There are plenty of factors to consider when evaluating the the effectiveness of your charity. Regardless of your charity’s mission, compliance should be on the top of the list. If your organization isn’t compliant with local and federal laws, the likelihood of success drops dramatically.
First Things First
When establishing a non-profit, proper registration, certification and the development of compliant processes must be completed. It’s a good idea for existing charities to continually check and ensure these things have been taken care of and for new ones to ensure they are before they begin working toward their goals. While some of the requirements may seem cumbersome, take a step back and understood they were created to protect the pubic and ensure non-profits don’t abuse the financial advantages offered to them.
A non-profit organization MUST be registered BEFORE doing any sort of solicitation even if a single dime is never received. Registration requirements vary by state, but in each of them, fines and/or penalties can be assessed for those that fail to do so. Board of Directors can be subject to legal and financial liability for failing to do so. Florida, Pennsylvania, New Jersey and New York have the strongest requirements . . . and penalties.
A Unified Registration Statement is accepted in 32 states, however 13 require supplemental documentation. In addition to the correct paperwork, new nonprofits must remit registration fees. These fees also vary in state and range from $0 to more than $400 with the average being $35.
Great, your organization is now registered and it’s time to get focused on achieving your mission! Whatever your goal is, you will need money. This money will likely come in as a donation and you want to be sure you collect it safely and properly. The top priority for any and all nonprofits should be to protect their donors private information and financial transactions, especially when credit cards are involved.
Enter PCI Compliance
Payment Card Industry, or PCI for short, has standards that need to be followed whether an organization handles these transactions or are outsourced to a third party provider. PCI Compliance needs to be an ongoing effort and not just a one time event. Processes need to be developed, then followed and constantly reviewed and updated to remain compliant. While PCI compliance begins with the use of common sense, specific security measures, reporting and testing are required.
What’s all the fuss for?
Nobody wants their personal information compromised. When it does happen, fingers are pointed and that is not good for the business where it originated. A data breach can cost an organization, whether they are for profit or nonprofit, a lot. Fines are just the tip of the iceberg. Ultimately, it could mean a loss of customers, clients or donors.
Often organizations think they are compliant because they have an SSL certification or use a third party vendor. These are both myths. SSL Certification is not the same and will not protect your donors. Third Party’s need to be certified and it is the job of the organization to ensure the one they choose to partner with is up to date.
Insider Tips to Avoid a Breach
We’ve got 3 tips to share that can help your organization keep your donors private information and financial transactions safe.
- Destroy your donor’s sensitive authentication data once the donation has been processed. There is no reason for you to hold on to their card number, pin, cvv or other information obtained from its mag strip. At WIB, we black out all but the last four numbers of the card and store them in a secure room for six months before safely destroying them.
- Openly discuss PCI compliance with any POS partner you work with. Ensure their payment applications are PCI validated and there are processes in place to routinely verify them.
- Annually, conduct a PCI standards review. Compare your processes to the PCI guidelines and be prepared and open to make changes as needed.
WIB takes the security of your donors seriously which is why we are PCI compliant. We take measures to ensure the personal and financial information of you and your donors is safeguarded. Our caging team is ready to answer any questions you have regarding these processes.