Protect Donor Confidence, Not Just Funds

tessera Perspective

Fraud in payments is rising and nonprofits are not immune. In 2024, nearly eight in ten organisations reported an attempted or actual payments fraud incident (AFP Payments Fraud Survey, 2025). For nonprofits, the financial losses matter, but the larger cost is confidence. When donors hear about fraudulent transactions or compromised systems, they hesitate to trust the organisation with their payment details again.

Recognize Fraud as a Trust Issue

Too often, fraud is treated solely as a financial risk. While chargebacks and recovery costs are material, the reputational impact is far greater. Donors need to believe their contribution is handled securely. A single incident that exposes weak controls undermines that belief, and trust, once lost, is difficult to restore.

Anticipate the Changing Threat Landscape

Fraud is evolving. Stolen card details are routinely tested through small online donations, leaving nonprofits with fees and administrative burden. Social engineering, where fraudsters impersonate senior executives to divert transfers are increasingly common. As digital channels grow, so too does the exposure. Nonprofits that assume they are too small or too mission-driven to be targets misjudge the incentives of fraudsters, who often see them as softer entry points.

Treat Safeguards as Donor-Facing

Donors look for signals that their data is safe: encrypted checkout pages, recognizable payment providers, and clear communication about how information is protected. Equally, safeguards should not create unnecessary friction. The goal is discretion—strong controls that are felt through reassurance rather than through added barriers.

What Leaders Should Do Next

Assess the organization’s exposure across donation channels and review recent incidents, both internal and sector-wide. Confirm that processors provide the latest fraud tools, including tokenisation, anomaly detection, and chargeback monitoring. Train staff to recognize emerging threats such as social engineering or business email compromise. Most importantly, communicate to supporters that protecting payment data is part of the organisation’s responsibility to them.

Fraud will always carry financial risk, but the greater danger is erosion of trust.