Skip to main content
All CollectionsKeeping secure
Form security and fraud prevention
Form security and fraud prevention
Updated over 2 months ago

Having public forms allows your supporters to easily submit information, donate to your cause, and register for your programmes, but it also opens up the possibility for malicious actors to use them as well.

Beacon form security

All of Beacon's forms use a variety of features to secure them, and ensure that the vast majority of submissions are from legitimate sources. These include, but are not limited to:

  • Preventing automated submissions by bots by using hCAPTCHA challenges

  • Preventing known disposable or temporary email domains being used for email addresses (such as yopmail.com)

  • Restrictions on rapid re-loading and submission of the same form

  • Prohibiting access to submitting data behind the scenes without filling out the real form

  • Integrating with platforms that have enhanced payment security and fraud detection (such as Stripe's Radar)

These features mean that anyone filling out your form is a real person, completing forms manually one-by-one.

Fraudulent donations

If you've had suspected fraudulent submissions (e.g. a flurry of £1 donations through your donation form) it's often fraudsters testing stolen debit or credit card details to find those cards that work. This work is often automated to easily try thousands of card details in a short space of time, which Beacon's forms will prevent.

Unfortunately, that doesn't stop someone manually filling out your form and submitting it, but our security features heavily restrict how much they can do this.

We also highly recommend using Stripe advanced fraud protection features which can help to catch those that are submitted, and you can read about it here.

Frequently asked questions

Why don't you allow the blocking of specific email addresses?

If you do have someone submitting a form multiple times with the same email address, blocking that email address feels like an easy way to stop them. Unfortunately, it's very easy to simply use another real email address, and so wouldn't prevent someone from submitting your forms.

Why don't you allow the blocking of specific IP addresses?

The vast majority of fraudsters will be using a VPN which makes it easy to change your IP address. Additionally, you may have genuine supporters using a VPN with the same IP address, potentially excluding real submissions.

Why don't you have minimum donations on donation forms?

If fraudsters are testing lots of £1 donations on your website, they're likely testing stolen card details to see if they go through. Whilst increasing the minimum donation seems like it would stop that, they'll simply use the amount that is your form's minimum instead - after all, it's not their money!

Did this answer your question?