Payment Processing for Nonprofits: The Basics

The Basics of Payment Processing

Payment processing may seem like an elusive and confusing topic. Many people don’t think about all of the backend processes that occur whenever an online donation takes place. Luckily, we’ve got all of your bases covered! Click on a section to start learning about payment processing and how it relates to your organization.

Payment Processing: The Basics

What is payment processing?

Payment processing is a broad term that encompasses any activity that helps a nonprofit accept online payments or donations. These online payments can include membership dues, event tickets, or merchandise sales. Payment processing is what moves the donation or payment from the donor’s bank account into a nonprofit’s bank account.

Why is payment processing important?

Without payment processing, all of a nonprofit’s revenue would have to come in from cash or check donations. While many organizations still have supporters that give in these ways, the vast majority of contributions are made online or with mobile devices. Payment processing moves the funds more quickly than cash or check donations can.

Key Payment Processing Terms

Before we get into some of the more detailed components of payment processing, it’s important to have a solid handle on some key payment processing terms out there. This is not an exhaustive list of all of the payment processing terms you will ever come across, but it is useful for understanding the main points laid out in this guide.

ACH Direct Debit Processing

ACH (Automatic Clearing House) direct debit processing is one of the ways your nonprofit can collect online donations. ACH direct debit donations are made using a donor’s bank account number and routing number (found on the bottom of a personal check).

ACH direct debit is an easy way for donors to set up recurring donations that are taken out of their bank account each month.

Credit Card Processing

Credit card processing is the most common type of payment processing. Most people are familiar with credit card processing as it relates to online shopping, but it’s become a common avenue for nonprofits to collect online donations and membership dues as well! The majority of payment processors will allow your nonprofit to accept most major credit cards, although the fees for each type will differ.

Payment Gateway

Think of the payment gateway as the first point of contact during the credit card donation process. The payment gateway uses the information that the donor gives on the donation form and validates it to make sure that the credit card number and the name associated with it are not fraudulent. If the payment gateway detects anything suspicious, the payment processor will notify the nonprofit and pause the transaction.

Aggregated Payment Processor

An aggregated payment processor (or simply, “aggregator”) is a payment processor that handles multiple accounts and processes multiple donations and transactions all through the same payment gateway and merchant account. These types of payment processors take care of all of their clients’ transactions and run them through a singular merchant account. PayPal and Stripe are examples of aggregators.

Dedicated Payment Processor

A dedicated payment processor helps nonprofits and businesses accept and process transactions and allows them to choose their own merchant account or use their existing one (when applicable). A dedicated payment processor can also help customers choose a merchant account that works well for them. A dedicated payment processor may work solely with nonprofits, solely with for-profit businesses, or a mixture of both!

Merchant Account

A merchant account is a special kind of bank account that helps facilitate payment processing. A payment processing company will either help you set up a merchant account (dedicated payment processor) or will allow you to use their own merchant account (aggregated payment processor). A merchant account does nothing but hold a donation while it is being processed, but you can’t accept contributions online without one.

AVS

AVS (Address Verification System) is a way for payment processors to check the legitimacy of a credit card transaction. AVS checks the billing address that the donor offered during the donation process against the address that is on file with the donor’s credit card company. If they look suspicious or don’t match, the payment processor notifies the nonprofit.

PCI Compliance

PCI compliance speaks to a payment processor’s adherence to the payment card industry’s data security standards (PCI DSS). Payment processors that stick to these standards minimize the fraud risks associated with online payment processing. If they aren’t PCI compliant, nonprofits could lose the ability to accept online donations and payments.

Batch Processiog

Batch processing is how the Automated Clearing House (ACH) processes direct debit transactions on a regular basis. Instead of processing each ACH transaction individually, the clearing house will process groups (or “batches”) of transactions at a time. This means that ACH processing doesn’t always occur in real time; it is often delayed by 24-48 hours.

How Does Payment Processing Work?

Credit card processing and ACH direct debit processing might seem like time-intensive and complicated systems. In reality, the entire process takes less than a few minutes! The two processes we’ll outline here are granular for a reason. Knowing how a payment processor works will help your nonprofit know what to do if something ever goes wrong.

