We are going to start accepting online donations on our website. The merchant bank requests some information to be on the website before they will allow this to happen. They are requesting:
Products/services page – a list of donation options/services and a button where they can put in their own amount. (think of it saying “donate xxxx amount here.”
Delivery/Shipping Policy – you just have to put something general that “offerings will be delivered/completed within xxxxx time upon payment completed.
SSL Certificate (you’ll need to get this from whomever hosts the site) When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser…
Checkout page – just needs to have a page or button that allows the person on the web to click to checkout.
Personally i would not want to directly process transactions for donations on our website. The PCI compliance rules when you are putting that content right in your own website is too much responsiblity for my taste…
I’d go with OnlineGiving.org, PushPay, Kindred, Vision2, PaymentSpring or many others who’s sole business is facilitating online donations.
Might want to check with some accountant individuals. For tax purposes you often have to be careful how it’s worded that for donations there is no misleading that they are purchasing a product or service if they are giving a donation that could be tax deductible. Some states require that the phrase, “No goods or services were provided for the above gift.”
You may want to check with your bank to see if you can link to a page they host. I agree with Jason, there is a lot more responsibility when you keep payments on your website.
I agree with Steve and Jason. When you start hosting it yourself the PCI compliance can be a lot to manage. We use eGiving through our database provider ACS. The advantage is we have more flexibility and ways to donate than I would be able to do on my own. The options that Jason mentioned are good options.
All - bear in mind that PCI compliance likely applies even when accepting credit cards in person at your church. Using a giving provider doesn’t mean escaping PCI DSS duties…
Correct Jeremy,
In fact, accepting credit cards on your website that you maintain will greatly increase your requirement levels for PCI compliance.
I understand that the downside of going with one of the providers that cater to church can be expensive. Even with it being externally handled, some of those organizations still require you to fill out an PCI SAQ A (~13 pages of checklists). If you are accepting credit cards on your website through your own payment processing form then you are closer to a PCI SAQ D (~87 pages of checklists).
Even setting up a square card reader on an iPad in your church puts you under the PCI scope for compliance.
If you are looking for a simple, inexpensive, alternative that is much easier is to use a provider such as paypal on your website. They enter a donation amount, it redirects them to paypal where they can enter their information without an account, set it as recurring if they choose) and that money is deposited into your bank. Not quite as slick, no monthly fee, but slightly higher processing costs.
Where I work (outside of church) we are a PCI SAQ D processor. You don’t want to do that to yourself. Avoid it if at all possible.
You might want to start with your ChMS and/or accounting software provider. Many of them partner with one or more of these service providers providing online giving.
Hi Daniel,
If you’re interested in learning about Vision2 and how we might be able to help with your situation, feel free to reach out. FYI - I’ll be heading through western PA on my way up to see my folks around July 4th if you want to talk over coffee.
