Above all else, you want to choose the most secure way for your supporters to make mobile donations through their phones and tablets.
Choosing secure donation software not only makes your nonprofit more trustworthy but also protects you from a data breach.
In recent years, data breaches—where an organization’s and user’s sensitive data has become compromised—are becoming more common.
Using secure donation software can help you prevent a password breach so that donors can confidently use your mobile giving software.
Before you can select the most safe and secure software, though, you need to know exactly what questions to ask.
We take security concerns very seriously.
That’s why we’re here to help you figure out the most important questions to keep in mind when deciding on mobile fundraising software to purchase.
Here are the top 6 questions you should ask any mobile fundraising vendor:
- Is the mobile donation software provider PCI-compliant?
- Does the technology provider have controls in place to verify your identity?
- Do they tokenize your sensitive information?
- Are the mobile donation software providers experienced with fraud prevention?
- Where do they store their data?
- Can the mobile software provider answer your questions?
To help you get started, we’ve compiled a list of the most important questions to ask before you sign up for a mobile fundraising platform.
1. Is the mobile donation software provider PCI-compliant?
This is one of the first questions you need to consider when shopping for a mobile fundraising software company.
PCI-compliance means that the provider adheres to a strict set of guidelines put forth by both the credit card industry itself and a neutral third-party security agent. It’s the way all forms of transactions are judged, from online shopping to online bill-pay.
There are multiple levels of compliance, and while the PCI standards aren’t technically law, they’re payment industry-wide guidelines that should be respected by any business that deals in credit or debit card information.
Before you commit to anything, you need to verify that your mobile fundraising software provider meets all of the industry standards for security.
PCI-compliance is a positive, but even being PCI-compliant doesn’t tell the whole story.
2. Does the technology provider have controls in place to verify your identity?
On top of PCI-compliance, your technology provider should reassure you that they’re doing everything in their power to verify your donors’ identities.
Don’t get spoofed.
Hackers often use donation forms to test out credit card numbers, donating small amounts to see if the transactions will approve.
What’s worse? Organizations with poor security are vulnerable to data breaches. Once hackers have access to your donor database, they can obtain your donors’ personal and payment information.
Fraudulent activity not only jeopardizes the safety of your donors’ information, but it can also create a huge headache for your organization’s merchant account.
The only way to prevent this sort of tinkering is by implementing a secure donation process. Steps like two factor authentication require donors to provider proof of identity through a secondary source of identification.
In a similar process, Snowball’s email authentication system allows payments or donations to be initiated through text message, but it has to be verified and confirmed through an email.
When you’re looking for mobile fundraising technology providers, always check that they have some way of verifying donors’ identities.
3. Do they tokenize your sensitive information?
Tokenization is another key part of maintaining information security. Tokenizing information is in keeping with payment card industry standards, like the ones we discussed in the first question.
When it comes to processing and storing sensitive information such as credit card numbers or CCV codes, your mobile fundraising platform provider needs to reassure you that they’re doing everything they can to keep your information safe.
What exactly is tokenization? Well, simply put, it’s the converting of private, sensitive information into indecipherable “tokens.”
It’s as though the credit card number that you input into a mobile donation form is translated into a language that only credit card companies can read.
No identity thieves, no scammers, no sketchy middlemen can read the information or use it to make unauthorized purchases using your card number. Tokens have no exploitable meaning to anyone outside of the credit card processors. Your data is 100% safe and secure.
If the mobile fundraising platform that you’re looking into doesn’t offer tokenization, it might be time to look elsewhere.
4. Are the mobile donation software providers experienced with fraud prevention?
In addition to PCI-compliance, tokenization, and two-factor authentication, your provider should also be well-versed in fraud detection and prevention.
Your provider should be combing through every email, text, and transaction to be on the look-out for any and all red flags.
The industry leaders, such as Snowball, will be experienced enough to catch any suspicious activity.
Specific algorithms built for fraud detection should be able to distinguish and throw out anything fishy before it has the chance to cause any damage to your donors or to your organization.
5. Where do they store their data?
Data storage is not something that most people think about. Even still, it’s one of the most important factors to consider.
Your data is your organization’s lifeblood. If your donors don’t feel that their information is being stored in a secure facility, they’re not likely to feel safe trusting you with their credit card information.
The provider you choose should not only have the top-of-the-line firewalls set up around their virtual information storage, they should also invest in the physical security of those servers.
The data centers that house all of your information (as well as your donors’ information) should be heavily guarded and secure, 24/7.
6. Can the mobile software provider answer your questions?
When you sign up for a mobile fundraising platform, you should be signing on for more than just help to get you started.
Once the ball is rolling, there’s no doubt that you’ll have questions along the way. You want to be sure that you trust your provider enough to answer those questions promptly and effectively.
Don’t get left in the lurch.
Sign on with a team who knows what they’re doing and who want you to succeed, too.
Your triumph should be their triumph.
There you have it: all of the major questions that your mobile platform provider should be able to answer. Hopefully, now you’ll feel confident asking potential providers about their safety and security measures.
For more information about securing your online and mobile donation forms, check out our additional resources:
- Password Security Guide: Keeping Sensitive Information Safe — Most security concerns can be traced back the infamous password. Learn about the top tips and tricks to improve your nonprofit’s password security.
- Are Your Passwords Compromised? Why Companies Are at Risk — Online donation forms aren’t the only things your organization should be concerned about when it comes to security. This article, explains why internal security is just as important.
- Why Your Website Should Utilize Passwordless Authentication — Did you know that passwords are the only way to verify a user’s identity? Passwordless options provide a secure login and donation process. Check out even more benefits of these password alternatives.