When it comes to control over the finances, some parishes like to be in direct control of what comes in. Directly operating your church’s merchant account may bring you financial gifts faster, but the process comes with some inherent risks.
What happened to Equifax could happen to you. According to a recent cybersecurity report, roughly half the small business in the United States have been breached by hackers in the last 12 months. The cost of a breach? About $141 per record. This doesn’t include the non-monetary damages, like bad press, loss of trust, and the massive time investment in the recovery process.
Small organizations can often be the target for fraud. When hackers have stolen credit card numbers, they look for less-than-secure systems to test them using automated purchase routines. Unsuspecting and basic donation sites that imply legitimacy are frequent targets for these test transactions. These aren’t your parishioners’ credit card numbers, but you still bear the responsibility to secure your site against fraud.
Falling Behind on Compliance
The privacy of your donors’ information falls squarely on your shoulders. You are required to maintain the PCI Compliance of your processes. This involves paying a yearly compliance fee and having your system tested by a third party. Some aspects of PCI Compliance are technically easy to understand, but difficult to practically implement. Other aspects are quite intricate and require significant IT skills to implement and maintain. This also requires a secure system to store credit card information, not keeping them on file in spreadsheets or print form. This all takes work. Does your parish have the internal staff or tech-savvy volunteers to keep everything up to date?
Excluding American Express Donors
This might not be a “credit card risk” per se, but it’s still potentially problematic. The standard Credit Card Merchant Account only covers Visa, MasterCard, and Discover. Applying for an additional American Express Merchant Account is noticeably more expensive. If you don’t, you risk losing donors who use primarily these credit cards.
There’s good news. Some online giving solutions act as the Merchant Account for you, meaning that they assume all the risks mentioned above, rather than your parish. At LPi, our WeShare online giving tool offers you the benefits of receiving donations online without the time-consuming individual responsibility for parishioner data.