• Product Overview
  • Overview
    • Fundraising Activities
    • Donation Processing
    • Reporting & Analysis
    • Information Management
  • Features List
  • References
  • Pricing
  • Nonprofit News
  • Request Info
• Who Uses?
  • Animal Welfare
  • Arts & Museums
  • Education
  • Environment
  • Faith-based
  • Foundations
  • Health Care
  • Human Services
  • Mid-Large Nonprofits
  • Small Nonprofits
• Training & Services
  • Support
  • Data Services
    • Data Enhancements
    • Data Transfer
  • Training
    • Webinars
    • Regional Classes
    • Individual Training
• Get Started
• Company
  • About Us
  • Partner Program
  • Contact Us
  • SofterWare News
  • Other Products
    • Childcare Software
    • Camp Software
    • School Software
  • Sitemap
  • Privacy Policy
• Client Area

What is PCI Compliance?

Due to growing concerns with credit card fraud and widely publicized security breaches involving cardholder data, the credit card industry established new standards called Payment Card Industry Data Security Standards (PCI DSS, but often referred to as just PCI compliance).

These requirements cover a wide assortment of practices, technology, and systems and can be very complex to understand, let alone comply with. Primarily they relate to how your organization handles, stores, and transmits cardholder data. Here are a few of the most important elements:

• Never store CVV2 data (the 3-digit code on the back of cards) or magnetic strip data.
• If credit card numbers need to be stored or transmitted, they should generally be encrypted with at least 128-bit encryption.
• Restrict access to physical and electronic cardholder data with user-specific passwords, and based on business need-to-know guidelines.

More complete information on the PCI DSS can be found at www.pcisecuritystandards.org

Does this apply to my nonprofit?

Every organization that accepts credit cards is being required to comply with PCI DSS, but the requirements for compliance can vary widely depending on the types of processing you do and the volume of credit card transactions processed. Merchants fall into one of four levels. Most nonprofits fall into the lowest processing volume category (Level 4 with less than 20,000 Visa/MC transactions per year), where the primary requirement is completion of a PCI self-assessment questionnaire and quarterly network scans. Currently, there is no PCI mandated date for Level 4 merchant compliance.

Why is PCI compliance important to my organization?

Even though participation in compliance has not been made mandatory for Level 4 merchants, your organization could be assessed substantial fines (as much as $500,000) if cardholder data is breached and your nonprofit is not compliant.

Equally important is the simple need to protect your donors and their data they’ve entrusted with your organization.

How can DonorPerfect help?

All of DonorPerfect's tools for credit card processing such as Insta-Charge and WebLink use PCI compliant methods for encrypting and securely transmitting credit card data. When there is a need to store cardholder data -- for instance to automatically process a monthly pledge, DonorPerfect uses a Level 1 PCI-Certified Gateway to securely store the data. A donor’s record will just contain a "SafeSave Vault ID" that uniquely identifies that securely stored data, so that future transactions can be processed (via Insta-Charge, WebLink, DonorPages and EZ-EFT) without the need to re-enter any data. This virtually eliminates PCI-compliance issues, since no cardholder data is ever stored in your computers or our servers.