Payments

Secure Payment Services

Jul 22, 2022

Between fulfilling your mission and running different fundraising campaigns, your nonprofit has a lot to consider and little time to make decisions when it comes to your technology. For example, payment security is one of your nonprofit’s top priorities, and you’ll need to make sure you approach it with the right software. So what does your nonprofit need to know about secure payment services to make sure your donors’ financial information is safe?

Nonprofit payment processing services ensure contributions from donors are transmitted and received in a secure, timely manner. However, unless your staff has studied the finer details of the technology behind payment processing, it can be unclear what exactly is happening. This can make it difficult to know which secure payment service your nonprofit should invest in.

To help answer your questions about data security, payment processing, and payment tools, this article will dive into need-to-know questions about nonprofit payment services:

While payment services may seem complicated on the surface, just remember their ultimate goal: keeping your donors’ and your nonprofit’s information secure. Let’s start by reviewing just what secure payment services look like.

What is a Secure Payment Service and What Does It Do?

What is a Secure Payment Service and What Does It Do?

In order for your nonprofit to securely accept donations and other payments, you’ll need to parter with a payment service provider (PSP). PSPs are third-party businesses that provide organizations with online payment services. These organizations will handle every aspect of the payment process and ensure that payments are transmitted and received securely.

When using a PSP, online donations to your nonprofit will go through the following steps:

  1. A donor decides they want to give and enters their payment information into the payment or donation form on your website.
  2. The transaction is sent through the PSP’s payment gateway, ensuring it is secure.
  3. The PSP sends the request to donor’s bank to check whether they have sufficient funds for the donation.
  4. If approved, the bank send the requested funds to the PSP, which then transfer the funds to your nonprofit’s account.
  5. The PSP will send a notice to both the donor and your nonprofit to share that the transfer request was approved. If the request was denied, the PSP will also send a message to the donor and nonprofit informing them of the failed payment.

There are many PSPs to choose from when your nonprofit is looking into secure payment services. While all of them will take the steps outlined here to ensure payments are secure, you can be sure your PSP is going the extra mile for your organization by investing in a solution specifically designed for nonprofits and their unique needs.

What are the Benefits of Using Secure Payment Services?

What are the Benefits of Using Secure Payment Services?

Payment services allow your nonprofit to collect payments and donations securely through your website. Additionally, partnering with a PSP can bring your nonprofit a number of other benefits when it comes to collecting payments, including:

  • Increased donations. When your nonprofit partners with a PSP, donors will feel more secure about giving. Secure payment services have a variety of fraud protection tools, some of which are immediately visible to donors, such as the padlock on your donation page’s URL. If donors don’t see that symbol they may feel hesitant to give out their financial information.
  • Flexible payment options. PSPs are able to handle every online payment method your donors prefer to use. This include debit and credit cards, ACH payments, and digital wallets. Some PSPs are set up to process a number of different currencies, allowing nonprofits with supporters around the world to easily collect payments.
  • Improved security. Secure payment services are built to reduce fraud and protect your nonprofit and donors. If at any point during a transaction the PSP detects suspicious activity, the payment request will not be approved.

Out of these benefits, most nonprofits will likely agree that security is one of the most important. Let’s further explore how your organization’s secure payment services can keep your nonprofit safe.

How Do Secure Payment Services Protect Your Nonprofit?

Secure payment services invest their time and resources into creating the most secure payment process possible for your donors. Here are a few of the key systems they use to prevent fraud, data breaches, and other attacks that can occur during an online payment:

SSL

SSL stands for secure socket layer, and it is a security protocol used to keep information safe when it is transferred between public web servers. As mentioned, you can tell if a website has an SSL certificate by the presence of a padlock in the URL as well as a URL beginning with “HTTPS.”

Payment services use SSL to encrypt the payment information your donors provide when they make a payment on your website. Then, if a hacker tries to view this information, they will only have access to unreadable codes that have obscured and stand in for your donors’ actual payment information.

AVS

AVS, or address verification service, is a fraud detection tool used by secure payment services to check whether a payment’s billing address matches what the issuing bank has on file for the card being used. If you’ve ever gone on vacation to a different country and had to report to your bank where you will be and for how long, this is why.

Secure payment services with AVS can help identify potential fraudulent donations and stop them from being approved.

