Are Mobile Donations Safe? Make Sure You’re Asking the Right Questions

SAFEAbove all else, you want to choose the most secure way for your donors to give through their phones and tablets.

Before you can select the most safe and secure software, though, you need to know exactly what questions to ask.

We take security concerns very seriously.

That’s why we’re here to help you figure out the most important questions to keep in mind when deciding on mobile fundraising software to purchase.

Here are the top 5 questions you should ask any mobile fundraising vendor:

1. Is the software provider PCI-compliant?
2. Do they tokenize your sensitive information?
3. Does the technology provider have controls in place to verify your identity?
4. Are they experienced with fraud prevention?
5. Where do they store their data?
6. Can the mobile software provider answer your questions?

To help you get started, we’ve compiled a list of the most important questions to ask before you sign up for a mobile fundraising platform.

pci#1. Is the software provider PCI-compliant?

pci2This is one of the first questions you need to consider when shopping for a mobile fundraising software company.

PCI-compliance means that the provider adheres to a strict set of guidelines put forth by both the credit card industry itself and a neutral third-party security agent. It’s the way all forms of transactions are judged, from online shopping to online bill-pay.

There are multiple levels of compliance, and while the PCI standards aren’t technically law, they’re payment industry-wide guidelines that should be respected by any business that deals in credit or debit card information.

Before you commit to anything, you need to verify that your mobile fundraising software provider meets all of the industry standards for security.

PCI-compliance is a positive, but even being PCI-compliant doesn’t tell the whole story.

tokenize#2. Do they tokenize your sensitive information?

Tokenization is another key part of maintaining information security. Tokenizing information is in keeping with payment card industry standards, like the ones we discussed in question #1.

When it comes to processing and storing sensitive information such as credit card numbers or CCV codes, your mobile fundraising platform provider needs to reassure you that they’re doing everything they can to keep your information safe.

What exactly is tokenization? Well, simply put, it’s the converting of private, sensitive information into indecipherable “tokens.”

It’s as though the credit card number that you input into a mobile donation form is translated into a language that only credit card companies can read. 

No identity thieves, no scammers, no sketchy middlemen can read the information or use it to make unauthorized purchases using your card number. Tokens have no exploitable meaning to anyone outside of the credit card processors. Your data is 100% safe and secure.

If the mobile fundraising platform that you’re looking into doesn’t offer tokenization, it might be time to look elsewhere.

verifyID#3. Does the technology provider have controls in place to verify your identity?

On top of PCI-compliance, your technology provider should reassure you that they’re doing everything in their power to verify your donors’ identities.

Don’t get spoofed.

Text message spoofing not only jeopardizes the safety of your donors’ information, but it can also create a huge headache for your organization’s merchant account. 

The only way to prevent this sort of tinkering is by implementing a two-factor authentication system.

This means that your potential donors must provide proof of identity through a secondary source of identification.

For instance, a payment or donation may be initiated through text message, but it has to be verified and confirmed through an email.

When you’re looking for mobile fundraising technology providers, always check that they have some way of verifying donors’ identities.

fraudprevent#4. Are they experienced with fraud prevention?

fraudprevent-2In addition to PCI-compliance, tokenization, and two-factor authentication, your provider should also be well-versed in fraud detection and prevention.

Your provider should be combing through every email, text, and transaction to be on the look-out for any and all red flags.

The industry leaders, such as @Pay, will be experienced enough to catch any suspicious activity.

Specific algorithms built for fraud detection should be able to distinguish and throw out anything fishy before it has the chance to cause any damage to your donors or to your organization.

storedata#5. Where do they store their data?

vaultData storage is not something that most people think about. Even still, it’s one of the most important factors to consider.

Your data is your organization’s lifeblood. If your donors don’t feel that their information is being stored in a secure facility, they’re not likely to feel safe trusting you with their credit card information.

The provider you choose should not only have the top-of-the-line firewalls set up around their virtual information storage, they should also invest in the physical security of those servers.

The data centers that house all of your information (as well as your donors’ information) should be heavily guarded and secure, 24/7.

answerq#6. Can the mobile software provider answer your questions?

When you sign up for a mobile fundraising platform, you should be signing on for more than just help to get you started.

Once the ball is rolling, there’s no doubt that you’ll have questions along the way. You want to be sure that you trust your provider enough to answer those questions promptly and effectively.

Don’t get left in the lurch.

Sign on with a team who knows what they’re doing and who want you to succeed, too.

Your triumph should be their triumph.

 

There you have it: all of the major questions that your mobile platform provider should be able to answer. Hopefully now you’ll feel confident asking potential providers about their safety and security measures.

 

@pay demo button

 

Comments are closed.