Qgiv has helped us streamline!

"The staff at Qgiv have been extremely supportive and willing to go above and beyond to offer extra help as needed."

- Bethany Lindsey
Bainbridge Graduate Institute

Qgiv has more than met our needs.

"We were looking for online giving software that would be easy to customize and that would provide our donors with a secure, user-friendly giving portal. We've been very pleased that Qgiv has more than met our needs, and we particularly appreciate the prompt and helpful customer service Qgiv has provided from the very beginning."

- Krista Hoffmann
Pearl Harbor Memorial Fund

Qgiv has been a great tool for our school.

"In the past, we have not been able to successfully manage pledges that are paid over time. With Qgiv, these pledges and/or recurring payments are automatic and require no effort on our part. We are simply notified when the payment goes through and we are able to promptly respond to the donor with a note of thanks."

- Scott Jones
Naples Christian Academy

What PCI Means

The official set of guidelines and practices known as the Payment Card Industry Data Security Standard began as a series of standards and practices for securing credit card data offered individually by credit card companies. Participating Credit Card Companies included Visa, MasterCard, Discover, American Express and JCB. Each had their own interpretation of security and their own recommended guidelines for keeping information from being compromised.

In December of 2004 these companies finalized the unification of individual programs into one comprehensive standard that is PCI-DSS. This industry-wide standard ensures that providers and payment processors meet minimum standards for securing and protecting cardholder data.

Requirements of the PCI-DSS

As defined by the PCI-DSS Official Website, the standards that must be adhered to in order to achieve full PCI Compliance are:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software.

Requirement 6: Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know.

Requirement 8: Assign a unique ID to each person with computer access.

Requirement 9: Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security.

Additional PCI Requirements

Quarterly Scans and Annual On-Site Audits

In order to be PCI Compliant a company must submit to quarterly scans of their networks and undergo annual on-site audits by Independent Qualified Security Assessors to demonstrate compliance with all aspects of the PCI-DSS. Some companies will claim PCI Compliance just by having quarterly scans, this is not the highest level of PCI Compliance and without independent validation, actual compliance cannot be guaranteed.

Protecting your Organization

Choosing a fully compliant and audited provider for your secure online donations is the only option to achieve the highest level of safety for your donors and their information. It also protects your organization by shielding you from having to become PCI Compliant. As discussed in the next Donation University course, hiring compliance is the best way to reduce the risk to your organization.

Qgiv's Donation University by Qgiv, Inc. is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.