PCI Secure Transactions

Greater Giving complies with the Payment Card Industry (PCI) Data Security Standard, protecting your donors’ payment data during and after a transaction. Our technology and processes are reviewed regularly and undergo an annual audit by a PCI- accredited 3rd party to ensure PCI compliance.

Find Greater Giving listed as PCI DSS validated provider on the Visa Global Registry of Service Providers

Downloads

PCI DSS—FAQ

PCI, HIPAA and Data Security FAQ

EMV technology

PCI Guide

Download “PCI for Nonprofits” to help guide you through:

  • Acronym Definitions
  • Understanding PCI Requirements
  • What steps you need to take
  • Security vs. Compliance
  • What needs to be secure
  • And, much more...

Download your copy »

FAQ

PCI really stands for PCI DSS, or the Payment Card Industry Data Security Standard. This standard is designed to create common industry security requirements. It consists of 12 basic requirements and is supported by over 200 detailed sub-requirements.

Originally, it was a collaboration between Visa and MasterCard; however, other card companies that operate in the US have endorsed the PCI DSS within their respective programs.

Greater Giving is certified compliant as a Level 1 Merchant, or Level 1 Service Provider. This means that we have submitted the following material as required by PCI DSS:

  • An external audit, performed by a PCI Qualified Security Assessor.
  • A quarterly network security scan report by a PCI approved vendor.

Visa maintains a registry of compliant service providers. You can confirm Greater Giving’s presence by going to http://www.visa.com/splisting/index.html. Click on the yellow Search Service Providers button. Type Greater Giving into the Company Name field, and then click on Search, on the lower right hand side of the page.

PCI recognizes four different merchant, or service provider levels, based on the number of card transactions processed annually. The transaction levels are based on both e-commerce (online) and other (card-present) transactions.

We receive three main documents as a part of the PCI DSS compliance process:

  • AOC (Attestation of Compliance)
  • ROC (Report on Compliance)
  • Vulnerability Scan report

These documents are submitted to PCI as part of the annual compliance audit. For confirmation of our PCI compliance status, please refer to the Visa Global Registry of Service Providers at http://www.visa.com/splisting/index.html.

These specific documents however cannot be shared with a third party, because it would put our security infrastructure at risk. The SSAE 16 (Statement on Standards for Attestation Engagements Number 16) is available by request to boarded clients; which allows Greater Giving to show our boarded clients that we do have controls in place to protect data, prevent fraud, etc., without giving specific details which would compromise our security.

First, all card data is encrypted once the card is read by our terminal or card readers, using industry standard encryption technology. Second, while in storage in our databases, data remains encrypted with security standard certificates. This data is only stored for processing, and is then deleted, or reduced to just the first and last four digits. Security codes are never stored.

We only share cardholder information (card number, name, etc.), with the credit card processing networks. Only specific approved individuals within Greater Giving have access to that information, for legitimate business reasons – such as resolving cardholder disputes or refunds.

Physically, our servers are hosted in secured data center, which strictly limits access to the data center to authorized personnel.

Electronically, we secure access to our online applications using these industry standard practices:

  1. Firewalls limit access from the Internet to our servers.
  2. Our software is updated with the latest security patches
  3. We monitor our systems 24/7 to ensure that our servers are operating at peak efficiency.

Greater Giving has continuous backups of our server data for recovery purposes, which uses the industry standard encryption mentioned earlier. So, we’re able to get back up and running as soon as possible.

We keep the servers up and running by using redundant hardware in the data centers. This means there are servers which automatically kick in to keep everything going if one server has issues.

The data centers also have backup power supplies and multiple internet connections from different providers, so a single outage can’t interrupt your access to Greater Giving software and services.

Finally, backups occur every few minutes. We also have a daily backup, with the data being stored in a separate secure location.