Fundraising Platform Security
While we do a lot of things differently at Snowball, we don’t break the rules.
We’re big believers in following industry best practice security standards.
Email Fraud Prevention
Snowball performs fraud analysis on every transaction that moves through our system, using industry standard and proprietary algorithms to verify the customer identity, the origin of the request, and the validity of the transaction.
Snowball monitors incoming email characteristics for “red flags” and requests additional confirmaton where we are unable to verify a transaction’s source.
Credit Cards are stored in a PCI-compliant vault
All credit card information is handled under strict PCI compliance. Customers’ full payment information is stored in an independent secure 3rd party vault, not on Snowball’s servers.
Tokenization and Information stored by Snowball
Snowball creates a token representing each transaction. The consumer’s email address is the bridge between the Snowball token and the payment token issued by the payment vault. No credit card data is contained within an Snowball email, so the customer is always protected.
All sensitive data transmitted through secure connection
Snowball only uses Secure HTTP connections for all services we provide. All data is encrypted with industry-standard SSL certificates when in transit over public networks. Customer data and other sensitive information is stored in a secure database on a network with no public internet access.
Snowball servers are protected by firewalls and security rules to limit access. All server transactions are logged and audited by automatic processes. Snowball utilizes Host-based Intrusion Detection systems to alert us of unusual activity.
Snowball’s servers are located in world-class, highly secure data centers with electronic surveillance and multi-factor access control systems. Data centers are staffed 24/7 by trained security guards, and access is strictly controlled.
Text Message Dual Factor Authentication
Snowball provides a unique Dual Factor Authentication in our text payment solution that utilizes both SMS and email. SMS spoofing can create issues not only for the consumer but also for an organization’s merchant account. Without a secondary form of identification it is very difficult to verify the authenticity of transactions done over SMS.
When an Snowball consumer texts to donate or pay a bill from a Snowball-registered phone number, Snowball will send back a text message with a MAILTO link, which automatically generates the payment email. When the consumer sends the email, Snowball processes the payment. In other words, the payment is initiated through SMS and then seamlessly confirmed through SMTP.