Does this apply to my nonprofit?
Every organization that accepts credit cards is being required to comply with PCI DSS, but the requirements for compliance can vary widely depending on the types of processing you do and the volume of credit card transactions processed. Merchants fall into one of four levels. Most nonprofits fall into the lowest processing volume category (Level 4 with less than 20,000 Visa/MC transactions per year), where the primary requirement is the completion of a PCI self-assessment questionnaire and quarterly network scans. Although PCI certification for Level 4 merchants is not required by all acquirers, effective July 1, 2010 there is a mandate to use PA-DSS compliant payment applications. DonorPerfect clients who use the SafeSave gateway are outside the scope of this mandate. Since all data is hosted via a PCI compliant service provider.
Why is PCI compliance important to my organization?
Even though participation in compliance has not been made mandatory for all Level 4 merchants, your organization could be assessed substantial fines (as much as $500,000) if cardholder data is breached and your nonprofit is not compliant.
Equally important is the simple need to protect your donors and their data they’ve entrusted to your organization.
How can DonorPerfect help?
All of DonorPerfect’s tools for credit card processing such as Insta-Charge, EZ-EFT, DonorPerfect Online Forms and Crowdfunding use PCI compliant methods for encrypting and securely transmitting credit card data. When there is a need to store cardholder data — for instance to automatically process a monthly pledge, DonorPerfect uses a Level 1 PCI-Certified Gateway to securely store the data. A donor’s record will just contain a “SafeSave Vault ID” that uniquely identifies that securely stored data, so that future transactions can be processed (via Insta-Charge, DonorPefect Online Forms, Crowdfunding and EZ-EFT) without the need to re-enter any data. This virtually eliminates PCI-compliance issues, since no cardholder data is ever stored in your computers or our servers.