What is FraudMod?


FraudMod, HiRaiser’s proprietary fraud detection and mitigation module, is an anti-fraud system that defends against suspicious transactions and other attacks. The donation pages of nonprofit organizations, because there is often no product being sold and no shipping address required, are especially susceptible to such attacks by criminal entities. 


A common threat: “Card testing” attacks

One common type of attack is a “card testing attack,” in which stolen credit card numbers are tested to see which ones still work. Members of criminal gangs test many card numbers (up to hundreds or even thousands) via a vulnerable website. This can result in the victim organization being charged thousands of dollars in processing fees by its card processing gateway for the declined transactions, gateway merchant account suspensions, as well as much time and energy wasted sorting things out with the financial services companies involved and the people whose cards may have been charged.

FraudMod eliminates such vulnerabilities, and stops the attack instantly.


How does FraudMod work?


FraudMod automatically evaluates each and every submission in real-time, and assigns it a fraud score based on dozens of data points, evaluating it using internal HiRaiser data and processes, information from public databases, and AI-based machine learning. 

The HiRaiser admin(s) for the site receive a notification about the flagged submission, requesting that it be reviewed.

Review the details of the submission in the email and follow the instructions. If it is someone known, a person whose identity you can verify, or otherwise looks legitimate, it is important to remove the Fraud flag from the submission so that the payment can be processed and the person doesn't get blacklisted from making future donations. If not, take no action and the submission will be permanently blocked.

Fraud Scores

The exact score threshold for holding or blocking transaction varies, depending on what the issue is.

  • No fraud (Fraud Score 0)
    Nothing appears in the notification.

  • Low Fraud Score (generally under 8)
    The submission is approved and the Fraud Score details are included in the notification.

  • Medium Fraud Score (around 10) = FRAUD FLAG
    The submission is marked as Fraud in HiRaiser. 
    It will not appear in the frontend of any campaign until the Fraud flag is removed (see below).
    If you remove the Fraud Flag, the submission will be treated as a regular submission.
    It will not appear in the frontend of any campaign until the Fraud flag is removed.
    If the Fraud Flag is not removed, the person making the submission will be blacklisted and future submission will be blocked.

  • High Fraud Score (generally in the teens) = FRAUD REJECTION
    The submission is blocked and held for review. Fraud Score details are included in the notification.
    In exceedingly rare cases, a legitimate submission gets flagged when it triggers certain fraud indicators (a “false positive”). In order to ensure that legitimate submissions don’t get blocked, a suspicious submission is held in limbo in an encrypted backup log for 48 hours, to allow you time to review it. 
    If you approve the transaction, it will be released and submitted for processing, and future submission by the same person will be allowed.
    If you take no action, the transaction will remain blocked, and the person who submitted it will be blacklisted, with subsequent attempted submissions being blocked outright. 

  • Extreme Fraud Score (35+)
    The transaction is blocked and no notification is sent so you'll never hear about it. Sometimes submissions with lower scores are blocked if the fraud is very obvious based on specific criteria or if the source of the submission is known to be suspect.

How to Change a Fraud Status


To release a FRAUD REJECTION:
  1. Click the link in the mail, where is says "click here to unblock and release it"

To remove a FRAUD FLAG:
  1. Open the submission/donation. You can do so by clicking the Record ID link in the notification email.
  2. Scroll down to the FraudMod Details section.
  3. Toggle the Fraud status to off.
  4. Click Save.
If you believe your site is under attack, let us know – though HiRaiser probably detected it and automatically stopped the attack before you even realized it was happening. That is FraudMod in action, protecting you and your website so you can focus on your real work and sleep soundly.

If you are unsure what to do, please contact the HiRaiser Team for assistance.