Securing Your Account Access
Your Flipcause Account is the key to your donor data, transaction data, and your merchant accounts - it's just like your bank account but potentially with even more sensitive information, including that of your constituents. Just like you would with your bank accounts, you'll want to take every precaution to keep it secure. Here is a list of best practices and steps to take:
- Use a strong password for your account. A strong password means:
- Long (15+ characters is ideal)
- Unique (you don't use this anywhere else)
- Now that all your passwords are long, unique, and impossible to remember (good!) please use a password manager to store all of your long, (Never write passwords down anywhere!)
- Do not share your login with other users. You have unlimited free sub-admin accounts available to you on Flipcause, and you can set specific permissions for each one. Please create a new login for each Flipcause user (or have us do it for you!)
In case your username and password do get into the wrong hands, enabling this adds another layer of security to ensure that the person entering your login credentials is really you.
- Set up two-factor authentication for your account
- Make sure your sub-admins also have two-factor authentication enabled
Administrator Privileges and Settings
Each of your sub-admin accounts can be configured to have different privileges and levels of access. You'll want to give each of the people logging in only as much access as they need to keep your account secure. For example, you may want to block access to adding or editing linked bank accounts from most, if not all, subadmins.
- Learn about access levels and the privilege options and how to set them up
- Set up Privilege Profiles for different user types (such as volunteers vs. development staff vs. financial access)
- If needed, restrict access to your Flipcause account based on location and set up email alerts for when suspicious logins are attempted.
Combating Fraudulent Transactions
Your Flipcause account comes with a proprietary and regularly updated security system that already blocks over 99% of all fraudulent transactions. This is above and beyond what your typical merchant accounts will offer, plus, since all organizations have different needs, we have advanced features to give you even more control if you need it.
- Monitoring Transactions
You should be monitoring your incoming transactions daily (if not in real time) to make sure they look legitimate. You can to this quickly by reviewing all of the transaction notifications that are emailed to you to check for the following common signs of fraud:
- Clearly fake names and email addresses (that look like jibberish)
- Uncommonly small transaction amounts
- A sudden high volume of incoming transactions
- Payment Security Settings
If your organization's forms become the target of an attack, you will often find that they originate from a specific country or continent, and one that you wouldn't expect to receive donations or payments from usually. You can permanently or temporarily block those countries from being able to process transactions.
- Reporting Fraudulent Transactions
If you do have any transactions that come through that you are sure are fraud, you will want to report them right away so we can refund then in full and remove these fake records from your database.
- What happens if you do nothing?
If fraudulent transactions go through without being caught right away, this puts your organization at risk to chargebacks and their accompanying fees from the real credit card holders once they find out their cards have been misused. This could add up to tens if not hundreds of dollars in fees to your organization, which we work very hard to help you avoid. If you have any questions or concerns, please don't hesitate to reach out to your Success Team - we're here for you!