Fraud Prevention

AV follows and utilizes industry-standard security measures. However, your set-up decisions can expose vulnerability to election fraud, particularity when it come to voter login credentials. Voter fraud on our AV platform has been rare; however, each case was related to the creation of insecure login credentials. Following the below guidelines when creating your login credentials will help you deter fraudulent voters.  

1. Require 2 login credentials. A single voter credential is much easier to guess or manipulate.
2. Don't select easily guessable credentials for voter login. If your set up is something like Email and Last Name, unfortunately, there could be a published directory that has this information. You know your members; so ask yourself this question: is the credential something that is well-known to other members, or just known by the individual voter? Your 1st voter credential should uniquely identify the voter, and the second one only the voter knows (and you have in your database) to make it more secure.
3. If your member records are limited to public profile information such as name, address, email, etc., consider requiring an AV system-generated password as a credential. The password is unique to each voter and limited to a single election. 
   
   • Goto CONFIGURATION > CREDENTIALS. Enable the last credential option (Software generated password) & set as login 2.
   • You can download a voter list with the passcodes for reference and for distribution in the election instruction email. Goto RESULTS > NOT VOTED  to download the voter CSV file.
4. Additional safeguard with AV's voter verified email service. Members receive a unique, coded URL that requires them to access their email of record to cast their ballot. Using advanced secure encryption signatures, we provide a second layer to confirm your voters’ identification by validating through their email of record with your association. Contact Support@associationvoting.com to learn more about Voter Verified.  

Fraud Investigative Tools

Smart Election TIP:  Turn on the Voting Receipt email in BALLOT > SETTINGS.  Your voters will raise the red-flag if a confirmation is received prior to the voter casting a ballot. Note, you must enable the email field in CONFIGURATION > CREDENTIALS & include email address in the voter file.

Did one of your voter's receive a Cast Ballot confirmation email, but report not yet voting? Or did a voter attempt to login to the ballot only to be rejected as previously cast? Here are the tools available to help you investigate fraud: 

• Check the Voter Record: Goto RESULTS > WHO'S VOTED. Check for cast date and time. You can ask said person if they had voted at that time. If not, then you may want to check on the IP address & login attempts.
• Failed Login Tracking:  You search for repeated login attempts in the Recent Login Failures Report. Useful for monitoring for potential fraudulent login activity. You can sort and search by IP address and attempted login values to see trends or find details for a specific user credential. More details. 
• IP Address Tracking: Goto CUSTOM REPORTS > REPORT LIST and select "Voting From Where - Ballots Cast, IP Address, Browser User Agent". This report includes the IP address and user agent string for each voter. The user agent string helps in identifying the device used; from most offices, you might expect to see Microsoft Edge and Chrome desktop browsers mixed with iPhone and Android devices. This report will allow you to see a little more detail about the devices used. Sort the report to look for IP address and Usser agent trends. Questions to consder when looking for trends: 
  
  • Were these votes cast around the same time?
  • Was there a meeting, convention, or other reason in the life of your association/organization that would put those people together at that time?
  • Do the people have something in common (e.g., they all work at the same office)?
• Research an IP address location: You can use an online tool, such as https://www.iplocation.net/ to look up the general location of the IP address. While this information is helpful; you can only get so much public information from an IP address. You cannot always identify someone exactly, and they can be shared or moved by the cable or broadband company.
  
  • Understanding IP addresses: Depending on how your network is set up, an IP address may identify a single device (think of your smartphone on broadband; it has a unique IP address), or it may identify an office, workgroup, or campus (think of your smartphone on your office wifi - it may look like the same IP as you and your office mate's laptops). If the same address shows up, it could be that the vote was cast on the same device, especially if they are close together in time. 

If you determine a single ballot has been compromised, you can re-open the ballot for the legitimate voter to cast. Re-opening the ballot will remove the count and selections from the cast ballot total, until the ballot is re-cast legitimately. If you don't see the option to re-open a ballot in Results > Who's Voted, contact AV support. 

If you suspect election fraud, you can close your election window immediately for further review and include a warning or instructions on the login screen for voters. 

If you need further assistance, please contact support@associationvoting.com.