Building Trust With Donors: Are You Secure?

1. Make sure your donor database is PCI-compliant. The Payment Card Industry (PCI) data security standard applies to all organizations that process card payments so as to prevent fraud by increasing the controls around card data. By using PCI-compliant donor software, it means that, in that respect at least, you comply with the PCI data security standard. Noncompliance means losing the ability to take card payments in the future and possibly the risk of a fine. Some donor database software gets around this by removing the need to store card details altogether; the payment gateway (e.g., WorldPay) stores the card details, while your database just stores a token reference number relating to that card on the payment gateway’s database. The token number on its own is meaningless to a data thief. Others do that but also give the option to store encrypted card details.