Building Trust With Donors: Are You Secure?
1. Make sure your donor database is PCI-compliant. The Payment Card Industry (PCI) data security standard applies to all organizations that process card payments so as to prevent fraud by increasing the controls around card data. By using PCI-compliant donor software, it means that, in that respect at least, you comply with the PCI data security standard. Noncompliance means losing the ability to take card payments in the future and possibly the risk of a fine. Some donor database software gets around this by removing the need to store card details altogether; the payment gateway (e.g., WorldPay) stores the card details, while your database just stores a token reference number relating to that card on the payment gateway’s database. The token number on its own is meaningless to a data thief. Others do that but also give the option to store encrypted card details.
2. Avoid barriers. Taking donations online is now a given, so avoid barriers such as asking donors to fill in a form, then print it and mail it to you. If it’s that hard to give, how do I know you’ll spend it wisely? Build trust by allowing online donors to discover how to give easily, and don’t put unnecessary barriers, such as a lengthy registration process, in their way. If your database is PCI-compliant, you can build more trust by adding explanatory logos and text accordingly.
Robin Fisk is a senior charity technology specialist at Alexandria, Va.-based nonprofit software provider Advanced Solutions International.