Charity loses £235,000 to ‘sophisticated’ cyber fraud
(Article in Civil Society Magazine 31st July 2017: Kirsty Weakley)
By Megan O’Neil 26/10/2016
At least one small charity lost tens of thousands of dollars in donations last week when a cyber attack interrupted transactions on electronic payment site PayPal.
Small Army for a Cause, a cancer-focused organization in Boston, was prepped and ready Friday for its annual one-day fundraising campaign, Be Bold, Be Bald! Each year, participants wear bald caps for a day and ask for donations from friends, family, and colleagues, raising $50,000 to $100,000 online during the designated 24-hour period and many more tens of thousands of dollars in the lead-up and wind-down.
On Friday, the day of the campaign, founder Jeff Freedman got up in the morning, put on his bald cap, and logged onto his computer to see how the donations were coming in.
“I saw next to every donation ‘failed,’ ‘failed,’ ‘failed,’ ” Mr. Freedman said. “I was really mad because the night before the event we update the website to say, ‘Today is the day.’ ”
He called the charity’s web developer, a third-party vendor, to complain. Then he called the internet service provider. For about half an hour Friday morning, a few transactions appeared to go through, and the problem seemed resolved. Then they began to fail again.
That’s when Mr. Freedman and others realized something bigger was going on: Hackers had attacked a major internet firm based in Manchester, N.H., impinging traffic and transactions on major websites including Twitter, Spotify, and PayPal. The last was the platform that Small Army for a Cause uses to process online donations for its campaign.
Trying to Be Positive
Mr. Freedman and his team sent emails to supporters explaining the situation and providing links to news coverage of the attack. Some would-be donors had filled out donation forms, providing their email addresses, before their transactions were cut off. So the charity emailed those individuals and asked them to return to the site at a later time.
“The problem there is we haven’t looked to see how many of those people actually went back and made a donation, but my gut is that it is a pretty low percentage of people who are going to do that,” Mr. Freedman said.
The problem lasted until about 5 p.m. Friday. The campaign lost tens of thousands of dollars, at least, he said.
“We have told people, Go and reach out and talk to your communities. The fundraising platform is still open through the end of the year,” Mr. Freedman said. “But the momentum that happens on that one day is gone now.”
Still, he says, he and his colleagues are trying to find the positive in it: There were lots of people out that day wearing their bald caps, taking pictures, and sharing them, he said.
“You try and revel in the idea of the day, which is to honor those who fight cancer,” Mr. Freedman said.
The PayPal incident underscores how vulnerable nonprofits are to criminal activity targeting websites and payment systems — criminals using charity donation pages to test the validity of stolen credit-card numbers, for example — as well as to just plain old technology failures. Earlier this year, a national giving day that was to benefit 13,000 charities was ruined when fundraising platform Kimbia suffered a meltdown. The online event had raised $68.5 million the year before.
27th November 2015
To guide you through the comprehensive Spending Review announced on Wednesday 25th November, PLMR have produced a series of short podcasts analyzing the key announcements and have released one specific to the third sector which we can exclusively share with FSI members.
For a charity sector wide view, click here.
If you are working in any of the fields below, the specific podcasts might be of interest to you:
- Health and social care
- Communities and local Government
- Energy and Environment
We’d like to say huge thank you to PLMR for these podcasts.
Charlotte Simmonds, Guardian Voluntary Sector 30th March 2015
Is charity regulation in a state of crisis?
Regulation of the third sector is a contentious issue. Many argue that the sector is over regulated and some say not enough information is provided for smaller organisations to ensure they are on top of their legal requirements. Mix this with the fact the sector’s regulator the Charity Commission was deemed not fit for purpose in 2014, is it no wonder the sector is concerned.
To find out more the Guardian Voluntary Sector Network convened a panel of charity leaders and charity law experts to discuss the state of regulation in the sector, and to ask if charities understand their statutory obligations. Five major talking points emerged from the seminar, which was sponsored by Zurich Insurance.
- The Charity Commission is “complicit” in an “insidious” narrative
Charitable activities are regulated by numerous bodies, from HMRC to the Fundraising Standards Board, but it was the Charity Commission’s change programme, back by millions in additional government funding, which dominated the debate.
“There is a newspaper-ish view of the state of affairs in the sector,” said Philip Kirkpatrick, managing partner and joint head of charity at Bates Wells & Braithwaite. “If you were an impressionable person, you might gather that charities are rife with fraud and scandal. The commission is under immense political pressure to be more flinty faced, more robust.
