PCI compliance for nonprofits

The core of running a nonprofit is to raise funds and awareness for a specific cause. In order to further that movement, organizations must work diligently to provide secure donation payment portals and to keep donor information safe. How can you do that? By following the PCI Security Standards. Read on to learn about these important rules and how you can ensure your nonprofit is following them.

What are the PCI Security Standards?
PCI stands for Payment Card Industry. The PCI Security Standards Council is made up of American Express, Discover Financial Services, JCB International, Visa Inc. and MasterCard. These massive financial corporations came together to promote data security and compliance and to govern over payment cards. According to the PCI, the standards are "an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents."

How do the standards affect your organization?
Following these standards can greatly improve the security of your organization's payment processing and donor information. The Council provides many tools and resources to help nonprofits assess and address potential data issues and to overall promote better security. If you're not sure where to start, consider evaluating your PCI Data Security Standards compliance with one of their Self Assessment Questionnaires. You can learn about point-to-point encryption, payment application and scanning by filling out these options. 

How can the PCI SSC help your nonprofit?
Have you ever wondered about the validity of a company and called the Better Business Bureau to check it out? When donors see that a nonprofit is PCI SSC compliant, they will feel they are in good hands. These standards help organizations gain trust from their communities because donors know their personal and financial information is safe and secure. The Council also maintains the Payment Application Data Security Standard to help organizations properly handle cardholder information. The PCI SSC also curates a list of validated payment applications. Donors can view this list when looking to see what payment processor your nonprofit uses. If you are using a processor that is on the list they will likely be confident in their choice to donate to your cause and won't hesitate to link their bank account and undergo periodic ACH transfers which are an excellent payment method for nonprofits.

By complying with the PCI SS, you will provide your organization with a trusted name. You'll also be mitigating the potential for security breaches and noncompliance. Instead of constantly monitoring your payment information and personal data, you can focus on furthering your cause and reaching out to more potential beneficiaries and donors. Take part in PCI Awareness training to learn about security posture and reducing possible risks for your organization. Following the PCI standards and best practices promotes an overall more secure business and improves general security awareness - two major aspects of running a successful nonprofit. Staff members, executives, board members, managers and volunteers can benefit from this training.

Back to News