Jan 14, 2014
A recent study conducted by the network security provider Fortinet demonstrates some optimistic trends in organizations that handle customer financial data, with specific regard to Payment Card Industry Data Security Standard compliance.
Retailers, nonprofits share similar goals
While the research focuses on the the behavior of retailers in the U.S., charitable foundations and nonprofit organizations that handle online donations or process contributions using donors' credit card information need to be wary of the missteps that many small-business owners are taking. According to Fortinet's data, more than 20 percent of the 100 organizations with fewer than 1,000 employees are outright non-compliant with PCI DSS. At the same time, nearly 15 percent of small-business retailers aren't aware if they are complying with PCI standards.
Fortunately, these data tend to reflect a positive situation for most enterprises, meaning the majority are compliant. However, those organizations that are either unsure or are willfully disregarding standards set up by the credit card industry should take a second look at their payment processing software or any organization they've partnered with to handle credit card data. This is important because nonprofit groups are held responsible for processing donors' financial information, and by working with a software provider or system that doesn't comply with PCI standards, they're putting contributors' private information at risk.
Protecting organizations and donors
According to the PCI Security Standards Council, being PCI compliant means an organization is essentially telling individuals they work with that donors can be confident that their information is securely managed, which will likely lead to repeat donations. Conversely, charities and other groups that aren't compliant can face harsh consequences, including expensive litigation, fines of multiple thousands of dollars, cancelled payments and a damaged reputation among the community of donors.
While complying with PCI DSS regulations remains a top priority, organizations should also take further steps to ensure they're protecting the security of donor information. For instance, Fortinet research recommended that organizations that have a wireless Internet system reset their passwords at least once per year to reduce the risk of a data breach. In fact, 60 percent of small-business retailers maintain security for password protection. This can go along way to deter external threats from accessing donor information stored on an internal shared network.
While nonprofit organizations range in sizes and budgets, no organization should neglect donors' expectations that they can conveniently and securely donate.