For people wondering "What possible reason would someone run fraudulent credit cards through <i>a charity</i>?", the answer is:<p>1) Most stolen credit cards are sold, generally in large blocks.<p>2) The value of a stolen credit card is highly dependent on a few factors, including most saliently age since acquisition (since they're increasingly likely to be discovered and canceled over time) and whether they've been recently vetted or not (since otherwise the market is a market for non-working lemons, where you cream off known-good cards and sell known-bad cards).<p>3) Putting a transaction through any merchant which actually runs the card and returns a result will successfully vet the card. Charities, Internet startups, and Internet startup charities are all known to have lower-than-average risk screens in place, so they're preferentially abused for this.<p>A credit card fraud ring used BCC for same reasons earlier this year, by buying it through our Paypal buy now button. We reversed ~60 transactions before I (apparently?) successfully convinced the Paypal live security team to bring the hammer down on them.<p>P.S. Watsi folks, you should talk to Gumroad or SiftScience. Both of them are YC companies (so I rather suspect both would help you out under a frieNDA or something) and both have ideas which would work for you.