How to protect your members’ data
This post first appeared on the YourMembership blog.
Over the years, the Internet has provided great opportunities for nonprofits to increase brand awareness, recruit new members and raise funds for the causes they support. While this brings many advantages, there are also many challenges when it comes to making online payments for such things as dues or donations. Members want to be sure their sensitive payment details and personal data don’t end up in the wrong hands.
To reassure your patrons online payment environment is secure and trustworthy, here are five tips to help you protect your nonprofit’s reputation.
- Familiarize yourself with fraud. It’s worth it for you and your staff to learn more about the different types of fraud affecting nonprofits, why it’s attractive to criminals, how it’s done, and how it can be stopped. The more you know, the better able you will be to identify suspicious activity and transactions, which can be shut down before they become a problem. And then it’s more likely you will discourage criminals from attacking your online payment system. Fraudsters keep coming with new cyber schemes, so make learning a continual process.
- Become PCI compliant. To standardize the process of accepting, transmitting and storing payment data, the Payment Card Industry (PCI) created a set of regulations mandating all organizations to abide by rules to reduce fraudulent activity. This requires the annual completion of a self-assessment questionnaire. Remaining compliant with these guidelines is mandatory for all organizations handling credit card data of any kind.
- Lockdown your equipment. You may be accustomed to leaving your desktop, laptop, tablet or smartphone laying around to use at your discretion for processing memberships and donations. However, you are putting yourself and organization at great risk, especially if you start increasing your staff. Make sure every device is password protected, and regularly change passwords. Don’t give administrative access to just anyone. Educate staff on the need to protect their own devices, especially if they are given access to the network or cloud storage platform.
- Don’t hang onto payment data. Storing any type of payment and credit card data on a database, network or cloud-based storage system is a compliance no-no, and makes data vulnerable to hacking. If you do experience a breach, it will be your responsibility in terms of fees, penalties and damages incurred from it. By using a hosted payment or donation form, you remove the sensitive payment information from your system and reduce your PCI risk.
- Ramp up your security. Security for online payments is about building a fortress with numerous layers to keep the transaction data safe from being penetrated and stolen. Consider using encryption and tokenization, as well as a firewall, TLS certification and even fraud management tools. Both encryption and tokenization work to scramble the data and make it unusable to hackers should they get close to it. Fraud management tools can help you set parameters on your merchant account to prevent thieves from testing cards, making transactions from blocked countries, or charging amounts larger than permitted.
These security tips don’t require a significant financial investment. If anything, it’s more about your time and knowledge becoming critical to creating a safer online payment environment. This then allows you to take advantage of opportunities to grow your member base and increase donations.
To learn more about accepting payments within your software, contact a BluePay representative today!
Community Brands brings you this information from our partner, BluePay, which offers fast, easy and secure payment processing solutions to fit every organization’s needs. Whether a nonprofit or association, BluePay is the all-in-one credit card processing company for any business.