eFundraising Connections Fundraising Plugin Protects Cardholder Data

Photo of a person making an online payment with their credit card and laptop. A graphic design of lock icons is superimposed over the photo, symbolizing that the transaction is secure.

Executive Summary

eFundraising Connections, a leading political and nonprofit fundraising service, offers the most secure method to process website contributions.

Our tool seamlessly integrates into your existing website and provides your donors a trusted payment processing service that is both easy-to-use and boasts card industry data security.

Our plugin conforms to the Payment Card Industry Data Security Standard (PCI DSS), established by American Express, Visa, MasterCard, Discover Financial Services, and JCB International.

PCI DSS compliance ensures transactions are securely processed and safe from hackers. It's a rigorous, time-consuming, and expensive process to achieve and maintain PCI DSS compliance.

eFundraising Connections has invested in the security of its fundraising solution so that our clients don't have to.

Let our leading PCI DSS compliant solution handle your donors' debit and credit card data for political campaigns and nonprofit organizations.

What is PCI DSS?

American Express, Visa, MasterCard, Discover Financial Services, and JCB International developed the Payment Card Industry Data Security Standard (PCI DSS) in 2006. The group, known as the PCI Security Standards Council, created a compliance framework to safeguard transactions with security measures to prevent fraud and theft.

To meet PCI DSS requirements, certified organizations must:

  • Install and maintain a firewall configuration to protect cardholder data
  • Not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need-to-know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

While federal or state laws do not legally require PCI DSS compliance, it is a best-practice benchmark for payment processors to comply with for the safety of consumers, donors, etc.

Requirements for PCI compliance

PCI compliance depends on how many transactions a business, campaign, or nonprofit processes per year.

There are four levels of merchant types (even if you're not a merchant in the traditional sense) determined by the number of transactions.

  • Level 1

    Merchants processing more than 6 million card transactions annually

  • Level 2

    Merchants processing between 1 million to 6 million transactions

  • Level 3

    Merchants processing between 20,000 to 1 million eCommerce transactions

  • Level 4

    Merchants processing fewer than 20,000 eCommerce transactions

Level 1 enterprises must have an on-site data security assessment performed by a third-party Qualified Security Assessor.

Organizations Level 2-4 need to complete a Self Assessment Questionnaire and perform vulnerability scanning, penetration testing, and security testing to be PCI compliant.

What Are The Consequences Of Noncompliance?

A serious risk of not being compliant with PCI DSS is data theft. As hackers continue to assault systems to steal identities and credit card information, a data breach can seriously harm an organization's trust.

Additionally, enterprises can be issued fines ranging from $5,000 to $100,000 per month until they achieve compliance. These fines are not published or reported and are handed down by the PCI Security Standards Council.

Benefits Of eFundraising Connections PCI Compliant Solution

The benefits of using eFundraising Connections' PCI DSS compliant tool include:

  • Building Trust

    Trust is essential to ensure that donors recontribute to fundraising campaigns. With PCI compliance, donors will understand that eFundraising Connections will securely transmit and process their payment details, in turn, building and protecting our client's reputation.

  • Preventing Data Breaches

    With strong firewalls and encryption, eFundraising Connections doesn't retain cardholder details, making us a less likely target for cybercriminals.

  • Meeting Global Standards

    The world's leading credit organizations created the PCI DSS to provide a mandatory level of protection for debit and credit card data. Using a PCI-compliant tool like eFundraising Connections' solution allows clients to be among international retailers and businesses committed to data security.

  • Security First

    PCI DSS compliance requires multiple layers of security through adequately configured firewalls. At eFundraising Connections, there is an overall IT security strategy in place that adapts to current threats.

eFundraising Connections' solution makes PCI DSS compliance a nonissue for your political campaign or nonprofit.

Contact Us

How Do I Become PCI Compliant?

For an organization to become PCI DSS compliant, the process heavily depends on the size of the enterprise. These were the steps taken by the team at eFundraising Connections:

  1. 1. Analyzing compliance level

    Security standards vary based on the four merchant levels and include:

    • How the organization handles customer transactions
    • How the organization handles data
    • What credit card companies the organization works with
    • The amount of volume handled
  2. 2. Fill out Self-Assessment Questionnaires

    A Self Assessment Questionnaire (SAQ) is a guidebook that assesses an entity's current compliance level.

    There are 12 different types of questionnaires, depending on the organization's type, such as a business, nonprofit, etc. The most common SAQs for nonprofits are SAQ-A and SAQ-EP.

    The questionnaires will walk through the 12 requirements for PCI DSS compliance with simple "yes," "no," or "N/A" answers.

  3. 3. Make any necessary changes

    After completing the appropriate SAQ, an organization will learn which criterion(s) need improvement. At this stage, IT infrastructure should be updated to meet PCI security standards.

  4. 4. Find a provider that uses data tokenization

    Data tokenization protects cardholder data in a secure, web-based portal rather than on local servers. A secure, web-based portal also limits liability if a data breach occurs.

  5. 5. Complete a formal attestation of compliance

    Once an enterprise updates the IT infrastructure, passes a second SAQ, and enlists a data tokenization provider, it's time to complete a formal attestation of compliance (AOC). The AOC is a claim stating an organization is fully compliant with all relevant PCI standards.

    There are nine different types of AOCs, dependent on the nature and size of the organization. Once filed, a qualified security assessor will conduct a third-party review and create a report that validates compliance.

  6. 6. File paperwork

    When the previous steps are complete, the organization can file paperwork with the credit card companies and/or banks, which will require the SAQ, AOC, and in some cases, an external vulnerability scan.

How much does it cost to be PCI compliant?

PCI DSS compliance can be expensive and depends heavily on the size or type of enterprise.

Small organizations can expect a conservative PCI DSS compliance cost of about $300 per year, but software and hardware upgrades to maintain compliance can bring the price to more than $10,000.

Large enterprises spend more than $70,000 annually due to on-site audits, penetration testing, and the aforementioned software and hardware upgrades.

eFundraising Connections' PCI Compliant Solution Helps You Collect Donations Faster

It's a rigorous, time-consuming, and expensive process to achieve and maintain PCI DSS compliance. eFundraising Connections has invested in the security of its fundraising solution so that our clients don't have to.

You can start collecting funds right away when you use our tool, knowing that all transactions are processed safely and securely.

Let our leading PCI DSS compliant solution handle your donors' debit and credit card data for political campaigns and nonprofit organizations.

Take the hassle out of your PCI DSS compliance with eFund Connect. Safe. Simple. Secure.

Contact Us