Donation security: 4 ways nonprofits can minimize lost and stolen gifts

For most nonprofits, donation security isn’t top of mind until something goes wrong: A check goes missing. A donor asks why a gift was never acknowledged. A grantmaker insists payment was sent but the organization never receives it.

As charitable giving becomes more complex and more distributed—across foundations, donor-advised funds (DAFs), workplace giving programs, and other intermediaries—the risk of lost, delayed, stolen, or misdirected donations is increasing. In 2026, nonprofits can no longer afford to treat donation security as a back-office concern. It’s a core component of financial stewardship and donor trust.

What are the sources of donation security risks?

Nonprofits face multiple risk factors

Nonprofits operate in a uniquely exposed environment. By necessity, they publish sensitive information publicly—mailing addresses, leadership contacts, tax documents, and program details—across websites and publicly accessible databases. At the same time, many organizations process a high volume of incoming transactions from a wide range of sources, often with small teams and limited internal controls.

That combination makes nonprofits attractive targets for fraudsters looking to steal donations. The more payment sources an organization has, the more opportunities exist for something to go wrong—or be exploited.

Public data can be helpful—but also risky

Donors and grantmakers rely on publicly available data sources such as the IRS, Candid, and Charity Navigator to verify nonprofit information. But these systems are only as good as the data within them. When addresses, websites, or key contacts change and aren’t updated everywhere, inconsistencies emerge.

Outdated or conflicting information can lead to payments being delayed or sent to the wrong address—particularly when various parties—including DAF sponsors and corporate giving programs—rely on these databases to validate organizations and direct payments. Fraudsters can even attempt to take advantage of these situations, impersonating organizations to change their address and divert mailed checks.

Mail remains one of the biggest risk points

Despite the growth of electronic giving, billions of dollars in donations are still sent in the form of paper checks via mail each year.

Numerous authorities on consumer fraud warn against mailing checks, given the risk of loss, theft, interception, and fraud. The AARP and the U.S. Postal Service have repeatedly issued guidance advising the public to avoid sending checks whenever possible due to rising mail theft and check fraud.

According to the Federal Reserve, reported instances of check fraud nearly doubled between 2021 and 2024. Scammers can doctor checks for deposit into their own bank account. For nonprofits, this risk is compounded by the fact that they often don’t know when a check is coming—especially for offline gifts like DAF grants, qualified charitable distributions (QCDs), or workplace giving. If the nonprofit is not expecting a payment, it may go unnoticed indefinitely when it doesn’t arrive.

Even when checks aren’t stolen outright, delays are common; mailed checks can take weeks or even months. When funds are delayed, programs get less funding and stewardship suffers.

AI increases risks to digital payments

Electronic payments are safer—and much faster—than checks, but they aren’t risk-free. Fraudsters can impersonate nonprofits, attempt to claim organizational profiles on payment platforms, and submit falsified documentation. As AI makes forged documents easier to create, organizations without responsibility for payment platform enrollment clearly delineated internally may be especially vulnerable.

How can nonprofits reduce donation security risks?

1. Keep information updated across key platforms

Nonprofits should routinely audit and update their information across the major data sources used by donors, DAFs, and foundations, including the IRS Tax Exempt Organization Search, Candid, and Charity Navigator. Assigning clear internal responsibility for maintaining these profiles reduces confusion and prevents funds from being sent to the wrong place.

2. Prioritize secure electronic payments

Whenever possible, nonprofits should opt in to electronic payment options offered by grantmakers and other payers. Beyond getting money faster, digital payments provide earlier visibility into incoming gifts—making it easier to identify missing payments.

Sharing bank account and routing details is sometimes unavoidable, but nonprofits can reduce risk by tracking where those details are provided, limiting internal access, and using accounts configured to receive payments only, without outbound transfer permissions.

3. Protect and monitor mail intake

For organizations that still receive checks, ensuring that mailing addresses are accurate, monitored, and secure is critical. Centralized mail handling, lockboxes, and basic internal controls can significantly reduce the risk of interception or misplacement.

4. Partner with grantmakers on safer practices

Finally, nonprofits can help shift the ecosystem by encouraging grantmakers to modernize disbursement practices. Many funders still rely on checks because nonprofits are perceived to “prefer” them—often out of habit rather than true preference. But checks introduce real financial, operational, and environmental costs.

Sharing information with grantmakers about these risks and showing your nonprofit is equipped to—and prefer to—receive electronic payments helps move the sector toward safer, more efficient norms.

As philanthropic dollars increasingly move through intermediated and offline channels (DAFs now account for $65 billion of individual giving, as of 2024), donation security will only grow more complex. By keeping public information accurate, embracing secure electronic payments, protecting mail workflows, and working collaboratively with grantmakers, nonprofits can reduce risk—and ensure that more charitable dollars reach their intended recipients and make the hoped-for impact.

Photo credit: Liubomyr Vorona/Getty Images