Keeping Donor Data Safe: Simple PCI Guidelines for Nonprofits

Every card payment can expose nonprofits to security risks. When a nonprofit accepts donations via credit card, it takes on the duty of protecting donor information. Fortunately, the Payment Card Industry Data Security Standard (PCI DSS) is here to help.

Why PCI Matters for Nonprofits

PCI DSS, , is a set of guidelines designed to ensure that all organizations that process, store, or transmit credit card information maintain a secure environment to protect the card holders and organizations alike. Compliance with these guidelines is mandatory. As a nonprofit that is handling donors’ credit cards, understanding and adhering to these standards is crucial. Here’s why:

  1. Protect Sensitive Information: Ensuring the security of payment card data is vital. Breaches can result in significant financial loss and damage to card holders, as well as your organization’s reputation.
  2. Avoid Penalties: Non-compliance with PCI Standards can lead to fines, legal repercussions, voiding of insurance policies, and other industry sanctions.
  3. Build Trust: Compliance helps in building trust with donors, clients, and stakeholders by showing your commitment to protecting their financial data.

What PCI Compliance Means

Compliance isn’t just a one-time task; it’s something that needs regular attention. Nonprofits must check and update their security measures regularly, run security tests, and confirm their compliance every year. This effort is crucial because failing to protect data can lead to legal issues, hefty fines, and/or a lot of negative publicity and potentially compromised donors as in the examples below

Top stars are among hundreds of thousands of donors targeted in huge cyber attack on charities including – 69 Data Compromises Reported At NPOs

The PCI standards are managed by the Payment Card Industry Security Standards Council and enforced by card networks, making them an important part of how nonprofits handle donations.

 

Key Points to Remember For Nonprofits

  1. Ongoing Process: Compliance is continuous, not a one-time fix. Regular updates, tests, and reviews are essential.
  2. Different Requirements: PCI rules change based on both how and how much credit card data is processed. Nonprofits need to understand the specific requirements that apply to them.
  3. Transactional Volume and Payment Channels: The volume of transactions and Payment Channels used affects the scope of compliance.
  4. Payment Services Impact: The type of payment services a nonprofit uses can make compliance easier or harder. Leveraging service providers can simplify PCI compliance work, but nonprofits still need to stay informed as compliance is a shared responsibility.
  5. Taking Action: Nonprofits should educate their staff, secure their technology, and document their processes to maintain compliance.

Practical Steps for PCI Compliance

Next Steps For Your PCI Compliance Journey

  1. Identify All Payment Channels: Start by identifying all the ways you collect card information from your donors. This includes every payment or card collection channel your organization uses, whether it’s in-person, online, over the telephone or through mobile applications. Once you have a comprehensive list of your payment channels, you can proceed to the next step.
  2. Identify Your SAQ Requirements: The next step in your PCI compliance journey is to identify which Self-Assessment Questionnaire (SAQ) you need to complete. Your organization may require multiple SAQs if you operate through various payment channels. It’s crucial to consult with your payment Processor for guidance on the specific SAQs that are applicable to you. They have the expertise and resources to help you navigate this process efficiently. If you are using multiple processors, you will have to reach out to each of them independently.
  3. Assign Responsibility for PCI Compliance: Designate an individual or a dedicated team to take charge of your PCI compliance program. This person or group will be responsible for ensuring that your organization continuously meets the PCI DSS (Payment Card Industry Data Security Standard) requirements. Their duties will include managing compliance activities, conducting regular reviews, and staying updated on any changes in PCI standards.
  4. Consult with a PCI Expert: This is an optional step; however, engaging with a PCI expert can significantly streamline your compliance efforts. These professionals bring a wealth of experience and specialized knowledge, which can save you considerable time and resources. They can provide tailored advice, assist with SAQ completion, and offer ongoing support to ensure your compliance program is robust and effective.

 

Taking these steps will help you establish a strong foundation for your PCI compliance, protecting your organization and your donors’ payment information. You can consult the PCI SSC Content Library ,they offer a wealth of information

Moving Forward

Take Action Now and How We Can Help

It’s crucial that you don’t wait any longer to start your compliance journey. Datatel can help you streamline the process of achieving and maintaining PCI compliance, ensuring that your organization is ready for the changes brought by PCI DSS v4.0.1 and beyond. By partnering with Datatel, you can ensure that your compliance journey is smooth and effective. We provide personalized demonstrations of how we can meet your specific needs.

Navigating the complexities of PCI compliance is no longer daunting. Datatel’s PCI Navigator is designed to make your PCI compliance journey straightforward and efficient, offering unparalleled support tailored to your business needs.

 

Maintaining PCI compliance is not just about following rules; it’s about protecting your donors and keeping their trust. By staying compliant, nonprofits can avoid the risks of data breaches and continue to focus on their mission without interruption.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance