PCI compliance can be a daunting task, but it’s important to take the necessary steps to protect your donors’ data and your organization.
Nonprofits are increasingly turning to online payment methods. But what do you know about the security requirements for processing credit cards? If you’re not familiar with PCI compliance, don’t worry: we’re here to help. In this article, we’ll discuss what PCI compliance is and how it affects nonprofits accepting online donations.
Credit card data security is important for nonprofits.
Nonprofit organizations that accept credit card payments are considered merchants under the Payment Card Industry Data Security Standard (PCI DSS). They must be compliant with PCI compliance. According to the PCI Security Standards Council, “The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements designed to ensure that all entities involved in storing, transmitting or processing credit card information maintain a secure environment.” The standard applies to any organization that stores, processes or transmits credit card information—including nonprofits.
To be considered PCI compliant, you must:
- Ensure all systems that store, process or transmit cardholder data have been tested for vulnerability and remediated if necessary.
- Conduct an annual penetration test by a qualified third-party pen-test team against your critical systems on an ongoing basis.
- Perform regular system audits by your internal staff or external auditors on an ongoing basis.
- Monitor system activity 24/7 through tools like SIEM tools (Security Information Event Management). These tools monitor network traffic for security anomalies. They can be identified quickly and addressed before they cause damage.
- Perform periodic vulnerability scans of sensitive systems using automated tools such as Nessus or QualysGuard.
- Use multi-factor authentication when accessing sensitive areas within your network such as web applications.
- Implement two-factor authentication wherever possible on devices used within your organization like laptops/tablets/phones etc…
PCI compliance applies to nonprofits that accept credit card payments.
The Payment Card Industry Data Security Standard (PCI DSS) applies to any organization that accepts credit card payments, including nonprofits. The PCI DSS is a set of minimum requirements that have been developed by the major payment card brands—Visa, MasterCard, American Express, Discover and JCB. They help ensure all organizations processing debit or credit cards implement strong security measures to protect payment data.
Check whether your processor has been validated by contacting them directly to ask about their status. If they aren’t certified, it’s up to you to decide whether they have adequate security measures in place that meet industry standards. We recommend avoiding using non-compliant providers whenever possible.
Nonprofits need a payment gateway to process online payments.
Use a Secure Payment Gateway
A secure payment gateway is the most important step you can take to protect your donors’ credit card data and avoid liability. A secure payment gateway is one that meets all of the requirements of PCI DSS Level 1 (the most stringent requirement) or DSSP 1.3 (the standard for nonprofits). Do some research on payment gateways before choosing one.
Greater Giving complies with the Payment Card Industry (PCI) Data Security Standard, protecting your donors’ payment data during and after a transaction. Our technology and processes are reviewed regularly, and undergo an annual audit by a PCI- accredited 3rd party to ensure PCI compliance.
Find Greater Giving listed as PCI DSS validated provider on the Visa Global Registry of Service Providers
You can take steps to secure your donors’ credit card data and ensure your nonprofit is PCI Compliant.
Don’t let the PCI Compliance process get in the way of your nonprofit’s mission. With the right solutions and resources, you can implement PCI standards quickly and confidently accept online donations using Greater Giving.