The simple answer is yes. All merchants (businesses or organizations) who accept, store, or transmit credit card data are required to be PCI compliant. This requirement extends to nonprofit organizations, charities, schools, and churches. Even if your organization processes a very small volume of credit card sales or donations, you must maintain PCI security standards to protect your constituent data.
What is PCI Compliance?
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment cards (credit and debit cards) and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).
How Can Organizations Become PCI Compliant?
PCI standards were created to protect donor and customer financial data against theft and fraud. To maintain PCI Compliance (certification), all publicly accessible internet devices and any associated domains hosted on them must be audited every three months. So maintaining the PCI standard is an ongoing process, not something your organization can do once and forget about. PCI defines the following three-step process for showing and maintaining compliance:
- Assess — Take an inventory of your hardware and business processes involved in credit card processing, and analyze them for vulnerabilities that pose a risk to your cardholders’ personal data. This is generally done with the PCI Self-Assessment Questionnaire (SAQ).
- Re-mediate — Fix any vulnerabilities found. The Security Standard mandates that any vulnerabilities found and categorized as Urgent, Critical, or High severity must be corrected within 72 hours of discovery.
- Report — Compile and submit required remediation validation records (if applicable), and submit required compliance reports to your merchant service provider.
DoJiggy Software is PCI Compliant
Choosing a compliant software provider is key to maintaining compliance and safeguarding your donor and constituent data. At DoJiggy, we work hard every day on security and compliance for all of our fundraising software.
Learn more about our strict security policy or contact us to request a current Attestation of Compliance.