Securing credit card donations

It’s no secret that the future of donations will be coming through plastic instead of paper. As online giving becomes more popular, donors will start using credit cards more and more. But how secure is this donor option?

During the recent American Institute for CPAs (AICPA) Not-For-Profit Financial Executive Forum, in San Francisco, Calif., Christopher Kradjan and Kevin Villanueva of accounting firm Moss Adams offered six suggestions on how nonprofits could secure a donor’s credit card data.

• If the card number is not needed, don’t keep it.
• Know what is on your network. Run discovery tools such as Cornell Spider, PANbuster and Vericept.
• Maintain a central repository for security-related activities throughout the year (vulnerability scan results, system/device reviews, diagrams, etc.).
• Develop security configuration standards for all your server types and devices (e.g., DCs, web, database, firewall, etc.).
• Maintain a data retention policy and stick to it.
• Encrypt databases/files prior to committing them to backup tape/removable data.