SMS Staff Alerts for Program Availability: Now in Training Sites
To best serve your members and program participants, it is important for you to have real-time insight into program availability so that your team can act quickly to place someone from the waitlist into the program.
With this release, Program and Child Care staff can now be notified via SMS text notification any time an opening becomes available for a standard program or child care program with a waitlist enabled.
Read the user guide here. This feature will be released to Training sites for all associations on April 28. We plan to release to Live sites for all associations on May 11.
Got Daxko Questions?
Join our first Project Thrive: Ask the Expert session on Thursday, April 28.
What’s Project Thrive? Every week, our team of product experts will hold office hours to cover the basics of Daxko solutions AND give you time to ask questions.
In the first session, we’ll be getting into the details of Reporting. We’ll cover essentials like how to find the reports you value, how to build a custom report, and how to edit the existing reports you need.
Can’t attend? Sign up so you can get the recording!
We’ll offer new Ask the Expert sessions every week, so stay tuned for more…
We have seen an increase in the last week of fraudulent credit card testing on our Online Giving pages. We are monitoring activity around the clock and have taken measures to protect your associations from these attempts. This blog post reviews what we are changing and why.
Note: There has not been a data breach or a PCI violation to Daxko Operations.
What is fraudulent credit card testing?
Unknown individuals that are wishing to steal funds will obtain lists of stolen credit card numbers. These are not stolen credit card numbers from Daxko in any way, rather they are credit cards of unknown individuals likely not associated with any of our organizations. In order for these criminals to validate which of the stolen credit cards are still active, they will use a site to test that credit card number – typically for a small amount so that a successful transaction does not alert the cardholder. These criminals target donation sites specifically, as no shipping addresses must be provided and no goods are exchanged. If the card is declined, they will know that the card is no longer valid. If the card is approved (for a small $1 or $2 donation in most cases), the criminals will then use that valid credit card to make purchases on a retail site or will sell that validated credit card to other criminals.
Sometimes these attacks are done by bots (automated processes built to simulate human interaction with the online giving site) and sometimes these are groups of individuals manually testing these cards.
What is Daxko doing about this?
Addressing these fraudulent attempts is an ever-changing process, as criminals continue to work around security measures. In this recent round of fraudulent attempts, the Daxko Team has selected the following immediate changes to deter this activity:
We are implementing a $10 minimum for all online gifts. This discourages such criminals from wanting to use our site, as cardholders will notice a $10 charge on their statement more than a $1 charge. We know this will not stop them all together, but this is an effective measure taken by organizations like the American Red Cross and could help reduce testing volumes. In testing Friday, April 17th into Saturday, April 18th, we did find that implementing this minimum amount did deter an attack and we feel this is a successful measure to assist as we address this issue.
We are taking the Online Giving Page offline from 10pm Central on April 18th to 7am Central on April 19th. This outage is necessary as the attacks are highly concentrated in the early morning hours and allows our team to research additional security measures that may be implemented. We will update messaging on this blog post if we determine this needs to be done for any additional days or times. UPDATE: We will continue to take the page down at night while we work on several other security measures to be released in the near future. Stay tuned for a specific date.
We are adding rules to our rate limiting tool that blocks IP addresses that are submitting donations one after the other, especially when these are declined. This tool was implemented just over a year ago when we last saw a spike of fraudulent credit card testing in our online giving page, and has deterred criminals for since then. However, these individuals are using new methods to get around our monitoring and we responded by implementing a more secure set of rate limiting rules. UPDATE: Beginning at 5pm on 4/21 you may experience a temporary lockdown for online gifts based on our monitoring of activity on your site. This lockdown will last for 10 minutes at the time of release, but that time may be adjusted as needed based on the activity we are seeing.
These are the known decisions at this time but we have all hands on deck to investigate every option to stop this round of attacks and bulk up security for the future of our online giving tools.
How will we know if our association was affected?
Our team is compiling a list of all affected associations and we will be contacting you beginning on Monday. This will include our recommendations for addressing these attempts. While any successful attempts that occurred from fraudulent credit card testing will appear in Manage Online Donations, our team will contact you with the data our engineers have collected and provide insights in how to move forward.
As you know, Daxko recently transitioned from Finastra (also known as BankServ) to ACH.com for EFT payment processing. With this migration, bank reconciliation for weekends has required more compiling than it did previously. This is due to a change in process to send separate batch files for Saturday and Sunday and Monday, even though there is only one deposit on Monday.
In order to return to a process similar to what existed prior to the migration, the Daxko Operations team will begin sending the Saturday and Sunday batches to the processor on Monday. This change in process will occur on July 1, 2019.
We hope this change will make it more straight-forward to reconcile your weekend deposits.