How Does Credit Card Processing Work?

This is the first step in the credit card payment process.
1. Donor makes an online contribution with a Visa, MasterCard, American Express, or Discover card.
A supporter kicks off the credit card processing system by using a donation form, text-to-give tool, a mobile bidding app, or another type of fundraising software to make a contribution with their credit card. They normally have to input the credit card number, security code, expiration date, their name, and billing address to complete the form.
This is the second step in the credit card payment process.
2. Credit card information is sent to the payment gateway.
Once the donor hits the “Submit Donation” button, their credit card information is sent to the payment processor’s payment gateway. The payment gateway checks to make sure that the credit card numbers are legitimate and belong to the donor who has made the contribution. If something doesn’t add up or looks suspicious, the payment gateway will notify the nonprofit and put a hold on the transaction. If everything is okay, then the process continues.
3. Payment processor sends the transaction to the credit card company’s network for additional authorization.
If the payment gateway approves the transaction, it is then sent to the credit card company’s network. Visa and MasterCard are examples of a credit card company network. During this step, the credit card network will also send the transaction to the donor’s credit card bank.
This is the fourth step in the credit card payment process
4. Approval or denial is sent to the supporter and the organization.
Once the transaction goes through the credit card network and the bank, it is either approved or denied. The outcome is then sent to the supporter (in the form of a confirmation screen and a donation receipt or email) and the nonprofit (in the form of a notification in their payment processing software).
This is the fifth and final step in the credit card payment process.
5. Donor’s bank sends the funds to the nonprofit’s bank account.
This step is self explanatory! Once all of the backend processes have occurred, the donation is deposited into the nonprofit’s bank account from the donor’s credit card bank. Depending on the type of card used and the particular payment processor, it could take 24 hours to a week for the funds to actually transfer.

How Does ACH Direct Processing Work?

This is the first step in the direct debit process. The donor makes a contribution
1. Donor makes a contribution.
A donor that makes a contribution using ACH direct debit will have to input their bank account number and bank routing number. These are found at the bottom of a physical check. The donor may also have to give a billing address and other types of verification.
This is the second step in the direct debit payment process.
2. The supporter’s bank initiates the ACH entry.
The donor’s bank is known as the Originating Depository Financial Institution (ODFI). When a donor makes a contribution using ACH direct debit, they essentially signal to their bank that a payment should occur.
This is the third step in the direct debit payment process
3. The bank transmits transactions in groups called “batches.”
The ODFI then transmits batches of ACH payments to an ACH Operator. There are two ACH Operators in the U.S.: the Federal Reserve or the Automated Clearing House.
4. The ACH Operator sorts and processes the batches.
The ACH Operator will process the batches as they come in, but because there are hundreds of thousands of transactions occurring every day, it can take anywhere from 24-48 hours for the sorting and processing to be completed.
This is the final step in the direct debit payment process
5. The funds are transferred from the donor’s bank account to the nonprofit’s bank account.
Once the ACH Operator has processed the batches of transactions, it signals to the donor’s bank that the funds are ready to be transmitted to the nonprofit’s bank account.

Benefits of Having a Great Payment Processor

Accept Donations Quickly

A great payment processor will help your nonprofit accept donations quickly and easily. While the payment processing system seems in depth and complicated, the whole things takes a matter of seconds or minutes. A great payment processor can enable your organization to fundraise more quickly and more effectively.

Securely Process Payments

The best payment processors will adhere to the highest levels of PCI compliance and will offer their nonprofit clients fraud protection tools like BIN checking, AVS, tokenization, encryption, and more. Without these, your organization is open to fraud, which can not only affect your nonprofit but your supporters as well.

Capture Donor Information

Every time someone makes an online donation, they must input a minimum amount of information to complete the transaction. And if your payment processor integrates with all of your other types of fundraising software, then your donor data will be synced regardless of whether a donor made a contribution using a mobile bidding app, text-to-give tool, or standard donation page!

