November 11, 2016
Identity theft is a true concern for individuals across the United States and the world. Every day hackers gain access to valuable information. They use this information to wreak havoc on individual’s lives by spending large sums of money and stealing their complete identity. Victims of identity theft are left with a significant mess and battle to reclaim their financial freedom. Hackers target small and large for-profit and nonprofit organizations to steal this sensitive information making it risky for anybody to make online purchases and donations from even well-known organizations.
As a nonprofit you rely on donations to keep afloat and remain in operation. It is vital you take the necessary steps to protect your organization, volunteers, and donors from these types of situations.
PCI DSS Compliance
4 major credit card companies launched the Payment Card Industry Data Security Standard (PCI DSS) in 2004. It is a set of policies and procedures implemented to protect consumers information from being misused. There are 6 major policies nonprofits need to implement and comply with to be considered PCI DSS compliant. All 6 of these are highlighted in the list of steps to take below.
Ways to Protect Donors
Utilize these 10 steps to protect your donors’ information and increase their trust in you to make repeat donations.
- Utilize a secure network. Secure networks make accessing confidential information difficult for hackers.
- Use data encryption. Encrypt all confidential information including social security and credit card numbers. This includes information in storage and when it’s being transmitted to and from your nonprofit.
- Update networks and software consistently to prevent breaches. Install anti-virus and anti-malware software to prevent attacks. Update these frequently along with any hardware patches released by vendors. This helps you stay on top of new threats. Monitor your network and servers at all times for suspicious activity.
- Assign each volunteer and computer a confidential identification number. These keep access to confidential information restricted to those responsible for collecting data. It also gives you a look at who is accessing information, for what, and what times.
- Educate volunteers. Make sure you volunteers understand the importance of keeping donor information secure. Teach them what steps to take internally to proactively prevent theft of information.
- Create unique passwords. Use unique and complex passwords on networks, servers, and hardware.
- Update passwords. Change and update these passwords often.
- Only work with 3rd party providers who are PCI DSS compliant. Request a certificate showing proof of compliance from all vendors.
- Create an information security policy. An information security policy identifies what procedures your Nonprofit has in place to prevent breaches. It also addresses how you will respond and notify consumers if there is a breach.
- Purge files. Some nonprofits hold onto paper files for years. Purge this hard-copy information by uploading to a secure server and destroy documents no longer relevant to your business operations.
Protect your donors from identity theft by implementing these 10 steps. They’ll have peace of mind knowing they can trust you with their confidential information. That trust creates repeat donors and increases your donation revenue over time.