You’ve heard about data breaches at Target, Yahoo, Equifax, and others. How many letters and Life Lock alerts have you received about somewhere you’ve shopped or provided with your payment info? They invested in security precautions and were sure it couldn’t happen to them. Until it did.
The volunteers who help answer phones for your fundraiser are listeners so they must follow Jesus and trustworthy. Right? But what if they aren’t? All it takes is one person with the wrong motives and your ministry could be the next.
Before you run screaming from the station and set your hair on fire, there are steps you can take to protect your ministry no matter what the size.
Secure personnel. Require a criminal background check for volunteers who take pledges and payment info. If a questionable report comes back, tell them that while you and Jesus love and forgive them, your bank is not as gracious – tell them thanks but no thanks. NOTE: Consider paying your phone people. We don’t pay much, but find they are more reliable and invested in providing a quality experience for our donors when they are paid. If they don’t work out, we can (and do) gently “release” them. The ROI for this extra expense has been a higher percentage of credit card gifts, cleaner data and improved fulfillment.
Secure your phone room. No pens, pencils or paper. No cell phones, tablets, cameras or recording devices. We have hooks for purses and bins for those OUTSIDE of the phone room. No Facebook live or videos from your phone room!
Secure computers. We use basic computers to take pledges but position the screens so they can’t be seen from outside windows. They don’t have USB or CD drives. They’re wired to the internet and locked down to our donor software site. Phone people can’t Google, check Facebook, or any other internet activity!
Secure paper files. It’s harder to ensure someone is not making copies of payment info when using paper forms. Have staff closely supervise the phone room at all times watching for misconduct. Written forms need to be securely stored and then later destroyed.
Security beyond your pledge drive/Sharathon. Faxes, emails, or attachments with payment information – even transmitting scans of checks – put you at risk. Make sure communications with payment info are encrypted and password protected. Lock desks, file cabinets and offices where personal and payment info is stored.
Don’t store donor payment info. Not on paper, in a spreadsheet or in your donor software. If your vendor does store that info, make sure they provide written assurance that they are PCI compliant.
Become PCI (Payment Card Industry) Compliant. Any organization (including yours) that allows credit card payments is subject to PCI standards for accepting, storing, processing and transmitting payment data. They will question how you do things! Do you have written records? How are they secured? Is payment info stored on your donor system? Is it encrypted? Who has access? How secure is your network? If you need help, there are vendors who can assist you with your assessment. NOTE: There are stiff penalties for non-compliance if you have a breach. Your merchant account could be terminated or your transaction fees increased.
Consider Cyber Liability Insurance to protect your ministry if you experience a failure to secure personal information.
Johanna Antes is Director of Support for Radio Training Network. RTN is a family of listener supported Christian stations in NC, SC, GA, FL, AL and MO.