Consumers’ increased reliance – and comfort – with using debit and credit cards in everyday transactions has greatly contributed to the rapid growth of online donations. Data security has not always received the same focus within nonprofit organizations. As a result, nonprofits – and their donors – are increasingly becoming victims of numerous security breaches.

What is PCI Compliance?

The result of a collaboration between Visa and MasterCard, the Payment Card Industry Data Security Standard (PCI DSS) creates common industry security requirements and has been endorsed by all credit card companies in the U.S. The standard maintains that any entity that stores, processes, transmits, or comes into contact with cardholder data has been required to attain PCI compliance.

The PCI Data Security Standard consists of 12 basic requirements:

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that addresses information security

In addition, organizations must provide proof of compliance annually and submit network scans performed quarterly by an independent vendor, as required by the PCI data security standard.

As a contractual obligation with the credit card companies, all organizations that accept American Express, Discover, MasterCard, and/or Visa credit or check cards must meet PCI standards.

Relying on software providers for almost everything today it is imperative that nonprofit organizations ensure they are partnering with PCI-compliant vendors throughout the transaction cycle – including the point of data capture.

The damage caused by a security breach extends well beyond data theft. Donor and supporter confidence in the nonprofit can wane, slowing donations.  PCI compliance helps shield donors from identity theft and protects an organization’s reputation.

PCI compliance offers peace of mind to both nonprofit organizations and donors by putting the necessary safeguards in place to protect sensitive credit card information.

Steve Klein, Senior VP, Business Development, Kintera