Let’s face it: Most people don’t know what PCI compliance is. Those that do hardly ever get excited about it.
It’s a complex and difficult subject to navigate. Today, data security is a top priority for cardholders and organizations alike, especially as the threat of data breaches becomes more ubiquitous in our increasingly digital and connected world.
It’s important for nonprofits to understand PCI compliance, why it’s necessary, and what steps you can take to make sure your organization is compliant. More often than not, it’s hard to know where to begin the certification process. Neon One is here to help.
Let’s take a look at what PCI compliance is, what it entails, and how to enroll in Neon One’s free PCI compliance program to keep your organization safe and secure.
What is PCI Compliance?
The “PCI” in “PCI compliance” stands for “Payment Card Industry.” It’s a shorter version of “PCI DSS,” which stands for “Payment Card Industry Data Security Standard”
The requirements were developed by the PCI Security Standards Council, which is made up of representatives from Visa, MasterCard, American Express, Discover, and JCB. The first version of the PCI DSS, version 1.0, launched in 2004.
The PCI requirements set standards for how different entities handle credit card information and related data. Any company or organization that receives, processes, stores, or otherwise handles credit card information must comply with those requirements.
Why is PCI Compliance Important?
PCI compliance is a requirement for any organization processing credit or debit card transactions. If your donors ever share their credit card information with you—including when they give online, make donations at events, pay for memberships, or purchase items from your online store—you have to be compliant.
If you’re a Neon One client, you can relax—our systems are PCI-DSS Level 1 compliant. That’s the highest-possible level of compliance, and it means our systems are regularly evaluated to ensure they’re secure. When someone makes a gift through one of your Neon One forms or events, we keep their information safe with the highest-possible level of security.
There are other precautions your nonprofit may need to take to make sure the rest of your operations are similarly protected. Read on to learn how you can use our new program to keep your organization up to date with PCI compliance standards.
What Are the Benefits of Being PCI Compliant?
1. It Keeps Your Donors Safe
Data leaks are a threat to anyone who uses their credit card online. That includes donors who make donations on your website.
Nonprofits are increasingly the target of data breaches: Leaks are up 33% from 2020 to 2021. Attackers frequently target small businesses and nonprofit organizations because they are less likely to have sophisticated security measures in place.
With this growing number of security incidents, your organization needs the right tools, knowledge, and guidance as you invest in security measures that will keep you compliant. This is where Neon One can help!
When you stay compliant with PCI requirements, your donors’ information is as safe as possible in accordance with current global standards.
2. When Your Donors Are Safe, You’re Safer, Too
A donor having their credit card information compromised is bad news. Anyone who’s had their own card compromised knows how frustrating it is to dispute claims, lock down their accounts, and wait for new cards. It can also be bad news for your organization, too. When a donor’s information is compromised, their trust in your organization is diminished—that can impact donor retention and the likelihood that they donate again in the future.
There are other reasons to prioritize keeping your data secure. Data leaks can be very expensive: In 2022, the average cost of a data breach is around $4.35 million. Even a fraction of that expense could be devastating for a nonprofit. Breaches may also result in litigation against your organization, which is expensive and time-consuming. Keeping your donor’s data safe keeps you safe, too.
3. Remaining PCI Compliant Can Help You Avoid Legal Complications Related to Data Leaks
If the worst happens and donor information is compromised, it will be important for you to be able to prove you did everything you could to keep your donors safe. Staying in compliance can help protect you from litigation in the event of a data leak. Being able to show that you’ve taken every possible precaution is a powerful way to protect yourself.
What are the PCI Requirements?
The PCI Security Standards Council established 12 requirements that must be maintained by organizations who process credit card transactions. If you fall into that category, you must:
- Protect your system with firewalls
- Configure passwords and settings
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Regularly update and patch systems
- Restrict access to cardholder data to business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to workplace and cardholder data
- Implement logging and log management
- Conduct vulnerability scans and penetration tests
- Documentation and risk assessments
You can learn more about each of the requirements in this article, which goes into more detail about each of the 12 requirements.
How Does Neon One Help?
In addition to providing secure, PCI-DSS Level 1 compliant web software and payment processing solutions, Neon One’s PCI offers a free compliance solution available to all Neon One customers. The program is possible because of our partnership with SecureTrust, a Sysnet Global Solutions company and a leading PCI compliance solutions provider.
We know maintaining PCI compliance can feel like a daunting task. Have no fear! You will be fully supported throughout the process from the very start. The PCI program will offer step-by-step compliance certification assistance on an annual basis. It also includes access to PCI experts 24/7 via email, phone, and chat support.
You’ll be guided through the compliance process step by step in three different phases. Here’s what you can expect:
- A self-assessment questionnaire that will help you evaluate your compliance level and identify areas for improvement
- A quarterly “Approved Vendor Scan” (AVS), which will help you evaluate your online security
- An “Attestation of Compliance” (AoC), which is an official declaration that your organization has taken every necessary step to guard your data
- $100,000 in data breach protection as soon as you’re part of the program, as well as comprehensive training materials and policy templates
When you participate in this program, you won’t have to worry about researching PCI requirements and navigating jargon-heavy articles. We’ll guide you through the whole process.
How Do I Take Advantage of Neon One’s PCI Compliance Program?
We’re excited to be able to offer our customers a free, quick, and easy way to stay protected. Neon One clients can enroll in this program in three easy steps:
- Begin the enrollment process within the Neon One Portal.
- Designate a PCI Contact at your organization who can complete the certification process and administer your SecureTrust compliance account.
- You’re ready to go. Once your contact is granted access to the portal, SecureTrust makes certifying your compliance a snap, and they’re ready to help along the way with around-the-clock support.
PCI Compliance is Complicated, But Neon One is Here to Help
Staying compliant with the safety requirements established by the PCI Security Standards Council keeps your donors—and your organization—safe. To stay compliant, you must adhere to the 12 requirements outlined by the Council.
If you’re a Neon One client, you automatically have access to the tools you need to keep your organization safe. Our PCI Compliance Program will guide you through the process of getting and staying compliant, and it gives you $100,000 in data breach protection. You can read more about our PCI Compliance program in our support center and enroll in the PCI Compliance Program within your Neon One Portal dashboard.
If you’re not a Neon One user and are looking for a solution that will help you keep your donors safe, we’re here to help. Schedule a call with our sales team to learn more about Neon One, our fundraising and donor management tools, and our PCI Compliance Program.
Join the discussion in our Slack channel on connected fundraising