Net Gain: Playing It Safe

"Hi, this is Heather from Charity A. I’m calling because last night our offices were broken into, and we’re convening a special board meeting to address a very serious concern.

“Our computers were stolen. All of our donor information, including constituents’ credit and bank card numbers, was in our database and on the hard drives. We’ve contacted the bank to ask how to proceed under the new laws, but we still need to alert our donors. We also want to discuss the possible fall-out we could experience from supporters, and future reluctance to donate to our organization. Can you be at our offices in an hour?”

Although this story is fictional, the threat is real. Identity-theft criminals are targeting not only large for-profit businesses, but also unsuspecting smaller businesses and nonprofit organizations.

Accepting credit cards is serious business. The credit card associations, including MasterCard and Visa, have implemented a Payment Card Industry Data Security Standard, requiring all organizations to protect cardholder data. Depending on the number of credit or debit card transactions processed each year, different security standards apply. Organizations that aren’t compliant risk fines and serious penalties — not to mention a drastic decline in donor acquisition and retention.

In this day and age, accepting credit or debit cards either on- or offline is a must. It gives your organization credibility, offers donors a convenient way to give and usually results in larger donations.

But you don’t want to be caught in a situation like Charity A. What proactive steps can your organization take to safeguard donors’ sensitive data?

Avoid storing confidential donor data.
The simplest way to be compliant is to not have the data to begin with. Nevertheless, you will have situations where you’ll be given credit card information. Direct-mail campaigns, special events, recurring giving
programs and board pledges are just a few examples. If you receive credit card numbers on a reply envelope, pledge form or at an event, ensure the document is shredded once the donation is processed. By keeping the information out of your databases, computers and files, you’ll help prevent sensitive data from being compromised.