<img src="//bat.bing.com/action/0?ti=5065582&amp;Ver=2" height="0" width="0" style="display:none; visibility: hidden;">
Robbie Bernstein 13 min read

How To Protect Donor Financial Data Online


It’s crucial to understand the best practices that ensure data security for all nonprofit engagements. Data breaches are common in our online world today, and if one were to happen to your organization, it could harm your reputation and ultimately mar your community’s trust. It also makes your supporters extremely vulnerable to identity and financial theft. 

Through registration forms, your payment processor, communications, and more, your nonprofit is responsible for keeping donor’s sensitive information. Without this tool, you wouldn’t retain supporters, increase your fundraising efforts, and strengthen those relationships.

This means your nonprofit team should take all of the necessary steps to be proactive about data security measures. 

At iATS Payments, we know that your supporters input large amounts of sensitive data to help drive your mission forward. One of the most critical and common places this happens is your online donation form and payment processor. We’ve created this guide to security measures that protect your nonprofit’s data with our experience assisting nonprofits in processing donations securely. Our tips include:

With these items, you’ll know you’ve done everything possible to protect yourself and your loyal supporter base. 

Use a secure payment processor

Understand that your payment processor is likely the first software to be targeted by hackers. When your organization looks for the best solution, do your research on its cybersecurity measures. You need to ensure that the payment data collected from your donors is also kept secure in your system. 

Look for specific features to ensure the security of your data. Your supporters are inputting data like their names, addresses, credit or debit card numbers, and more into your donation forms. Make sure your own form has these protection and security options:

  • Fraud Protection. Look into additional fraud security tools to further protect your donation payment processing. See what aspects your nonprofit can customize to get the most out of your payment software investment. For example, iATS Payments is a Salesforce native app. It has connections to other security protection integrations on the Salesforce AppExchange that can bolster your efforts.

  • Tokenization and Encryption. This feature hides card information throughout the payment process. These security measures work to encrypt the user’s sensitive personal and financial data against a leak. After all, data protection is another challenge that comes with processing donations. 

  • Payment Card Industry Compliance. Payment Card Industry (PCI) Data Security Standard (DSS) are mandated security guidelines created by credit card companies. These rules ensure that specific security standards are met. Due to your organization processing donations, your software must meet PCI Compliance. 

  • Payment verification. Your payment software should flag any fraudulent transactions and activity. Consider processors that run address verification on debit and credit cards. Additionally, make sure your software checks up on large and small transactions alike. Any can be signs of financial fraud.

Remember, before investing in a payment processor, seek out the highest security measures available. Consider these aspects above all others before making your decision to invest.

Become well-versed in data cybersecurity

A proactive action your organization can take to protect itself and your supporters is to educate your team on cybersecurity. It’s an ever-evolving topic, as hackers get smarter and donation software more advanced. Beyond your basic education, regularly refresh on best practices, updates, any recent breaches to ensure your data is accounted for.

The following practices can help mitigate any attempted breaches in your software’s data:

  • Change all of your passwords every six months or less.
  • Make sure your passwords are hard to guess.
  • Create a step-by-step guide for reacting to a CRM hack; we’ll discuss this at the end of the article.
  • Do your research on payment processors and CRMs before investing in one.

In addition to these items, countless resources exist to help your organization learn and understand data privacy and cybersecurity.

  • National Council of Nonprofit’s Blog: This article outlines best practices regarding the hardware and software your team uses and areas of vulnerability that may exist in your current practices, such as what emails you open and devices your organization uses.
  • Hackers for Charity: This program is composed of skilled hackers that work for the greater good by helping nonprofits assess and improve potential faults in their online security. 
  • Federal Trade Commission Cybersecurity Hub: This essential resource helps you learn the basics of defense against cyber attacks. The sources of this page were developed in conjunction with the National Institute of Standards and Technology, the U.S. Small Business Administration, and the Department of Homeland Security.

Numerous resources exist for data protection education. Hackers are getting smarter, and sensitive financial information can always be at risk, so make sure you’re doing all you can to protect your data.

Your donors and those who interact with your organization will thank you for taking the time to educate your staff on cybersecurity best practices. Refer to the above resources as much as needed for optimal understanding.

Have a plan for a potential breach

Sometimes, you do everything in your power to protect your donor’s information, and your data and systems are still hacked. When software is developed, a hacker tries to find how to break in, putting many nonprofit organizations like yours at high risk.

Aside from planning and implementing as many security features as you can, sometimes you can’t avoid a breach. This is why your organization should make sure you’re prepared in the event of a breach and how to mitigate the damage.

  • Integrate your data with all systems. Ensure your data is in sync with all of your software, so it lives in one secure location. This way, you won’t have to transfer data back and forth between multiple devices and incur the risks that it presents. 

  • Create a Privacy Policy. Publicize your organization’s data policy. An excellent place to put it is on your registration page or app login screen. That way, donors are aware of how their data is handled before submitting. Make your members agree to your Terms of Use so they understand that there is a small chance of a risky event. 

  • Reach out to your network. It’s difficult, but ensure you are transparent and tell your supporters in the event of a breach. They won’t be happy, but if you ensure and communicate that you all can protect their data, they can take steps to report their stolen information. 

You can take all the necessary steps for cybersecurity, but unfortunately, it’s still possible for a breach to occur. All you can do is prepare, take all the required measures available, and be communicative.

The last thing your organization wants is to deal with a potential breach in the sensitive information of your supporters. They trust your with vulnerable financial and personal data, so ensure that you’re doing everything in your power to protect them.

Your nonprofit team does a lot to retain donations and track the most accurate metrics possible through your operations. With tools like a secure payment processor, you’re able to rest assured you’re doing everything in your power to protect them. 



Robbie Bernstein

Robbie Bernstein, an iATS Payments Account Executive, uses her wealth of payment processing knowledge to help nonprofits thrive. Robbie puts her heart into fundraising for Cancer research, the Make a Wish Foundation and the Heart and Stroke Foundation.