Online Donations in the Wake of Large-Scale Security Breaches

Large-scale data security breaches, such as the one Target experienced late last year, have unquestionably increased awareness and concern surrounding the integrity of all online payment systems, including online donation forms.  Nonprofits of all sizes should ensure their systems and procedures comply with standards for data security compliance and reassure their donors that their sensitive information is safe.  While the risk of data security breaches may never completely go away, nonprofit organizations can empower themselves to reduce their risk.  This post, originally published in the iATS Payments news section, discusses this topic in more detail.

Details continue to come forth about the recent attacks on Target customers who used their credit and debit cards during the height of the holiday shopping season. Charitable foundations should recognize the need to ensure secure payment processing for donors wishing to contribute online. While the situation affecting Target, as well as a growing list of other small businesses, is a far more public and large-scale security breach, nonprofit organizations are not immune to cybercrime and should be taking the necessary steps to prevent donor information from being stolen.

Widespread use of malicious software

According to cybercrime research firm IntelCrawler, there have been a minimum of six attacks on U.S. retailers whose payment processing systems have been infiltrated by malware. The New York Daily News reported the majority of attacks have been targeted at U.S.-based retailers, but 30 percent of instances of BlackPOS infections were found in other nations, such as Canada and Australia. In reality, the malware that the cybercriminals used isn't new and dates back to 2005 – and potentially to a code found in cybercrime forums in 2003.

"For consumers, I would point to zero liability. They are protected," Rosetta Jones, spokeswoman for Visa explained.

Donors need to understand their information is secure

At the same time, public data breaches, such as the ones most recently afflicting U.S. retailers, can influence donors as they decide how to make contributions. For charitable foundations that accept online donations, here are some tips:

• Remind people looking to pay with their credit card that their financial information will remain secure.
• Ensure your nonprofit is working with a payment processing software provider that has the most up-to-date fraud protection built into their tools. 
• Ask for specifics - some payment processors may offer customizable fraud prevention measures to help reduce the risk of the most typical types of fraud. 

In this era of heightened awareness about the security of credit card transactions, it is critical that nonprofit organizations understand how the systems and providers they select protect them and their donors from the risk of data security breaches. 

Want to learn more? See iATS’ original full post on the topic here.

iATS is partnering with Idealist Consulting on a webinar focused on best practices in online donations March 5, register here to join.