IP Checking

A common sign of fraud is multiple transactions happening in very quick succession from the same IP address. Often, credit card numbers are stolen in bulk through online methods, and the thieves never actually have the physical card. To check if a card works, they will test each number by making a small payment to a nonprofit organization, which are often perceived as having low security.

Thieves will typically check many credit card numbers quickly one after another, which is why secure payment services check for what is known as IP velocity. If the same IP address is making many payments in a short time, your PSP can block their IP, preventing potential fraudsters from taking advantage of your nonprofit’s donation form and wracking up chargeback fees.

PCI Compliance

When reviewing potential payment services to partner with, check each PSP for PCI compliance. PCI compliance consists of a set of security standards mandatedby the Payment Card Industry that payment processors are required to follow.

Payment services that are PCI compliant meet the established regulations, which are divided into six categories:

  1. Build and maintain a secure network. You can stop data breaches by using a payment service that keeps your nonprofit’s entire network secure. Look for solutions with strong firewalls with regular updates to protect against newly discovered vulnerabilities.
  2. Protect cardholder data. When a donor shares their payment information with your nonprofit, ensure that your payment services have the ability to protect it via encryption, tokenization, and other security measures. That way, even if there is a breach, hackers will only find useless, unreadable information instead of your donors’ sensitive payment information.
  3. Maintain a vulnerability management program. Even the most secure systems will eventually become vulnerable over time due to advances in technology and new tactics by hackers and fraudsters. Choose a system that strives to stay ahead of them by continually providing updates to their payment processing software. 
  4. Implement strong access control measures. Not everyone at your organization who uses your nonprofit’s software will need access to your donors’ payment information. Use effective payment software to create unique permission levels and be sure you can track which users are taking action, such as when they log in or view specific information.
  5. Regularly monitor and test networks. As mentioned, your payment service should regularly provide updates to their software. To discover what they need to update, your PSP should routinely test their systems to identify and resolve points of vulnerability.
  6. Maintain an information security policy. The measures outlined here can protect your nonprofit from external attacks. However, many security breaches are often the result of human error, such as a staff member clicking on a suspicious link in a phishing email. To protect your organization’s data, ensure your staff members have basic knowledge of how to identify and avoid suspicious websites and emails they encounter throughout the workday.

Additionally, when you invest in a PCI compliant system, look for one with integrated payment processing. These systems allow you to embed your payment processor and its forms directly into your website, significantly reducing potential human error. Additionally, this also makes donors feel more confident as they can complete their entire transaction from the safety of your secure website.

iATS Payments: The Best Secure Payment Service

iATS Payments: The Best Secure Payment Service

Among secure payment services, iATS Payments by Deluxe is the top provider built specifically with nonprofits’ needs in mind. Nonprofits that partner with iATS can look forward to secure, speedy payment processing services at price points accessible even to nonprofits with limited resources.

But reduced costs do not mean reduced features, as iATS provides nonprofits with a variety of benefits that rival other payment services, including:

  • Flexible payment processing options. With iATS, your supporters can make secure payments using credit and debit cards, as well as ACH processing. Additionally, iATS has international processing, allowing your nonprofit to receive gifts from more than 40 countries around the world.
  • Anti-fraud tool. If fraud is a concern for your nonprofit, iATS’s free and customizable fraud protection tools are an essential. In addition to the anti-fraud measures discussed in this article, iATS also offers CVV2, BIN blocking, and card number and limit name tumbling.
  • Level 1 PCI compliance. PCI compliance comes in a variety of levels, and iATS’s level 1 compliant payment services have earned the highest rating. iATS is dedicated to continually improving our payment processing tools to keep them as secure as possible, all while offering them at a reasonable price for nonprofit organizations.

Plus, as a fully integrated payment processor, iATS also offers your donors an easy, trustworthy payment experience, driving more support to your organization. Get in touch with our team to learn more about iATS Payments and join the 14,000+ organizations who trust iATS to keep them secure. 

Additional Resources

Secure payment services facilitate payments for your nonprofit while keeping your donors’ data safe. Before investing in a service, be sure to review their security measures and make sure you have a full understanding of what each of their security features mean.

To continue your research into nonprofit payment processing, here are a few more helpful resources that can provide insight into your payment services: