Fighting Donation Fraud

Donations are a billion-dollar business: in Germany, the Spendenrat e.V. (Donations Council) predicts that around €5 billion will be donated to charitable organisations and churches alone in 2024. Unfortunately, donation fraud is probably as old as donations themselves. When cash is tempting in the offering box or donation tin, some people cannot resist the temptation. Even in times of cashless payment, fraud is widespread, although the approach has adapted to modern times. With the obligation to Verification of Payee, from October 2025 it will be possible for every cashless donor to carefully check the recipient.

Cashless donations

Donation organisations must of course offer ways for cashless donations and keep the hurdles for donors as low as possible. In the online area, donation platforms are comparable to an online shop, with the difference that – apart from a donation receipt if applicable – nothing is delivered. Therefore, the time until payment is received is not critical. The usual payment methods are usually offered on online donation portals and fraud lurks in two different facets:

1. the portal is fake and sales flow to fraudsters along with the card or bank details,
2. credit cards or bank details stolen elsewhere are “tried out” by fraudsters in order to recognise possible blocking.

In real life, most people associate “donating” with a collection box or offering box, where cash is the only option. As modern people are increasingly travelling without cash, cashless solutions are also gaining ground here. Card readers are rarely used because their cost and handling seem unsuitable.

Simple and secure: SEPA credit transfer with EPC QR code and Verification of Payee

The European Paymet Concil set a standard for QR codes in the financial sector around ten years ago and continues to maintain it. It enables the simple optical transmission of the BIC and IBAN of a donation account (or any other account for other purposes in the Euro area). The banking apps of all relevant banks can read this QR-code and convert it into a credit transfer template, meaning that almost any user of a banking app can also make simple cashless donations.

From October 2025, banks will be required to offer the “Verification of Payee” (VOP) function: before a transfer is made, the system checks whether the recipient’s name and IBAN match. To do this, you need to know that when a payment is received, the recipient bank books it to the corresponding IBAN without comparing the names of the payment and the account. Until now, fraudsters could simply paste over a QR code with their own IBAN (see image: Fraud when parking). If the donor performs a VOP query, the recipient bank must compare the name (or company ID) from the transaction with its own data and return the result in five seconds. This makes it very difficult for fraudsters to deceive the noble donors, while the donation recipients have no effort or costs with this fraud protection.

If you are a financial institution interested in the technical implementation of the VOP regulations, we look forward to hearing from you.