“I want to see a commission that upholds public trust by showing the good work charities do, not one that is complicit in a narrative that is damaging the sector.”
His sentiments were echoed by Lord Victor Adebowale, chief executive of Turning Point, who said the climate of regulation is “more insidious now than it ever has been”, and that the commission had “to some degree” gone along with it. He mentioned the Lobbying Act as a key example. “There is a political fear when it comes to charities, because charities change society,” he said. “We face massive opposition from the establishment because they fear that charities, especially those that campaign, might get somewhere.”
- Is regulation in a “state of crisis”?
This was the claim put forward by Gareth Morgan, professor of charity studies at Sheffield Hallam University. He said this crisis was the result of fundamental problems that caused confusion and a “lack of joined-up thinking”.
He raised the “extraordinary reluctance” by government to implement straightforward secondary legislation, such as making implementation of the new accounting Sorp (standard of recommended practice) mandatory for all charities. He also said that exempting some charities from registering with the commission, such as academy schools, museums and universities, is “ludicrous” and that “compulsory regulation, as we have in Scotland, is the only way to go”.
Lesley-Anne Alexander, chief executive of the RNIB, said the sector was held to disproportionate standards of transparency. “Charities are propping up government services, but when was the last time that Serco had to publish how much it earned from a government contract?”
- Small charities trustees don’t know the rules
Understanding legal obligations is a struggle for small charity trustees, who often never undergo proper inductions, said Pauline Broomhead, chief executive of the Foundation for Social Improvement (FSI). Trustees are ultimately held liable for a charity’s actions, yet many wrongly assume it is up to the chief executive and other staff to take care of things on the regulatory front.
“Most regulatory offences are not due to malice, but to misunderstanding,” she said. “How can you know the information that you don’t know you need to know?”
Amy Brettell, head of charities and social organisations at Zurich Insurance, said that understanding rules around liability were vital. “Trustees can be held accountable for the actions of their employees and volunteers, or if care services are outsourced to a third party,” she said. “But there can be a misunderstanding of that duty, especially knowing where liability sits.”
- The draft protection of charities bill – political grandstanding?
The draft protection of charities bill is a hot topic in the sector. Announced by David Cameron during a meeting with his extremism taskforce, the bill will ostensibly crack down on terrorist organisations exploiting charities for fundraising.
Morgan said he was very concerned that Cameron’s motivation is linked to an anti-terrorism agenda rather than an actual threat. “The commission already has the resources to deal with the rare circumstances where this occurs. This bill is just tinkering around the edges when the problem of regulation is much bigger.”
Kirkpatrick went further, calling it little more than “political grandstanding”. Adebowale said the implication that charities were more vulnerable to exploitation was “quite insulting to the leadership of charities”.
- Charities need “a critical friend, not a policeman”
No one denied that independent regulation is good for the sector. As Brettell pointed out, regulation can act as a “badge of quality” and “engender public confidence”. So what is the regulator’s ideal role?
Alexander said she would be proud of a commission that “supports and nurtures our sector”, rather than acting as “another police force”. Broomhead concurred, summarising: “We are a pretty mixed bunch. A modern regulator needs to understand the sector’s diversity, acting as a caring but critical friend.”
Morgan reinforced the importance of education as a more effective tool than policing. “Helping those who want to follow the law to do so properly is a far more efficient use of resources.”
- Lord Victor Adebowale, chief executive of Turning Point
- Lesley-Anne Alexander, chief executive of the RNIB
- Amy Brettell, head of charities and social organisations at Zurich Insurance
- Pauline Broomhead, chief executive of the Foundation for Social Improvement (FSI)
- Philip Kirkpatrick, managing partner and joint head of charity at Bates Wells & Braithwaite
- Gareth Morgan, professor of charity studies at Sheffield Hallam University
Rebecca Horsley, Charity Digital News 9th September 2014
How to use donor data to boost fundraising
What charities know about donor habits, demographics and interests is the difference between an average and an outstanding fundraising drive.
In a recent article for the Guardian Voluntary Sector network, Ben Carter, director of business development at the online petition platform Change.org shares his top tips how to use donor data to take fundraising to the next level.
1. Ensure your coding system makes sense and is future-proof. Provide clear guidance on what the codes mean so that everyone in your organisation can understand it.
2. Build a culture of data cooperation, bringing data together.
3. Look at the gaps in your database and use this knowledge to reach out to new demographics in creative ways.
4. Data can tell you exactly which combination of activities your supporters get involved with, helping you plan your next move.
