Blog

September 6, 2016

6 Security Questions You Should Be Asking About Your eGiving Program

Categories: Inspire Minute
Comments: 0

Security – it’s one of the most important considerations for your eGiving program.

Since many eGiving providers place security responsibilities directly on churches, it’s essential for you to understand your church’s potential liabilities and vulnerabilities – especially since your provider likely requires you to handle and store your church members’ most sensitive personal and financial information for the administration of your eGiving program.

Here are six security questions you should be asking about your church’s eGiving program:

6 Security Questions for your eGiving Program

Is your church listed as “Merchant of Record” by your eGiving program? This is an important designation – you should check with your current provider to determine your status. If your provider lists your church as the Merchant of Record, in the event of a security breach that exposes your members’ bank or credit card information you will be required to take a number of costly, time-consuming actions, from notifying those affected, replacing their cards, and offering restitution, to reporting the incident to credit card companies and paying any related fines.
Is your church PCI DSS compliant?  If your church is processing credit card transactions, you are required to be PCI compliant. Is your church burdened with the requirement of completing and filing your own annual assessment or does your provider manage the process?
Are you strictly limiting who can handle sensitive data? Credit card or bank account numbers shouldn’t be handled by anyone who is not properly trained and directly involved with administering your eGiving program.
Are you restricting physical access to your members’ personal information? Electronic data should be kept on a secure server in encrypted files accessible only to authorized users. Printed forms must be kept under lock-and-key in a secure area – and should be destroyed once no longer needed.
Are you prepared for a worst-case scenario? If a security incident arises with your eGiving program – if data is accessed by an unauthorized user, for example, or if your network is compromised – you need to have a rapid response plan in place so you can immediately alert your members to the problem.
Does your church practice the basics of safe computing? Maintaining computers that have strong passwords, current antivirus, malware blocking software and all software security patches in place is a good first step.  Security professionals also recommend that you dedicate one computer in your office accessing banking and other financial websites.

If you answered NO to any of these questions – or if you’re not sure how your current provider handles security matters, and how vulnerable your church may be if there’s a security crisis – now is the time to determine what you can do to increase security, and what if anything your eGiving provider will do to decrease liabilities for your church.

Waiting until a problem arises can be costly to your church, your ministries and your members.