Risk Reduction for your Organization...
This is course 4 of 5 in Safety and Compliance
When looking for the best option to secure donor information it is far easier and more economical to hire compliance than to become compliant as an individual organization. An online donation provider with the infrastructure and software already certified as PCI Compliant has distinct advantages in providing donors with the safest and most secure method of giving online.
When deciding on an online donation provider, always insist on the highest level of PCI Compliance. Not only is PCI-DSS the standard of the credit card industry, it is important to be able to tell your donors that your organization has chosen a company that takes every possible measure to ensure the security of their data.
Protecting Your Organization
Choosing a provider that is not yet PCI Compliant can be a risk. With full PCI Compliance mandated by the credit card industry, non-compliant providers will be required to expend significant time and capital to become certified. Companies not prepared for this eventuality may suffer fines or have their ability to process credit cards revoked. Providers unable to meet these demands may cease operations and leave the organization without recourse.
Providers that are only partially compliant may claim full compliance at their required level according to the PCI Standards. What this means is they are unwilling or unable to pass annual on-site security audits by independent security assessors. Passing Annual On-Site audits is the gold standard and highest level of PCI Compliance.
Donation Providers claiming to be PCI Complaint may offer quarterly scans as proof of compliance. This is not the highest level of compliance offered by the PCI Security Council.
Always insist on proof that any online donation provider you are considering has passed an annual on-site audit in the last twelve months.
Zero Account Data Access
Providers that are PCI Compliant, like Qgiv, act as a barrier between an organization and sensitive information from donors. Sensitive Information such as credit or bank account numbers, expiration dates and security codes is never shared with an organization. There is no risk of accidental exposure of data that is never provided. Organizations can interact with their donation form, view and download data regarding transactions made using the system without worry. There is no sensitive information provided and nothing to be compromised at the organization’s level.
If you have access to any of the information listed above, your provider is not PCI Compliant and your organization and your donors are at serious risk of a security breach.
The text portion of Qgiv's Donation University is licensed under a
Creative Commons License.