Email Address Editing Security¶
To help protect against fraud and unauthorized changes, TouchPoint includes security features that apply when editing email addresses on someone else’s profile. These features are designed to mitigate increatingly common social engineering attempts where bad actors convince staff to change an email address on a congregant’s record.
Note
These security features only apply when editing another person’s profile. When you edit your own profile, email addresses are editable without additional warnings.
Click-to-Edit Email Address¶
When editing another person’s profile, the Primary Email Address and Alt Email Address fields are initially read-only (disabled). This requires an intentional action to enable editing of these fields.
Enabling Email Editing¶
To edit an email address on someone else’s profile:
- Step 1
Click the Edit button on the person’s profile to enter edit mode.
- Step 2
Notice that the Primary Email Address and Alt Email Address fields are grayed out and cannot be typed in directly.
- Step 3
Click the pencil icon next to either email address field.
- Step 4
A warning dialog will appear with the title “Are you sure?” and a customizable security message (see EditEmailNotifyMessage setting below).
- Step 5
Review the warning message carefully. If you are certain the email change is legitimate:
Click Edit to enable both email address fields for editing
Click Cancel to keep the fields read-only
- Step 6
Once enabled, you may modify either the Primary or Alt Email Address.
- Step 7
Click Save to save your changes.
Warning
Always verify email change requests through a secondary communication method (phone call, text message, or in-person confirmation) before making changes. Email change requests are a common entry point for fraud.
Email Change Notifications¶
When an email address is changed on someone’s behalf, TouchPoint sends automatic notifications:
Notification to the Old Email Address¶
The Edit Email Confirmation email is automatically sent to both the new and old email address when someone’s email is changed. This alerts the person that their email was modified, allowing them to contact the church immediately if they did not authorize the change.
Note
No notification is sent if a person changes their own email address.
No notification is sent if an email is removed from a profile and remains blank/null.
Notification to Staff Members¶
The Edit Email Notification email is sent to all users who have one or more of the roles specified in the Edit Email Notify Role setting. This keeps designated staff informed of all email address changes made in the system. If no role is configured, the notification defaults to all users with the Admin role.
Administrative Settings¶
Two settings control the behavior of email editing security features. These are found under Admin > Advanced > Settings > Security > Miscellaneous.
Edit Email Notify Message¶
- Display Name:
Edit Email Notify Message
- Data Type:
Textbox
- Location:
Admin > Advanced > Settings > Security > Miscellaneous
This setting controls the custom message displayed in the warning dialog when a user attempts to edit someone else’s email address.
Default Value:
“WARNING! Requests to change email are a common entry point for fraud and data leaks. Do not change a person’s email without verifying the change via a secondary source, such as a phone call or text, to other information on their profile.”
Churches may customize this message to include their specific policies or verification procedures.
Edit Email Notify Role¶
- Display Name:
Edit Email Notify Role
- Data Type:
Role Lookup (supports multiple selections)
- Default Value:
Admin
- Location:
Admin > Advanced > Settings > Security > Miscellaneous
When an email address is edited on someone’s behalf, a notification email is sent to all users who have one or more of the selected roles. You can select multiple roles to notify different groups of staff members. The notifications default to users with the Admin role, and can be disabled by clearing the setting.
Tooltip: When an email address is edited on someone’s behalf, a notification will be sent to all users with this role.
Note
Each user receives only one notification email, even if they have multiple roles that are selected in this setting.
Email Templates¶
Two system email templates are used for email change notifications. These templates can be customized under Admin > Communication > Email Templates, but they cannot be deleted or renamed.
Edit Email Confirmation¶
This email is sent to the person whose email address was changed (at their old email address). The default template includes:
A greeting to the person
Notification that their email address was changed
The old and new email addresses
Instructions to contact the church if they did not request the change
Available Merge Fields:
{first}- Recipient’s first name{notifyName}- Name of the person whose email was changed{oldEmail}- The previous email address{newEmail}- The new email address
Edit Email Notification¶
This email is sent to users with the role specified in the Edit Email Notify Role setting. The default template includes:
Notification of who made the change
Whose email was changed
The old and new email addresses
Available Merge Fields:
{first}- Recipient’s first name{modifyByName}- Name of the person who made the change{notifyName}- Name of the person whose email was changed{oldEmail}- The previous email address{newEmail}- The new email address
Best Practices¶
To protect your church from email-based fraud:
Always verify email change requests through a secondary method (phone call, text, or in-person)
Review notifications - Ensure staff members with the Edit Email Notify Role review all email change notifications
Educate staff - Train all staff members to recognize social engineering attempts
Customize the warning message - Update the Edit Email Notify Message to include church-specific verification procedures
Latest Update |
1/15/2026 |
Update Note regarding notification to the old email address