CONFIDENT YOUR DONOR'S PAYMENT CARD DATA IS SECURE?

 

PROTECT YOUR DONORS' CARD DETAILS FROM ONLINE THIEVES

News stories about data security breaches, including stolen payment card details, appear far too often in the press - Target, Staysure, TK Maxx and Lush to name but a few. Just like leaving a window open when you go on holiday, online thieves are waiting for their opportunity to pounce.

As charities that receive payments online through CAF Donate and possibly other channels, it’s your responsibility to protect your donors’ data as well as your charity’s reputation, by doing all that's necessary to make payment card data secure.

HOW DO YOU ENSURE THIS? 

Being compliant with the 12 PCI Data Security Standards (DSS) (PDF format) should be the ultimate goal for any organisation involved in storing or processing payment card data online and offline. It’s not a one-off event but an ongoing activity, which should be part of your normal business processes and continually monitored to ensure compliance is maintained.

The PCI Security Standards Council provides guidance, education and training on the subject. Access is given to robust support materials including a framework of specifications, tools, measurements and other resources. The Council also certifies organisations and individuals to assess and validate adherence to the standards. Advice should therefore be sought from an approved Qualified Security Assessor if necessary.

Being compliant* with the PCI standards builds trust with your donors as well as those that you do business with i.e. acquirers and payment brands. The negative consequences of non-compliance can be catastrophic. As charities, we owe it to our donors to repay their trust by keeping their payment card data secure.

THE 12 PCI DATA SECURITY STANDARD REQUIREMENTS

The PCI Data Security Standards apply to all entities involved in payment card processing - including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

*Please note: enforcement of merchant compliance is managed by the individual payment brands and not by the Council.