate in preventing account takeovers and other types of fraud, far above the industry average of 40%. If you’re using Givelify to collect donations, you’re already well-protected. 

However, there are some additional steps you can take to further protect your organization and donors: 

Separate your business from personal 

To minimize the risk of cross-contamination between your personal and organizational data, use different email addresses, passwords, and devices for your place of worship. This way, if one is compromised, the other account and information remain secure. 

Set up multiple business bank accounts with withdrawal limits to protect your organization’s funds. This can help limit your overall financial exposure if an account is breached. 

Some other tips to keep in mind include enabling multi-factor authentication (MFA) and using complex and unique passwords. Never store your passwords physically. 

Protect against AI tools 

As artificial intelligence (AI) technology evolves, so do the tactics used by hackers to compromise organizations. AI can automate phishing attacks, generate convincing deepfakes, and analyze large datasets to identify vulnerabilities, leading to sophisticated scams and security breaches. This enables scammers to create realistic fake emails, text messages, voicemails, and even videos of faith leaders or decision makers, making their attacks harder to detect. 

To counter these threats, implement a buddy system for key business decisions, such as fund withdrawals, to create an additional layer of verification. 

Additionally, require that certain actions be conducted in person to reduce the risk of AI-driven impersonation attacks. Lastly, establish multiple safe words or symbols for verification to further enhance security. 

Implement remote access shutdown protocols and anti-virus software 

To enhance your organization’s security, implement remote access shutdown protocols, keep your anti-virus software up-to-date, and ensure all devices are password-protected. 

Remote access tools allow you to shut down or lock your computer if it’s lost or stolen. Lost and stolen laptops is one of the most common ways information is compromised. 

Additionally, it’s critical that you maintain the latest version of your anti-virus software. Regular updates protect against emerging threats, such as malware, ransomware, and phishing attempts. These anti-virus programs work by blocking access to malicious websites and preventing harmful software from being downloaded to your devices. 

Lastly, ensure that all devices, including laptops and desktops, are secured with strong passwords. This adds a layer of protection, making it more difficult for unauthorized individuals to access your data in the event of theft. 

Safeguard your congregation’s generosity this holiday season 

As the end-of-year giving season approaches, securing your donors and your organization is more important than ever. By understanding common types of fraud, you can take proactive measures to protect your congregation and ensure your organization remains a secure place for generosity. 

Now is the time to review your security practices and make any necessary updates. If you have questions or need support, Givelify is here to help. Together, we can ensure that this season of giving is both joyful and secure for all.