Integrate with Other Fundraising Software

The best payment processors will be able to integrate with your existing fundraising software platforms. Comprehensive integrations will help sync your data across all of your fundraising efforts. Whether someone donates using your mobile giving app, your peer-to-peer page, or a standard donation form, a great payment processor will be able to sync all of the data and keep it in one, easy-to-access location.

Payment Processing Security and Fraud

Any time information is passed over the internet, donors and nonprofits alike express some hesitancy. Will the data be safe? Will credit card information be compromised? What happens if someone tries to commit fraud? These are all legitimate questions, and we’ll answer them right here! Click on a section to learn more about payment processing security features and fraud detection and prevention.

What Is PCI Compliance and Why Should Your Nonprofit Care?

The best church online tithing tools are PCI-compliant.

What Is PCI Compliance?

PCI Compliance deals with a payment processor’s abidance to the payment card industry’s data security standards (PCI DSS).

There are a dozen rules and strict standards that the payment card industry has in place to protect both consumers and organizations (businesses and nonprofits) from fraudsters and thieves.

Payment processors will often charge nonprofits an annual PCI compliance fee to ensure that they are able to meet the payment card industry’s standards.

Why Is PCI Compliance Important?

PCI compliance is extremely important from both a legal standpoint and a moral one.

If a nonprofit chooses a payment processor that is not PCI compliant, they will likely lose the ability to process donations and could face hefty fines for each transaction that went through the processor while it was not in accordance with the PCI’s guidelines.

Additionally, maintaining strict PCI compliance is crucial for gaining and keeping donors’ trusts. If supporters feel like their information is being put at risk, they are less likely to continue making those contributions.

Common Payment Processing Security Features

AVS

What Is It?

AVS, or Address Verification System, is a way to check the legitimacy of a credit card transaction. It compares the address that a donor gives on a donation form to the address that is on file with that supporter’s credit card company.

Why Is It Important?

AVS allows nonprofits to spot fraudsters quickly. If an address doesn’t match with the one on file with the credit card company, the payment processor notifies the nonprofit and holds the transaction until the donor’s information is verified.

 

Encryption

What Is It?
Encryption takes sensitive data (i.e., a credit card number) and jumbles it up into what’s called ciphertext. The ciphertext is unreadable unless you have the “key” to unlock and unscramble it.
Why Is It Important?
Encryption is a pretty standard fraud protection method, but that’s because it works! When sensitive data is scrambled, it’s much harder for fraudsters to steal and use for their own purposes.

BIN Checking

What Is It?

BIN checking, or Bank Identification Number checking, is a form of fraud protection for ACH direct debit transactions. BIN checking analyzes the bank account number that a donor provides during a transaction and confirms (or denies) that it is legitimate.

Why Is It Important?

ACH direct debit fraud is not as common as online credit card fraud, but it is still a way for fraudsters to cheat people out of their money and fool nonprofits. BIN checking is a simple but effective way to make sure that an ACH direct debit transaction is authentic.

Card Verification Code Requirement

What Is It?
A credit card verification code is the 3 or 4 digit code found on a credit card that serves to further authenticate an online transaction. Online credit card fraudsters will use a process called credit card tumbling to find credit card numbers that they can use to make large purchases. However, if your donation page requires a verification code, the thief has to guess that number too. Unless they have the physical card, this is much more difficult to do.
Why Is It Important?
Many fraudsters will test stolen credit card information on a nonprofit’s donation page before they go on a spending spree. Why? Well, if the donation successfully goes through, the thief knows that it can be used for other purchases (at least for a little while, anyway). Adding an extra layer of verification can deter thieves from making these types of “donations” and using stolen credit cards for fraudulent purchases.

Payment Processing Security and Fraud: How to Detect and Avoid It

Credit Card Fraud

What is Credit Card Fraud?

Card not present fraud (or online credit card fraud) occurs every day. Most fraudsters will steal credit card numbers and use them for their own personal use.

But in order to check that the stolen numbers can be used, many scammers will make a small donation to a nonprofit.

If the contribution goes through, they know that the card number is still good, at least for a little while longer.

