At GivingFire, we're serious about security. We've gone to great lengths to make sure the information for both non-profits and their donors are protected at all times. I know many people are reading to ask: "Is it safe to donate to my organization through GivingFire?" Absolutely. Here's a brief overview of our safety credentials, and then we'll get into specifics:
- GivingFire uses a 256-bit encrypted SSL certificate on all pages of our site. HTTPS is forced on all pages, period.
- GivingFire is PCI Level-2 Compliant, a heightened level of security set by the federal government.
- GivingFire undergoes regular third-party security audits.
- GivingFire retains a online security expert in addition to our regular development staff to periodically review our servers, code, and policies.
- GivingFire does not store credit card or bank numbers on any of our servers.
A more in-depth look
Before I can further explain GivingFire’s security, let me explain a little bit how online transactions work if you aren't already aware. Any time a person uses a credit card online, there are several steps that credit card information goes through to complete a successful transaction. To put it simply, all transactions go through: E-Commerce Site -> Gateway -> Visa/MC/Discover/Bank -> Gateway -> E-commerce Site. Think of a gateway as an online version of a credit card swiper like you would use at Target – it handles the online handshake between GivingFire and the donor’s bank. Every transaction online (with a very few exceptions) utilizes a gateway just like every in-person transaction uses some version of a card swiper or cash register.
Online Transactional Security
Now, let’s talk about online security. The primary security concern are raw credit card numbers – the type of information that a hacker would be able to lift from GivingFire and use elsewhere. This one is fairly simple – GivingFire does not store credit card numbers in permanent storage in any form, encrypted or unencrypted. We those numbers briefly pass through our system while being processed and then they are permanently deleted (except for the last four digits) from our system. In the case of recurring transactions, credit/ACH information is stored with our upstream gateway. Gateways are built specifically for processing and storing card data securely. To my knowledge, no gateway has ever lost customer card data – it’s always the initial company, so we removed that possibility altogether. We also go through periodic third-party audits to make sure our security is up-to-speed, use secure SSL certification to encrypt transactions from the donation page to our servers, and keep our firewalls, server software, and underlying code up-to-date to prevent any breach.
The secondary security concern is limited credit card data – where a hacker can gain control of a GivingFire account and manipulate data inside the system (i.e., not extract credit card data but perhaps increase a donation or view donation history.) For that, we require that all new accounts use verified email addresses. Donors can retroactively “claim” donations made before an account with additional verification. For example, if I made a recurring donation and then made an account later, then I’d need to verify my card data before I could increase or modify the donation. This is to prevent a hacker who’s gained access to the email from creating an account just to modify donations – unlikely to happen but we have that verification step there just in case. If a donor created the account first and gave through that, then they don’t need to verify the transaction.
Kiosk Transactional Security
Kiosks introduce a few other concerns we’ve addressed differently due to the presence of card-present data. Obviously we don’t want a breach like Target’s or other high-profile hacks. Here’s how card data moves in that case: iPad Card Swiper -> iPad App -> GivingFire Servers -> Gateway -> Visa/MC/Discover/Bank -> Gateway -> Response to GivingFire. In this case, we’ve got hardware-level encryption in addition to software-level SSL encryption to protect the data. Each enclosure has card encryption software baked onto it from the factory that can’t be turned off or modified. We also created our own kiosk app to handle the data passthrough from the hardware to the servers. This way, if someone switched out your iPad with a compromised one, or compromised your wireless network, and was able to see the raw card data coming from the swiper, all they’d see is gibberish. The card data remains encrypted, even to our servers, until it reaches the gateway. At that point it reaches the same level of security as the rest of our donations.
Again, we take security seriously. Even though most organizations may not know the full extent of security required to process donations, GivingFire is staying on top of it. IF you've got any questions or concerns about our security, reach out to us at email@example.com and we'd love to talk.