Fraud Prevention: How GoodChange Protects Campaigns and Donors
How We Protect Every Donation
Our Commitment to Fraud Prevention, AML Compliance, and Sanctions Screening
At GoodChange, we believe fundraisers deserve a payments platform they can trust completely. That means actively protecting campaigns, donors, and the broader charitable ecosystem from fraud, money laundering, and sanctions violations.
This post outlines the layered approach we take to payment security, drawing on real-time AI screening, custom rules tailored to our platform, a formal Anti-Money Laundering (AML) policy, and strict sanctions compliance.
Real-Time Payment Screening with Stripe Radar
Every donation processed through Level Wins is evaluated in real time by Stripe Radar, an AI-powered fraud detection engine trained on data from millions of businesses and over $1.4 trillion in annual payment volume. Radar assigns each payment a risk score from 0 to 99, where higher scores indicate a greater likelihood of fraud.
We have configured Radar with a custom rule set designed specifically for the fundraising context, where large one-time donations, prepaid cards, and international transactions require extra scrutiny.
Our Custom Radar Rules
The table below summarizes our active fraud rules:
Action | Rule Condition | Purpose |
|---|---|---|
Allow | Matches Stripe default allow list | Trusted payment patterns |
Block | :risk_level: = 'highest' | Automatic high-risk block |
Block | Matches Stripe default block list | Known fraud vectors |
Review | :risk_level: = 'elevated' | Elevated AI risk score |
Review | :amount_in_usd: > 1000 and :risk_score: >= 50 | Large + suspicious payments |
Review | :card_funding: = 'prepaid' | Prepaid card activity |
Review | :is_disposable_email: AND :card_funding: = 'prepaid' | Disposable email + prepaid card |
Review | :billing_address_country: != 'US' | Non-US billing address |
Review | :ip_country: != :billing_address_country: | IP/billing country mismatch |
These rules work in layers. Stripe’s default AI model handles the broad strokes — blocking payments it identifies as highest risk and flagging elevated ones — while our custom rules add fundraising-specific context on top. For example, a prepaid card on its own is flagged for review; paired with a disposable email address, it receives heightened scrutiny. Similarly, a payment over $1,000 only triggers a review if Radar’s risk score is also at or above 50, helping us avoid flagging legitimate major donors.
Any payment flagged by these rules enters manual review — our team looks at each one individually before it’s approved or declined, so legitimate donations don’t get blocked by automation alone.
Why Prepaid Cards Get Extra Scrutiny
A quick note on prepaid cards, since they come up more than once in our rule set: they’re one of the most common fraud vectors in online payments, and they’re often confused with gift cards. Here’s the difference and why both matter.
Gift cards are issued by a specific retailer or as a network-branded card (like a Visa gift card) and loaded with a fixed amount. They usually don’t require registration, aren’t tied to a named person, and anyone holding the card can spend it. That anonymity is exactly why bad actors like them — there’s no real person behind the card and no way to trace the money.
Prepaid cards are issued by a bank or fintech and function like a debit card. They’re designed to be reloaded and used long-term, and most require the cardholder to register with a name and address. Legitimate prepaid cards (Chime, Cash App, Green Dot, NetSpend) belong to real people and are used every day for everyday purchases.
Here’s where it gets tricky: a Visa or Mastercard gift card actually runs on the same rails as a prepaid card, and payment processors can’t always tell the two apart. Stripe Radar flags both as “prepaid funding” in the data — which is why our rules lump them together.
We don’t outright block prepaid funding, because plenty of legitimate donors use reloadable prepaid accounts as their primary payment method. Instead, we flag it for review, and we escalate when prepaid funding shows up alongside other risk signals — a disposable email, a mismatched IP, an unusually large first-time donation, or a pattern of smaller donations that add up to a large total over a short period (a classic money-laundering technique known as smurfing). We also escalate any prepaid payment going to a federal campaign, where stricter contribution rules apply. That’s how we keep the door open for real donors using prepaid cards without giving bad actors an easy path in.
Anti-Money Laundering (AML) Policy
Level Wins maintains a formal AML and Counter-Financing of Terrorism (CFT) policy. Our program is built around four core pillars:
1. Know Your Donor (KYD)
We require full card information and CVV for every donation. All donors must provide a verified mailing address and phone number. Political donors are additionally required to disclose their employer and occupation, consistent with campaign finance regulations. We do not accept anonymous donations.
2. Transaction Monitoring
Our systems continuously monitor donation activity for patterns that deviate from a donor's typical behavior. Our Stripe Radar rules screen every payment in real time before it is processed. Separately, our internal compliance systems trigger an alert to our founding team when:
- A single donation exceeds $5,000
- Frequent small donations accumulate to a large sum over a short period
- A donation originates from a country or region associated with elevated money laundering risk
This two-layer approach means suspicious payments are caught at the point of processing by Stripe Radar, while our internal $5,000 threshold triggers a compliance review of any large donation that does come through — ensuring nothing slips past either layer.
3. Suspicious Activity Reporting (SARs)
When our internal review identifies a donation that cannot be explained by lawful activity, we file a Suspicious Activity Report (SAR) with FinCEN — the Financial Crimes Enforcement Network, a bureau of the U.S. Treasury Department. For campaign finance concerns, reports are also directed to the Federal Election Commission as appropriate.
SARs are filed within 30 days of detecting suspicious activity, and all supporting documentation is retained for a minimum of five years. Consistent with federal law, the subject of a SAR is never informed that a report has been filed. Any suspicious donation activity is also escalated directly to our founding team before any further action is taken.
4. Compliance Oversight & Training
A designated Compliance Officer oversees our AML program, ensuring our policies remain effective and up to date. All staff involved in donation processing receive ongoing AML training, including monthly updates on evolving money laundering techniques and regulatory changes. Our AML program is also subject to periodic independent external reviews.
Sanctions Compliance
Level Wins operates exclusively within the United States and is committed to full compliance with all applicable U.S. trade and financial sanctions laws. Our sanctions policy applies to every person associated with the company — employees, contractors, volunteers, agents, and third-party partners alike.
What We Screen For
Our sanctions compliance program requires us to identify and investigate any transaction or relationship that may involve:
- Restricted countries, territories, or jurisdictions
- Sanctioned individuals or organizations (OFAC-designated parties)
- Unusual or evasive behavior around the identity of a donor or the origin of funds
- Unusual invoicing, payment terms, or reluctance to provide identity information
Red Flag Escalation
Any red flag — whether identified by automated screening or by a staff member — is immediately escalated to Company management before any further action is taken. No transaction with a potential sanctions concern proceeds without explicit clearance. Staff are protected from retaliation for reporting concerns in good faith.
Expanding Beyond the U.S.
Should Level Wins ever expand operations internationally, we are committed to conducting full sanctions research for any new market, updating this policy, revising all relevant contracts, and obtaining management approval before proceeding.
A Layered Defense
No single tool eliminates fraud entirely. That's why our approach is deliberately layered:
- Stripe Radar's AI handles real-time risk scoring across hundreds of signals
- Our custom rules add fundraising-specific context that general models may miss
- KYD procedures verify donor identity before funds are processed
- Transaction monitoring catches unusual patterns that emerge over time
- SAR reporting ensures suspicious activity reaches the right authorities
- Sanctions screening ensures we never knowingly process funds connected to restricted parties
Together, these layers give GoodChange — and the campaigns that rely on us — a robust, continuously improving defense against financial crime. We take this responsibility seriously, because the causes our donors support deserve nothing less.
Questions about our fraud prevention policies?
Contact us at support@goodchange.app
Updated on: 14/04/2026
Thank you!