Best Practices Make Perfect
How to creating a safe & secure online giving environment
By Jackie Christensen

When you think online giving your first thoughts probably tend toward how accepting donations through your website will increase the dollars you raise. In all the excitement of creating compelling donation pages and working with vendors to get the technology you need, there are two key words that should stay in the forefront of your mind– security and privacy.

Philanthropists are not the only people interested in your online giving program. Cyber criminals have been known to use nonprofit donation sites to test the validity of guessed or stolen credit cards. If a fraudulent donation is processed, then the criminal knows the number is good and can be used for other charges. Unfortunately the nonprofit organization is left with the administrative burden of administering refunds, removing fraudulent records from its database, and reassuring donors that its online giving site is legitimate.

There are a few things you can do to protect your organization, and your constituents who choose to support you via the internet. First, make sure your online donation pages are SSL designed. The Secure Socket Layer (SSL) protocol encrypts all information typed into the forms on your web pages so hackers can't read it as it travels across the internet.

You also should require your donors to enter the CVV2 security code on their credit card before they can complete their gift transaction. Card Verification Value (CVV2) is an authentication process established by credit card companies to further efforts towards reducing fraud for internet transactions. It consists of requiring a card holder to enter the 3 or 4 digit CVV2 number at transaction time to verify that the card is on hand. This enhances fraud protection by validating that the donor is in possession of the credit card and that the credit card number is legitimate. While not required by law, this extra layer of security is meant to thwart fraudulent activities and will help your donors feel even more confident about making financial transactions on your website.

Finally, you'll want to ensure you and your partners meet the Payment Card Industry (PCI) Data Security Standard. This standard, developed by Visa and MasterCard and endorsed by many other payment vendors, requires merchants and member service providers who store, process or transmit cardholder data to:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks

In terms of privacy, best practices often come down to good ethical practices. Let your donors know you will not sell their email address or continue to send them email solicitation if they request to be removed from your list. Place a "permission to email" or an "opt-in/opt-out" check box on the forms they complete so you can keep track of who wants to hear from you via email, and who would rather not.

If you would like to make your organization's commitment to online best practices and ethical standards a bit more public, you can join other nonprofit organizations and the ePhilanthropy Foundation in signing a petition that supports the secure, private, and ethical use of the internet for philanthropic purposes. You can find that petition online here.