How to Detect Credit Card Fraud

An easy way to detect this type of online credit card fraud is to be on the lookout for small, often random donations.

If you see contributions for amounts like $1.59, $2.47, or $3.13, it might be a fraudster trying to test a stolen credit card on your nonprofit’s donation page.

Another easy detection method is using an address verification system (AVS). If the address that a donor gives doesn’t match up with the address on file with their credit card company, a red flag should appear.

How to Avoid Credit Card Fraud

Avoiding all credit card fraud is impossible, but your nonprofit can minimize the number of occurrences of fraud with a few simple tips.

First, create a minimum donation amount of $15. This will deter many fraudsters from using your donation page as a testing ground for stolen credit card numbers (plus, it boosts your average gift size!) Additionally, use AVS for all credit card transactions. If something looks fishy, you should establish additional verification options to determine a card’s legitimacy.

Finally, require card verification codes on your donation forms. This additional level of security will discourage many scammers from making fraudulent donations.

Credit Card Refund Scam

What is Credit Card Refund Scam?

A credit card refund scam is a different type of credit card fraud. It usually involves a scammer making a large donation, say $3,300. The next day, they contact the nonprofit and explain that the “donation” was made in error; they only meant to give $33, but incorrectly typed in the amount.

They then ask for a refund to a different credit card or by check, but tell the nonprofit that they can keep a portion of the donation.

The unaware nonprofit refunds the large donation to the scammer, getting hit with a chargeback fee in the process.

How to Detect Credit Card Refund Scam

Truthfully, the only way to detect a credit card refund scam is to be wary of donors who ask for refunds on donations.

While there will be honest supporters who truthfully made an incorrect contribution, it’s always wise to be on the lookout for suspicious “donors” who request refunds on large donations to other credit cards or via check.

How to Avoid a Credit Card Refund Scam

While there is no surefire way to avoid a credit card refund scam, your nonprofit can put measures in place to ensure that fraudsters aren’t making off with other people’s funds.

Simply, your nonprofit should never refund a donation to another credit card or via a mailed check. A “donor” who requests this is likely a scammer. While you will have to refund the large donation to the actual owner of the credit card, you won’t be responsible for helping a scammer make off with a lot of money.

ACH Fraud

What is ACH Fraud?

ACH fraud is similar to a credit card refund scam. However, after asking for a partial refund on a large donation, the scammer will then contact their bank and tell them that the charity took the wrong amount, resulting in two large refunds for the fraudster.

How to Detect ACH Fraud

Again, detecting ACH fraud is all about looking for suspicious refund requests. If a donor claims that a donation was made in error, they might be telling the truth. But if they say that they want the refund made to a different account or with a check, your nonprofit should pay more attention.

How to Avoid ACH Fraud

You might not be able to avoid all ACH fraud, but if you refuse to refund donations to other accounts or via check, you can greatly minimize the instances of ACH fraud.

Choosing a Payment Processor

Choosing a Payment Processor

Now that you know all about payment processing, it’s time to pick a provider! Before you sign a contract, make sure you read through these three sections about picking the best payment processor for your organization.

How to Pick a Payment Processor​

Integration

Arguably, learning about the integration options that a payment processor has is one of the most important steps in selecting a payment processor. If a payment processor doesn’t integrate with your other pieces of fundraising software, you will have to manually input and sync all of the data from each piece of software.

To avoid this data nightmare, select a payment processor that integrates with all (or at least most) of your other fundraising software.

With each piece of fundraising software using the same payment processor, it doesn’t matter if your donors give via a text-to-give tool, or your standard donation form: all of the data will be synced in one place!

Fundraising knowledge/background

Some payment processors solely work with for-profit businesses, and others have a mixture of nonprofit and for-profit clients.

While some of these payment processors will claim to have extensive nonprofit knowledge, few of them can actually deliver on that promise.

This should be a major consideration for your organization. Wouldn’t you rather work with a payment processor that only serves nonprofit clients and has background fundraising knowledge than a payment processor that also works with for-profit clients and is only vaguely aware of the fundraising struggles that nonprofits face?

