• Home
  • About
    • About
    • Policies
  • Submissions
    • Op-eds
    • News / Announcements
  • Contact
  • Donate
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

eJewish Philanthropy

Your Jewish Philanthropy Resource

  • News Bits
  • Jewish Education
  • Readers Forum
  • Research
  • Show Search
Hide Search
You are here: Home / Best Practice / Dos and Don’ts for Nonprofit Credit Card Compliance

Dos and Don’ts for Nonprofit Credit Card Compliance

August 27, 2009 By eJP

secure_creditcarda guest post by Douglas Schoenberg

Payment Card Industry (PCI) Compliance refers to a set of security standards for protecting cardholder data. Here are some basic Dos & Don’ts for any organization that is accepting (or considering accepting) credit card payments.

Don’ts

  1. Don’t think PCI doesn’t apply to you – Most non-profits process fewer than 20,000 transactions per year and are thus considered Level 4 Merchants. Currently this means that certifying PCI-compliance is not mandatory, however they are still responsible for the security of cardholder data and still subject to fines if the data is breached.
  2. Don’t ever keep account verification data – This includes the 3 or 4 digit CVV security code on the card, PIN #s or data stored on the magnetic stripe of the card.
  3. Don’t collect or send credit data via email – Email provides very little security and should not be used to transmit credit card data. This means discouraging donors from providing their account numbers via email, but also eliminating any “online forms” that collect card data and then send it via email. If you can’t justify the fairly minor expense to offer a truly secure online donation form, just don’t offer the option to make a gift online.

Dos

  1. Do store cardholder data securely – In order to process monthly pledge payments via credit card or ACH, the account data must be stored somewhere. If it is stored in a spreadsheet, Word document or database on your computer or servers, it must be encrypted and password protected. It’s far easier to use processing software that allows you to store account data at a Level 1 PCI-certified hosting facility. For instance we recently adapted all our software to store only a unique ID “token” that allows processing of future pledge payments without the need to store credit card data on our or our client’s computers.
  2. Do promote security for online donations – If you’ve made the effort to ensure that your online processes are secure, promote this fact on your online donation pages using appropriate text and security icons. This will increase donor confidence when providing their information and thus increase donations.
  3. Do review handling & storage of paper records – Securing cardholder data does not only apply to electronic records. Any donation forms, pledge cards, reports or other paper records that contain credit card numbers should be destroyed (or at least stored in locked files) once they have been processed.

The bottom line is that protecting your donors’ credit card data is critical – not just because of PCI, but also to ensure their trust in your organization is maintained. Following these Dos and Dont’s is a really good way to begin.

Douglas Schoenberg is CEO of SofterWare, Inc. (parent company of DonorPerfect)

Print Friendly, PDF & Email

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Filed Under: Best Practice, Management Tools Tagged With: online fundraising

Click here to Email This Post Email This Post to friends or colleagues!

Primary Sidebar

Join The Conversation

What's the best way to follow important issues affecting the Jewish philanthropic world? Our Daily Update keeps you on top of the latest news, trends and opinions shaping the landscape, providing an invaluable source for inspiration and learning.
Sign Up Now
For Email Marketing you can trust.

Continue The Conversation

  • Email
  • Facebook
  • RSS
  • Twitter

Recent Comments

  • Bruce Powell on An Invitation To Transparency: Reflections on an Open Salary Spreadsheet
  • Sara Rigler on Announcement: Catherine Reed named CEO of American Friends of Magen David Adom
  • Donna Burkat on The Blessings in 2020’s Losses
  • swindmueller on Where Do We Go From Here?
    Reflections On 2021
    A Jewish Response to These Uncertain Times
  • Alan Henkin on Where Do We Go From Here?
    Reflections On 2021
    A Jewish Response to These Uncertain Times

Most Read Recent Posts

  • Jewish Agency Accuses Evangelical Contractors of “Numerous Violations” but Denies They Evangelized New Immigrants
  • Breaking: Birthright Israel & Onward Israel Seek to Join Forces to Strengthen Jewish Diaspora Ties with Israel
  • An Invitation To Transparency: Reflections on an Open Salary Spreadsheet
  • Why One Zoom Class Has Generated a Following
  • The Blessings in 2020’s Losses

Categories

The Way Back Machine

Footer

What We Do

eJewish Philanthropy highlights news, resources and thought pieces on issues facing our Jewish philanthropic world in order to create dialogue and advance the conversation. Learn more.

Top 40 Philanthropy Blogs, Websites & Influencers in 2020

Copyright © 2021 · eJewish Philanthropy · All Rights Reserved