Are credit card donations secure?
How Convio supports you in taking secure donations online
Online donation processing is an excellent way to reduce costs and manual tasks associated with direct fundraising. However, using the Internet for donation processing requires stringent security processes. Here are a few key issues to consider:
SSL Does Not Necessarily Make It Secure
Many people talk about their "secure" Web sites when they actually mean that the communication between the Web browser (such as Microsoft Internet Explorer® and Netscape®) and the Web server is encrypted using the Secure Sockets Layer (SSL), a standard set of Internet communication rules, for managing the security of message transmissions over the Internet. While using SSL is essential, it is one minor element of an overall security architecture.
People who hack, or break into, Web servers, typically do not do it by tapping into connections from browsers. Instead, they do it by attacking other weak points, including the human element. In fact, about 80 percent* of successful online "break-ins" involve simply stealing passwords to gain access. Therefore, any organization should carefully consider end-to-end security processes before offering online donation processing on its Web site.
Storing Credit Card Numbers
Another key concern is securing credit card numbers once the Web site has accepted them. Smaller e-commerce software providers are often lax about this aspect of security, so organizations should be careful to understand a provider"s security policies before using the company"s services for online transactions.
In addition, many organizations encrypt their Web databases, mistakenly believing that this protects the data. However, a hacker who breaks into a server gets not only the encrypted data, but also the decryption keys and software, enabling them to obtain the card numbers. There is also the risk of a security breach if credit card data is available to staff members.
The only truly safe solution, which Convio's online software uses, is both simple and bulletproof: Do not store credit card numbers at all. Convio"s donation processing capabilities authorize credit cards in real time, and then immediately discard the card number. Follow-up transactions, including refunds or monthly donations, are processed using one-time reference codes that are tied to the nonprofit's account and useless to a fraudster. Card numbers are only stored by the payment gateway, or the system that manages transactions and connects the Internet to banking networks, whose systems are highly secure.
Fraud is Not the Issue, It's Carding
Most online transactions are e-commerce purchases, where a company ships goods or other items of value in response to a purchase. So, anti-fraud measures typically are designed to prevent the fraudster from receiving the merchandise. A fraudster has nothing to gain from a counterfeit donation, however, so these measures typically are not useful to nonprofits.
A practice known as "carding," though, is an issue for nonprofits. Fraudsters use a low-dollar online donation to test the validity of guessed or stolen card numbers. Although carding does not defraud the nonprofit, the organization is burdened by the administrative work required to issue a refund to the real credit card holder. Until recently, the only solution was for an organization to use software that monitored the Web site for failed transactions. Today, however, use of additional CVV2 security codes (the 3-4 digit additional numbers on credit cards) is a promising alternative. Unlike the old Address Verification System (AVS), CVV2 was designed for automated fraud protection, and is gaining ground in the USA. (Note: Convio's September product release will offer CVV2 support for all transaction types.)
Note from the Coach: Convio's 4.0.5 release will include the ability to turn on a feature which requires your online donors to provide the CVV number on their credit card.
Conclusion
Strict credit card security is critical for any organization offering online donation processing on its Web site. By keeping in mind key issues when creating security strategy, organizations can help to ensure safe transactions for their online donors.
-
Data from Carnegie-Mellon CERT advisory center.
Related Articles
What is the life cycle of a transaction processed through a credit card?
What are AVS and CVV and should I use these on my site?
Are credit card donations secure?
Why are my donors seeing multiple charges on their accounts?
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 1 YourCause® from Blackbaud®
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 124 Ninja Secret Society
- 32 Blackbaud Raiser's Edge NXT® Receipting EAP
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 1.1K ARCHIVED FORUMS | Inactive and/or Completed EAPs
- 3 Blackbaud Staff Discussions
- 7.7K ARCHIVED FORUM CATEGORY [ID 304]
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board