Online fundraising is steadily becoming a popular mode of fund collection for nonprofits. It is considered cost-efficient and convenient to implement and process. This has automatically gained more attention for digital contributions in the space of social good. A research published earlier by Stanford Social Innovation Review (SSIR) reveals an increase in the amount of individual donor revenue from 17 to 24 percent in just two years. It also noted that two in five donors donate online.
This gives social sector organizations the incentive to invest heavily in fundraising platforms to increase their inflow of donations. And many nonprofits are implementing donation gateway directly on their organization's websites.
However, the solution to one problem has raised another. When users conduct digital transactions online, there is a threat from parties of malicious intent, who target users and their personal data. Due to simple and static donation forms, non-profits are, unfortunately, becoming the primary targets for hackers. Even the checkout pages of many nonprofits are not complex enough when compared to e-commerce sites.
Sean Chisholm, vice president of Classy crowdfunding platform has shared in a blog post regarding online malicious activities on the nonprofit donations, "There’s no dynamic shopping cart functionality to contend with, which means that it’s a lot easier for credit card rings to write automated scripts that can churn hundreds or thousands of stolen cards through a page every day. Plus, visitors can input any donation amount that they want on a nonprofit checkout form. This lets fraudsters easily test transaction limits on stolen cards. In short, the very features that make nonprofit donation pages easy to use for legitimate donors also make them attractive targets for credit card rings."
Nonprofits should conduct risk assessment even if it hasn’t experienced a breach. This would help safeguard them from future threats.
Most nonprofits lack a dedicated IT team to ensure the security of its online system. In such cases, help of data protection technologies can be sought. Nonprofits could use PCI DSS-complaint as data protection solution provider which comes with multi-factor authentication, credit card, bank security, IP security, and donor fraud protections.
Nonprofits should integrate encryption management tools that help transact secure communications
Implementation of a well-defined and clear policy for data protection
Limit staff members that has access to donor data
Nonprofits should implement tokenization, this would make it very difficult for attackers to gain access to donor data.