Stay vigilant and use due diligence when hiring outside service providers

| Business Miscellaneous, News

By Chris Mennel     Recently, I heard about a new form of theft against a central Indiana nonprofit.  Using the organization’s login information for its credit card processor, a perpetrator was able to issue repeated refunds to a Russian bank account.  The first two – one for $9,000 and the other for $21,000 — were processed.  The third attempt for $80,000, however, was caught by the business administrator when he logged into the account and noticed the pending payment.

Fortunately, insurance refunded the $30,000 that was stolen, but ultimately the nonprofit or business has the responsibility for selecting a qualified service provider.  With that in mind, you should exercise caution when using credit card processors, donation websites, and any other outside service providers that involve financial information.

In another example involving donations received from individuals, a class action lawsuit was filed against Paypal in 2015 related to its “Giving Fund” platform.  The lawsuit was filed by nonprofits listed on the Giving Fund platform that didn’t receive their intended donations.  Paypal reportedly redirected donations intended for specific charities to other organizations of their own choosing.  In 2017, Paypal was ordered to establish a $4 million settlement fund.  In this case, the nonprofits may not have known ahead of time that their contributions would be misappropriated, but their vigilance paid off in the end.

Due diligence is your best defense when considering a new financial relationship.  Below are some questions and tips to assist you before signing on the dotted line.

An effective due diligence process should include these questions:

  • How does the company protect users’ private information?
  • Have there been any fraudulent claims against the company? If so, how were they resolved?
  • Who is liable if illegal activity occurs?
  • How accessible is its customer service department?
  • How could your organization’s financial information be used by someone intending to do harm?

Investigate the prospective company:

  • Conduct a background check.
  • Identify the major lines of business and volume of a payment processor’s customers. Look for any red flags.
  • Visit the company’s business operations center, if possible, to verify legitimacy.
  • Check for any complaints with the Better Business Bureau (BBB).
  • Review consumer complaints and procedures used to handle these complaints.

Payment processor activities that should raise suspicion:

  • Does the processor use more than one financial institution to process payments? Spreading the activity among several institutions may allow the processor to engage in inappropriate activity that avoids detection. This strategy is also used in case one or more of the financial relationships is terminated as a result of suspicious activity.
  • Is the processor using a financially troubled institution in need of capital? These troubled financial institutions may be more willing to engage in higher-risk transactions in return for increased fee income. Check with rating services, such as Bankrate or Bauer Financial, to determine how the institution is performing.
  • Does the processor resell its services to “Independent Sales Organizations” (companies contracted to procure new merchant relationships). These organizations can in turn sell services to other merchants who are unknown by the processor.
  • Nonbank payment processors are not subject to certain regulations; therefore, they may be more vulnerable to money laundering, identity theft, fraud schemes and illicit transactions.

While all illegal activity can never be completely eliminated, conducting a thorough due diligence protocol can minimize your risk when entering into a new business relationship. Investigative due diligence is an essential step when concerned about the unknown scope of a new relationship, even when the provider is a reputable company or comes highly recommended.

Call Alerding CPA Group for assistance at 317-569-4181 or visit our website:

This article was featured in

This post was written by:

Christopher Mennel, CPA
Senior Audit Manager

Chris oversees audit and accounting services, not-for-profit and consulting services. Chris’ specialties include manufacturing, distribution/wholesale, retail, health and welfare, service and civic organizations. Chris also prepares financial statement projections and other financial analyses.
See Christopher Mennel’s Full Bio ►