Unfortunately, donation forms can be a target for carding attacks (e.g. stolen credit card data is tested). To prevent our clients from falling victim to such attacks we came together with our partner Datatrans and created Fraud Groups into which we have divided our merchants.

• Fraud Group 1:
  • Setting: allows 2 attempts per minute from the same IP address.
  • Who is in it: small/medium-sized organisations in Switzerland WITHOUT Employee Giving Campaigns.
• Fraud Group 2:
  • Settings: 5 attempts per minute from the same IP address
  • Who is in it: Oktion Free organisations with high donation volume and/or Employee Giving Donations (all Alaya Merchants)
• Fraud Group 3:
  • Settings: 3 attempts per minute from the same IP address.
  • Who is in it: Default for Oktion Free customers

Why the setting of attempts per IP address?

The IP address is a numerical label assigned to each device connected to the computer network that uses the internet protocol for communication. It serves two main purposes: identification and location addressing. By blocking the attempts per IP address we can make sure that an attack from one location is blocked after the specified amount of attempts. Multiple users from the same location, e.g. same office building, can have the same IP address, hence specific campaigns from one location would be blocked with the current fraud filter and we need to adjust the filter in such cases.

Please inform the Customer Success Team when you are planning a big campaign and expect a high donation volume so we can proactively check your Fraud Group and adapt if necessary.

Datatrans will inform us if they notice an attack and we will get in touch with you about adapting your Fraud Prevention rules, however, if you notice anything unfamiliar in your donations tab in the Oktion Manager (such as unexpected high volumes of CHF 1 donations) , feel free to reach out to myoktions@oktion.com.au