Legitimate security concerns are often behind your members’ reluctance to use online giving. Yet, with barely a second thought, they may order from online vendors like Amazon.
News abounds about security leaks and identity theft. This prompts us to limit sharing financial information with too many third parties. We must help members confront their concerns about online giving. Once addressed, they'll understand how easy it is to support church ministry efforts.
So much of technology is left in the “...and something I don’t understand happens here” territory. This article will help inform your understanding of real online vulnerabilities and how to offset them with basic security. All in plain English — no Geek Squad needed! It boils down to two questions:
- Is your online giving secure?
- How are you communicating that?
The most vulnerable event in online transactions happens the instant a member clicks to send an offering with their bank account information. Hackers could potentially hijack the transmission and steal financial information, if…
- Members or your church are using public Wi-Fi to connect to the internet (unlikely)
- Your church’s giving platform is insecure (also unlikely since a provider’s business depends upon guaranteed security)
- Malware is present (Let’s save this for another article and assume the networks used by members and your church are scanned and updated regularly.)
- Account numbers are shared in an email, text or other messaging app (not recommended)
The request for donations may begin on your church website or Facebook page through a hyperlinked Give Now button. The vulnerable point of processing happens off your site. That’s where your chosen platform takes the baton. That's why it's essential that you thoroughly research your giving platform options before selecting one. Your members trust you to have selected the one that can carry the baton safely.
By clicking your donate link, members are transferred to your provider’s site where all information is collected and submitted. It’s their core business to provide the most current, rigorous security from collection to deposit. This is what their monthly or annual fee buys: protection.
The browser address bar
A combination of encoding and encryption is used by giving solutions to transfer and convert information into unreadable gibberish — in the unlikely case it’s intercepted. Encrypted websites offer the highest security, privacy and speed.
Look for HTTPS and a lock icon to appear in the browser address bar (where you type in a web address) as you’re directed to your e-giving platform. (In fact, it’s a good habit to check whether the shopping websites you visit display either HTTPS or a lock icon in the address bar.)
Not all HTTPS connections are created equal. There are levels of encryption, but the standard for the financial industry (banks included) is secured through a 256 bit SSL certificate. Check with your vendor to make sure they utilize the highest level of encryption.
The security standards
Incoming donor information must be handled with critical care by your vendor to assure privacy. That's where PCI-DSS, or the Payment Card Industry Data Security Standard, comes in. These standards ensure all facets of a payment process — from networks to cardholder data, from vulnerability management to data access control — happen in a secure environment.
The right combination
General Council of Finance and Administration (GCFA) recommends that your search for vendors emphasizes compliance with privacy standards including HTTPS, 256 bit encryption and PCI-DSS. But it’s up to local churches to review their tools (especially at registration and renewal times) to verify that security needs are continually met.
The communication of security
Confirming your online giving is secure is step one. Once established, reassuring your members through transparency and knowledge-sharing is a critical second step. To do this successfully, communicate early, often and (for those who want it) in-depth.
As you introduce an online giving option, emphasize your care in researching the chosen provider’s security. Explain how each step of the giving process is secure. That from the moment they log on to the moment funds are transferred from their bank to yours, they're protected.
In every communication about giving — whether it’s during an online service or on a post to your Facebook page — remind people that their information and the process are secure. A simple sentence with key and familiar phrases that members hear elsewhere will do: “You can be confident that your transactions are secure. Our online giving portal is PCI-DSS compliant and encrypted through a 256 bit SSL.”
The last piece of the communication puzzle is all about the details. Trust me, few people really want to learn all about SSL and PCI-DSS specifications in your introduction to e-giving. Yet, for transparency, it’s important to link to a detailed description about security in every appeal. Interpret it yourself (as simply as possible), or link back to your provider’s specs page.
Concerns about security shouldn’t prevent members from faithful stewardship. Let them know that they’re not alone and that your staff is there to assist them in transitioning to online options. Through proper planning, research and clear communication, you can help your members overcome the hurdles of online giving — imagined and real — to keep ministries thriving.
Jeremy Steele is the teaching pastor at Christ UMC in Mobile, Alabama, as well as a writer and speaker. You can find a list of all his books, articles and resources for churches, including his most recent book All the Best Questions, at his website: JeremyWords.com.