Best practices for handling emailed credit card numbers
This recent hacking incident has given my organization a chance to rethink our best practices (I'm sure I'm not alone).
Question I'd like to ask:
Some of our more frequent donors often email us their credit card info when they want to make a donation. Is this something we should put a stop to? And is simply deleting the email from the Outlook 365 server enough to "destroy" that information?
I'm thinking that if we have their cc information in the Bio-2 tab, we should be able to run a one-record batch as if it's a recurring donation and process it that way, but perhaps I'm overthinking this.
Any thoughts? Thanks everyone! -- Duane
Question I'd like to ask:
Some of our more frequent donors often email us their credit card info when they want to make a donation. Is this something we should put a stop to? And is simply deleting the email from the Outlook 365 server enough to "destroy" that information?
I'm thinking that if we have their cc information in the Bio-2 tab, we should be able to run a one-record batch as if it's a recurring donation and process it that way, but perhaps I'm overthinking this.
Any thoughts? Thanks everyone! -- Duane
Tagged:
2
Comments
-
I would certainly discourage including any credit card #s in emails. Used to hear emails are never truly destroyed. I'd be more concerned with wrong person getting/opening email. Donor could accidentally send to wrong recipient too. To me number is not secure.
Yes, if you have the info on Bio-2 you can run the card as needed, one record batch or pull into any other batch of the day.
If it were me, I would be contacting those donors, express concern for the safety of their info and work with them to set up a recurring gift schedule. Or at least ask them to only send the last four digits of the card number. When I used to have to get updated due to problem with card I would ask the donor call me with the new # at their convenience, if it were more than an exp update.
I know there are also security concerns with mailing in credit card info. Generally appeal reply envelopes are pretty obvious. I know cases of theft of that info by postal workers, strangers browsing your mailbox or even staff who open mail are pretty isolated but it can still be a cause for concern, IMO.
3 -
Email is not secure and NOT PCI compliant. We always discourage our constituents from sending any credit card information via email. On the few occasions where a donor has sent via email, we have reached out to them to warn them of the dangers of sending any sensitive data via email. It is not encrypted and can fall into the hands of any one looking to scam.5
Categories
- All Categories
- 6 Blackbaud Community Help
- 209 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 359 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 563 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 243 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 779 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)