Are Nonprofits Required to be PCI Compliant?

Are Nonprofits Required to be PCI Compliant?

All merchants (businesses or organizations) who accept, store or transmit credit card data are required to be PCI compliant and this includes non-profit organizations, schools, and churches. Even if your organization processes a very small volume of credit card sales or donations, you are required to maintain PCI security standards to protect your constituent data.

The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment cards (credit and debit cards) and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).

How can organizations become PCI compliant?

PCI standards were created to keep your donor and customer financial data secure against theft and fraud. In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domains hosted on them must be audited every three months. So maintaining the PCI standard is an ongoing process, not something your organization can do once and forget about. PCI defines the following three-step process to showing and maintaining compliance:

  1. Assess — Take an inventory of your hardware and business processes involved in credit card processing, and analyze them for vulnerabilities that pose a risk to your cardholders’ personal data. This is generally done with the PCI Self-Assessment Questionnaire (SAQ).
  2. Re-mediate — Fix any vulnerabilities found. The Security Standard mandates that any vulnerabilities found and categorized as Urgent, Critical, or High severity must be corrected within 72 hours of their discovery.
  3. Report — compile and submit required remediation validation records (if applicable), and submit required compliance reports to your merchant service provider.

DoJiggy Software is PCI Compliant

Choosing a compliant software provider is key to maintaining compliance and safeguarding your donor and constituent data. At DoJiggy, we work hard every day on security and compliance for all of our fundraising software. Learn more about our strict security policy or contact us to request a current Attestation of Compliance.

DoJiggy Software is PCI Compliant

PCI Compliance For DoJiggy Payments and DoJiggy Merchant Services Clients

There are many benefits of choosing DoJiggy for your payment processing provider. With DoJiggy Payments, you do not have a full merchant account and do not need to submit PCI compliance documents, We handle all of that for you.

Our Merchant Services division offers organizations low industry rates, no binding contracts or termination fees, and a free donations website for clients that have more comprehensive processing needs.

DoJiggy Merchant Services also makes PCI compliance easy and safe for our customers. We partner with Total Merchant Services (TMS) who has a team of PCI specialists to walk you through the process.

  • Simply call them at (866) 485-8999, 1550. You should have your MID (Merchant ID number) handy and note that the call must be handled with the account signer.
  • You may also submit the written PCI Self-Assessment Questionnaire (SAQ).
  • You can also visit My PCI to begin the process of becoming PCI compliant if your organization has a more complex system for PCI regulation.

Read more about the considerations of using merchant services, PayPal, and DoJiggy Payments.

Lisa Bennett

About Lisa Bennett

Lisa is the Sales Director at DoJiggy. She joined DoJiggy in 2006 and loves her job. Prior to working with DoJiggy, she worked at several non-profits and managed special event fundraising.

See other posts from Lisa Bennett