How would you feel if your credit card number was left sitting out on a desk in an unlocked office, for anyone to see… or if your checking account information was stored in an unprotected computer file that anybody could access?
Such a risky scenario is NOT what you want for your church’s eGiving program.
And with stories about identity theft and security breaches making headlines each week, your members will want to be 100% sure that any information they include on any paperwork for your church’s eGiving program will be kept secure.
Here are five questions to ask yourself about how your church is ensuring the security of your eGiving program:
1. Is your church PCI DSS compliant? PCI DSS stands for the Payment Card Industry Data Security Standard – a comprehensive set of requirements, accepted by all major payment brands, designed to protect payment account data security. If your church is processing credit card transactions, you are required to be PCI compliant. (You can learn more at https://www.pcisecuritystandards.org/.)
2. Are you strictly limiting who can handle sensitive data? Credit card or bank account numbers shouldn’t be handled by anyone who is not directly involved with administering your eGiving program. Administrators of your program should be subjected to a background check and complete comprehensive security training before they access any data.
3. Are you restricting physical access to your members’ personal information? Any data you receive must be kept on a secure server in password-protected files accessible only to authorized users. Any paper forms with your members’ account information must be kept under lock-and-key in a secure area – and papers should be destroyed as soon as payment information has been entered by your eGiving staff.
4. Are you prepared for a worst-case scenario? If a security incident arises with your eGiving program – if data is accessed by an unauthorized user, for example, or if your network is compromised – you need to have a rapid response plan in place so you can immediately alert your members to the problem.
5. Does your church practice the basics of safe computing? There are many steps you can take to increase your program’s security. Your antivirus program must be up-to-date, and you should install all software security updates. There should be one computer in your office dedicated to accessing banking and other financial websites. Everyone who accesses financial information should have a unique username and password – and all passwords should be strong, with a mix of letters, numbers and symbols.
If you answered NO to any of these questions, your best strategy could be to outsource your eGiving program to a reputable provider. Security requirements for handling sensitive data are complex – it’s often too great a task for any individual church to manage.