How It Works

We use multiple security layers to protect donors and charities:

  • IP Risk Assessment: Flag anonymized IPs (VPN, proxy, hosting, Tor)
  • Behavioral Analysis: Detect suspicious patterns (too rapid attempts, automated behavior)
  • Card Testing Protection: Limits on repeated failed payments and excessive card attempts
  • Rate Limiting: Time-based restrictions per IP address and session
  • CAPTCHA: Displayed to suspicious users to prevent bots
  • CSRF Protection: Validate all form submissions with secure tokens
  • Input Validation: Strict data sanitization and validation to prevent XSS and injection attacks
  • Local IP Lookups: All checks processed on-server; minimal third-party data sharing

Note: All security checks are processed locally on our servers using monthly-updated databases. No real-time third-party requests are made.