Donor information security in the days of breaches everywhere

25 Feb


I think we’ve grown a bit de-sensitized to the ongoing reporting of data breaches at many firms like Home Depot, Target, etc. The security of credit card processing these days ranges from the non-existent (paper forms with personal information being passed around and then shredded-hopefully) to the state-of-the-art (tokenized donor information).

This week I want to delve into this topic, credit card security, with a few words on best practices. Donors are, after all, very concerned about how nonprofits handle their personal financial information and the last thing a nonprofit wants to be known for is a data breach that exposes the credit card information of its donors.

The first best practice I recommend for data security concerns a current bad practice and it’s one that I personally would like to see go the way of the buggy whip and that’s writing my credit card info on a paper form. No matter how this gets handled my info is on a paper form and I have to trust the nonprofit to dispose of my info properly. I have no idea how many hands my info goes through and frankly I don’t want to know. Paper forms for nonprofit credit card donations simply need to go away.

A frictionless, secure web form is where I want to enter my info (preferably on my phone) and I kind of recoil from nonprofits that send me paper credit card forms to fill out. 75% of Americans have smartphones. Let them give via a mobile-optimized form instantly and easily with the highest level of security out there. This is at the heart of RAZ Mobile’s frictionless giving experience.

Another best practice I recommend is don’t store your donor credit card info anywhere but a “tokenized” vault (more on this below). We trust this highly important service to an expert and in our case it’s Braintree Payment Solutions in Chicago. Sadly, there are some fundraising platform providers that are storing your donor data themselves with who knows what level of security (with or YIKES! without permission of the donor) and your security is only as good as theirs.

Had Target, Home Depot and others outsourced their credit card storage to a third party like we do with Braintree I dare say they would not have had their breaches. Now I know that their breaches were at the credit card reader level but again the point is still clear-how old is their tech inside the reader?

The way to go these days for credit card data security is “tokenization.” Here’s the Wikipedia entry on this topic.

Tokenization is what we offer nonprofits and donors alike at RAZ Mobile and it solves virtually all the online PCI issues nonprofits face today. It’s why many of our customers use RAZ Mobile for all their online donation processing. However, tokenization can’t help a paper form. That goose is already on the loose.

Here’s a quick overview of what tokenization means on our platform. A donor is presented a secure responsive design web form protected by a secure connection to the Braintree processing server. Donor data is entered into the form by the donor and as soon as their information clears the server, 100% of the donation is with the RAZ Mobile nonprofit customer immediately. Then, at the donors option, the donor can store their information as a token at Braintree as a way to expedite future donations which can then be completed in 15 seconds or less on any screen.

For donors that store their information via a token, the donor creates a 4 digit PIN, just like an ATM, to use their stored information for repeat donations which are completed without filling out the form again-their tokenized information is used instead. Tokens created by our donors are virtually meaningless to hackers and are meant to only be used for donations on our platform.

In fact, unlike the paper forms, the only human that sees the donor information is the donor. If they create a 4 digit PIN for easy and secure repeat donations, all we store is a token that has no meaning to anyone other than the Braintree server and the token cannot be used to extract donor data. Instead it’s used to tell Braintree what credit card to use for a repeat donor.

Credit card security technology is an area that we take very seriously. We are as serious in this regard as online heavyweights like Apple and Amazon. A concern that all nonprofits should take off their plate is credit card regulation compliance and donor credit card data security. Instead, use a platform like ours for the best security tools out there and the added benefit of fast and secure repeat gifts in seconds on any screen.

Dale Knoop leads a great team working to make RAZ Mobile a great platform for any cause engaged in fundraising. Any cause can create an content-rich mobile presence, share it through text messages, social media, QR codes, advertising and more and best of all-quickly and securely process donations from motivated supporters with a minimum of friction. Dale holds multiple patents and applications for patent in the mobile space including advertising, content optimization, geo-targeting, negative QOS and a mnemonic device QR code alternative.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: