How Nonprofits Can Protect Their Online Fundraising Platforms

You often hear about the importance of mitigating technology and data security risks. But what is overlooked is how nonprofits can uncover and reduce risks specific to their online fundraising technology. 

For nonprofits, the software that supports online fundraising is critical. It enables online donations and houses donor and transaction data. So, it’s well worth the effort to identify areas of potential risk to your online fundraising software and take steps to mitigate risks to those platforms.

It’s important to note that every nonprofit has a different technology stack. The systems that support online fundraising vary from nonprofit to nonprofit, so let’s focus on two key platforms that are common to most nonprofits’ online fundraising tech systems: online fundraising software and content management systems (CMS), or the software used to build and manage the organization’s website.

Reduce Risks to Your Online Fundraising Software

Your online fundraising software typically houses your constituent/donor data and powers your online donation forms. Here are some key areas to review as you look to reduce risks to your online fundraising tech.

Your Software Vendor’s Limits of Liability

It’s common for your software vendor to hold the responsibility for storage and encryption of the constituent/donor data in your system and associated risks with breaches of this data. Review your software service agreement to ensure you understand the limits of your vendor’s liability. Specifically, what is the vendor’s liability for data breaches? If the vendor is also the merchant service provider used for credit card processing, what is the vendor’s liability in this area? 

If you believe that these liability limits are not sufficient, then you should attain additional liability insurance.

PCI/SOC Security Compliance

Confirm that your software vendor complies with current Payment Card Industry Security Standards Council (PCI SSC) and the American Institute of Certified Public Accountants’ system and organizational controls (SOC). Often referred to as PCI, the former helps to protect cardholder data during credit card transactions while the latter evaluates the associated controls and processes.

Keep in mind that custom code in your online fundraising software can cause software to become out of compliance so be sure to work with your vendor or a vendor’s service partners to regularly run these compliance checks.

Sensitive Information Identification

Some online fundraising software allows organizations to denote certain fields in constituent/donor records as containing sensitive information. Use this to ensure those fields are stored with a higher degree of encryption. This is particularly important for health-based organizations that deal with Health Insurance Portability and Accountability Act (HIPAA) compliance, as well as any organization collecting personally identifiable information.

Donation Form Simplification

Keep your donation forms as brief as possible, collecting as little information as required for the donation. This approach leaves the minimal amount of data available to potential breaches.

Payment Options Review

Offer a variety of payment options so that if one payment option goes down, then other payment options can be fallbacks. In addition to credit card and ACH payments, consider offering PayPal, ApplePay, Venmo, digital wallets and donor-advised fund (DAF) options. 

And don’t forget cryptocurrency. You don’t need to be involved in trading cryptocurrency to accept it as a donation; most platforms allow immediate conversion to dollars.

Suspicious Activity Monitoring 

In addition to preventative measures, it’s important to monitor for suspicious activity. While fraudulent transactions on donation forms are typically lower for nonprofits since there are not goods to be attained, credit card testing fraud is a common concern. Set your minimum donation to $5, and ensure that someone at your organization is reviewing all transactions on a daily basis.

Mitigate Website Risks

Because donors access your online donation pages and forms via your website, it’s important to keep risks to your CMS to a minimum. 

All of your transactional web pages and forms should be secure. In addition, you may use lead generation pages for newsletter sign-ups and such. Pages should also be secure because, ultimately, they push  information to your database. 

One of the most effective ways to reduce risks to your website is to always run the latest version of your CMS software. Doing so will help to ensure that you have the latest security updates from your software vendor. Sign up with your CMS vendor for maintenance, or managed hosting, so that the vendor is responsible for regularly updating your website to the latest version.

Implement reCAPTCHA (or an equivalent) if available. It distinguishes between humans and bots to help to protect websites from spam and other abuse. If built in, you may need to explicitly enable it. Otherwise, this feature may be added via customization. 

As you consider how to reduce technology and data security risks for your nonprofit, be sure to address risks to the software that supports your online fundraising. 

The preceding content was provided by a contributor unaffiliated with NonProfit PRO. The views expressed within may not directly reflect the thoughts or opinions of the staff of NonProfit PRO.