PCI Compliance - How it Applies to Online Giving

by Abigail Schulz

An ongoing concern for any individual completing transactions online is security. It is a regular question that is asked and it should be. You should be concerned about your transaction security. In this post, we cover security and PCI compliance of the merchant account and our online giving and fundraising website.

When a merchant account is opened, every business, even nonprofits, must take a mandatory PCI quiz. PCI stands for Payment Card Industry and is used to describe any business, or organization, that accepts credit and debit payments. In order to protect cardholder data, PCI standards were setout by Visa, Mastercard, Discover, and AMEX.

Why do I have to take a quiz as a nonprofit when Continue to Give is the online giving software?

The answer is, because you are directly involved in processing of credit and debit transactions through the use of a merchant account. The quiz is mostly educational and it informs your processor that you understand how to protect card data. Examples of quiz items that pertain to you directly are, not to write down anyone's full credit card number, or how to dispose of any card data properly. Since the quiz is very general in nature and is intended for businesses as well as nonprofits, some of the questions may not pertain to you, but rather your online giving provider or "vendor" Continue to Give. When answering these questions your default will be that Continue to Give's online giving software is PCI compliant and undergoes regular testing. Quiz assistance is available for Clearent merchant account customers at Clearent's PCI Help Line 855-864-1732.

Is Continue to Give PCI Compliant?

Your Online Giving Software, by Continue to Give, is PCI compliant (Yes! We take the quiz annually too!) and undergoes regular scans setup by TrustWave and SiteLockSecure. All card data is encrypted during the donation process per regulations. Churches and nonprofits do not store any of this data on their own servers which is a benefit of using an online giving platform. Donors can select the TrustWave and SiteLockSecure icons located at the bottom of your Donation page hosted on Continue to Give for information concerning our certified status.

How often do I need to take this quiz and what if I choose not to?

The quiz must be taken at the time your merchant account is setup and then annually for as long as you maintain the account. You will receive email reminders about the quiz with links to access it. If you do not take the quiz there will be a non-compliance fee billed monthly until you take the quiz. To avoid fees, simply complete the quiz when you receive the first reminder. At any time, you can verify your status by logging into the Clearent Compass portal and selecting 'Data Guardian' on the left. Instructions for accessing the portal are listed below. Your portal login is sent to you after initial approval of your merchant account. As soon as you receive the email with your user ID and password for Clearent's online system, Compass, visit www.clearent.com. If the questionnaire is successfully completed within your first two weeks of processing with Clearent, you avoid being charged a monthly fee. However, if you miss the deadline, the fee will be withdrawn from your account until it is completed.

DataGuardian, the PCI with Clearent, includes easy-to-understand self assessment questionnaires for your online giving, network scanning tools to help regularly monitor and protect your organization, a $100,000 Data Breach Protection policy, and valuable educational resources. Learn more at www.clearent.com/DataGuardian.

To access the Clearent-DataGuardian portal:

1. Go to www.clearent.com
2. Login by selecting Client Login in the top right corner of the screen.
3. Select the DataGuardian button on the left side of the page.
4. Click on the Get Started button to begin.
5. Verify the contact information on file for your business.
6. Use the Questionnaire Selection Wizard to find and complete the questionnaire that is most appropriate for your organization. After completing, your compliance status displays immediately.
7. Schedule any required scans.
8. Review and electronically sign the certification.

Need More Information?

If you have questions about completing the questionnaire please contact the Clearent Customer Support team at 855-864-1732 or [email protected].