DonationSafe Security Policy


DonationSafe is committed to maintaining the highest possible standards of data security. We have implemented key international standards of best practice in online and data security, including Payment Card Industry Data Security Standard. Businesses and nonprofits outsource their transaction security to us. It is our top priority to ensure that transaction data is kept secure at all times. We take an active role in the overall reduction of identity theft and fraud on the internet by ensuring the security of our IT systems, personnel and infrastructure. Our staff are trained in all aspects of web application security, including infrastructure vulnerabilities, cross-site scripting, secure data storage, and using the software development life cycle to maintain and improve security. DonationSafe is currently striving to obtain PCI compliant certification from an official Visa Qualified Security Assessor. This means our systems and services will comply with the Payment Card Industry Data Security Standard and that we actively protect our customers' identities, personal information and financial details. Our security efforts are focused on the following areas:

Transaction security

All transaction and credit card information entering DonationSafe systems is encrypted using an SSL. No cardholder information is ever passed unencrypted in a web browser to DonationSafe. You can be completely secure in the knowledge that nothing you enter as part of a secure DonationSafe transaction can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Encryption and data storage

All credit card data is encrypted and securely obfuscated before being stored. Our servers and network infrastructure are owned and used by DonationSafe for the fundraising services, and not shared with any other company or industry.

Links to banks

DonationSafe authorizes credit card transactions in partnership with different banking institutions and payment gateways. Any cardholder information sent and any authorization message coming back is secure and cannot be tampered with.

Employee access

Our systems only allow access to authorized staff. Your transaction information and customer card information is secure even from our own employees because our systems never store the full card numbers, even on administration screens. The data doesn't exist to be stolen.

Payment Card Industry (PCI) Data Security Standard compliance

The PCI DSS is a set of security standards that apply across the card payment industry worldwide that help safeguard cardholder information and improve consumer confidence. DonationSafe is committed to adhering to these guidelines and is always striving to further protect every transaction on our systems.

The Standard was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

There are six categories of PCI compliance security standards:

(1)Building and maintaining a secure network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

(2) Protecting cardholder data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

(3) Maintaining a vulnerability management program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

(4) Implementing strong access control measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

(5) Regular monitoring and testing of networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

(6) Maintaining an information security policy

Requirement 12: Maintain a policy that addresses information security.

If you have any questions about our Security Policy please contact us via email at support@donationsafe.com