Cost and fees

Of course, your organization will need to examine the various fees and costs that come along with a payment processor (as you would before purchasing any kind of software).

Make sure that you inquire about any incidental fees and recurring costs and pay special attention to the fees associated with credit card donations. Every credit card will have a different fee structure, so it’s important to understand the different costs before you get your first monthly statement.

Security Options

Security should be of the utmost importance to your nonprofit. Not only will a secure payment processor protect your donors’ data, it will also help keep your organization safe from fraudsters and hackers.

Do not choose a payment processor that is not in line with the payment card industry’s data security standards.

Your nonprofit is at a much greater security risk, and you can even lost the ability to accept online donations!

Payment Processing Questions that Nonprofits Might Have

Can our organization just use PayPal?

Technically, yes. Many small, up-and-coming nonprofits turn to PayPal as an easy way to accept donations while they figure out the nuts and bolts of their mission and first few projects or events.

However, PayPal is really only a bandaid fix for a nonprofit’s payment processing needs. Established organizations need a dedicated payment processor and their own merchant account in order to safely process the many donations they accept.
Because PayPal is an aggregator, all of its clients’ transactions are processed through their own merchant account. This means that if something goes wrong with that merchant account, your nonprofit’s funds (as well as other clients’ funds) are put at risk.

Additionally, a PayPal donation page cannot be customized to fit your nonprofit’s unique brand; lack of branding on a donation page reduces the average size and number of donations that your nonprofit brings in.

In conclusion, yes, your organization can use PayPal. But dedicated payment processors are a much better option in the long run.

How often does credit card fraud happen to nonprofits?

Each year, nonprofits experience an average loss of $85,000 due to credit card and ACH fraud.

Card-not-present (i.e., online) fraud peaks in the last two months of the year, with the 10 busiest days for online credit card fraud occurring in November alone.

These numbers may be intimidating and unnerving, but if your nonprofit chooses a payment processor with the proper fraud protection and prevention tools, you can minimize the risk of processing online donations.

Should we accept credit card and direct debit payments?

Your nonprofit can choose to accept solely debit or credit card payments, but it’s highly advisable that you offer both to your donors.

Why? Well, as we’ve already highlighted, each payment form offers its own distinct advantages. Not all of your donors will have credit cards, but some of them will still want to give online. Other donors will want the familiarity that comes with using a credit card to make a donation or purchase.

You can give both of these demographics the option to give however they would like if you offer both credit card and ACH direct debit options!

How important is integration?

If your payment processor doesn’t integrate with your nonprofit CRM, donation page software, text-to-give tool, or other fundraising software, you will have to manually input any information from that payment processor into your other pieces of software.

Luckily, there are some payment processing options that will integrate with nearly all of your other pieces of software. This makes it easy to consolidate the donor info from your mobile bidding software, text-to-give tool, standard donation form, and more!

Payment Processing Fees

Flat Fees

What Are They?

Flat fees are costs that occur either once or on a monthly or yearly basis. Some payment processors will charge different flat fees for different services, products, or support.

Examples of Flat Fees

Transaction Fees

What Are They?

Transaction fees occur each time a donor makes a contribution using a credit card or ACH direct debit. These fees will vary depending on the card being used, but are usually a flat fee plus a small percentage of the donation. Some payment processors will offer discounted rates for nonprofits.

Examples of Transaction Fees

Incidental Fees

What Are They?

An incidental fee will occur whenever a specific event takes place. They are most often associated with disputed transactions and chargeback fees. There will be months where you may have to pay more incidental fees, but there will be times when you don’t have to pay any at all!

Examples of Incidental Fees

Additional Resources

While PayPal is a widely used by for-profit businesses and nonprofits, it’s not the best option for nonprofits. Learn the many challenges you’re organization might face when using PayPal and the solutions alternative provides offer.

If your organization is looking free and low-cost nonprofit software (including payment processing tools), we’ve created a list of our top recommended providers. Keep reading to learn about excellent tools with a low price tag.

 

A rising trend in online donations is passwordless login options. Learn about three different types of passwordless authentication and how your organization can implement these methods in to your online fundraising tools.