5. Use segmentation to know who to contact, when to contact them and what to say.
6. Test everything, test early, and test repeatedly.
7. Pay attention to statistics but beware of basing assumptions on tests using small sample sizes.
David Ashworth: Civil Society September 10th 2014
Shawcross says he opposes restrictions on setting up a charity
Charity Commission chair William Shawcross has said he is against more restrictions on people setting up new charities – distancing the Commission from proposals outlined by former chief executive Sam Younger in his final speech.
“I resist the idea that we should stop people setting up charities,” Shawcross was quoted as saying in a feature in The Independent newspaper today. “The voluntary impulse is something important which should be cherished.”The article is written by Paul Vallely, a leading writer about charity and ethics who worked closely with Bob Geldof on Live Aid, who also supports this view. Vallely suggests that setting up a charity allows people to engage with an issue in a way that donating does not, and advocates that “there is more to charity than economic efficiency”.
In May, Younger told the Ascension Trust Practitioners Conference that many people set up a new charity without it being necessary, and that the result was “duplication, inefficiency and, sadly, too many charities that are not managed well enough”.
He suggested that the Commission should institute stricter rules to ask people applying to register a charity whether it was really necessary.
The Commission put greater emphasis on these issues in its recently updated guidance on setting up charities, in which it asked people to “think carefully” before setting up a new charity.
Younger’s comments were supported by other commentators, including the Institute of Chartered Accounts for England and Wales, which had recently carried out an efficiency review of charities, and Lesley-Anne Alexander, chief executive of the RNIB, who said that anyone who wanted to register a charity should be made to wait six months and show they had carried out research.
However Younger’s views were opposed by NCVO, most recently by Sir Stuart Etherington in his annual letter to the sector.
SA Mathieson: Information Daily, September 2014
Winning public sector business in the regions needs a local presence
The public sector market in the English north and midlands differs from that in the south and east. Suppliers will need a physical presence in the marketplace to succeed.
Regardless of next month’s independence vote, canny public sector suppliers already treat Scotland as another country. While the differences are not as great, there is a similar and strengthening case for treating the north and Midlands of England differently to the south and east.
Public sector organisations in the north and Midlands – those in the five government regions above a wiggly line running from the Wash to the Severn – tend to have a higher status than those in the south and east. They are often the most important employers in their localities, and as a result, many focus on supporting local employment. Councils in London may be relaxed about a supplier moving back office work to the north of England; a northern council may well insist the work stays in the area, and that the supplier brings in more on top.
BT shows how this can be done. In 2008, to gain a 10-year outsourcing deal with South Tyneside Council, it agreed to keep the council’s 450 jobs in South Shields, and create new ones on top; after four years it and its partners had created 559 such jobs. Last year it negotiated a similar deal with Cornwall Council for telehealth work (in economic terms if not geographic ones, England’s most southerly county is an honorary part of the north).
Increasingly, the public sector in the north is speaking with a single voice. Earlier this month, the leaders of Leeds, Liverpool, Manchester, Newcastle and Sheffield published a ‘One North’ transport proposal. This would link four of their cities through a new high-speed train line across the Pennines, as well as faster links to Newcastle and Manchester Airport. The cities argue that this would also spread the benefits of the HS2 north-south line.
Rather than competing, the five neighbouring cities want to work as a single economic unit, with goods and people moving between them with relative ease, as happens in the Randstad cities of the Netherlands and the Rhein and Ruhr valleys of Germany. The concept has the support of chancellor George Osborne, who represents the northern constituency of Tatton in Cheshire. Suppliers hoping to succeed in the area should be considering ways to support and take advantage of these plans.
As well as making it easier to visit potential clients and network, a representative based in the north or Midlands of England is likely to understand it better. London may be a global city, but many of its people are pretty ignorant of other parts of the UK, with some also believing that London’s economic dominance means that ignorance doesn’t matter.
As well as putting off customers from the Midlands and north, such attitudes are potentially costly: council and NHS spending is spread fairly evenly across the UK and more generally several of the big northern and Midland cities have undergone significant economic regeneration over the last decade or so, particularly Manchester and Birmingham.
A firm seeking to serve the UK public sector with an office in or near London should look at Manchester, Leeds or Birmingham for its next one, in some cases even before Scotland. The five government regions that make up the north and Midlands of England are home to 25.3m people, nearly as many as the 28.5m in the four regions in the south and east, and far more than Scotland’s 5.3m. A specific advantage of Birmingham is that it also puts Wales within reach – another part of the UK with a growing, distinctive identity.