This article covers information around what, why, and how to handle unintended data that is entered into your Kindful System. Read the linked articles below to learn more about our data security practices.
What Is It?
You may have seen some unexpected, even strange, contacts created alongside some repeated, small donation attempts. Some of the donation may have been successful, and others may have been declined.
Oftentimes, with transactions, they will come in a rapid succession, one after the other. This makes them easier to isolate on your Activities page. You will commonly see these types of charges and charge attempts at values below $5, and often will be at odd values (e.g. $2.87, $3.95, $4.94). Given the way they come into the system, you will most often find them listed in succession on the Activities page.
Contacts may appear to be added in bulk, although they are most commonly coming in one at a time. Often, these contacts will have very obvious names on their contact card, so they are easy to spot and isolate. Given the way they come into the system, you will most often find them listed together on the Contacts page.
What Does It Mean and Where Does it Come From?
There are various reasons an unintended contact and/or transaction can make its way into Kindful. By way of various public facing pages that are hosted by Kindful and by connected integration partners, these types of data can be created in your Kindful account.
- You may see unintended contacts and transactions when someone is attempting to test stolen credit cards through your donation pages. Rest assured, though, that this does not mean your account has been hacked. It is simply the credit card entry forms on the donate pages being used to test card data to most likely see if it can be re-used elsewhere.
- Your connected email marketing integration (e.g. Constant Contact) has a public form, and that form is being used to send in spam information to your list. Given the connection with Kindful and your email marketing platform, these contacts may find their way into Kindful. We advise checking on the contact records' History pages in their Kindful contact profiles to see where they originated.
How Can I Clean It Up?
If you happen to see this type of data in your account, there are a few things we recommend doing to clean up your Kindful account.
For the transactions that have come in successfully, we recommend refunding these donations. Read more about this process here: Issuing a Donor Refund. This is the first step to getting your databased cleaned.
Once the donations have been refunded (if needed), we recommend then heading to the Contacts page to find these contacts. Using our Filtering process, you can isolate these most commonly using the Join Date After and Join Date Before filters. Once you have this batch of contacts segmented, you can use the Trash Contacts feature to completely remove these records from your account. You can also trash a contact manually from their contact profile if you would prefer to move through the list of these contacts on the Activities page.
How Can It Be Prevented?
If you are a Bloomerang Payments user, we automatically include the Stripe Radar feature for you. This is a world-class feature that is built by Stripe to automatically detect fraudulent payment attempts. This can not only block the transaction from entering your account, but also the contact.
CAPTCHA settings can, and should be, enabled in your Kindful account. You can set these in your General Settings and in your Fundraising Settings > Transaction Settings. We recommend setting this number low (e.g. 1 or 2). When enabled, if there is a failed attempt that matches the number you enter, then the donor will have to complete CAPTCHA on their next donation attempt. For example, if you enter in 1 in the field in Transaction Settings, if the donor makes an unsuccessful attempt to donate and then attempts another successive donation attempt, they will be prompted to complete CAPTCHA.