PCI Compliance for Nonprofits Accepting Online Donations


If you accept donations on your website, it’s important to be familiar with Payment Card Industry (PCI) compliance. PCI compliance is a set of security standards established by the PCI Security Standards Council to ensure that companies that handle sensitive payment card information maintain a secure environment.

In this blog post, we’ll take a closer look at what PCI compliance is, how to achieve compliance, and what it means for your website if you accept donations.

What is PCI Compliance?

PCI compliance is a set of security standards that are designed to protect sensitive payment card information from theft and fraud. These standards were created by the PCI Security Standards Council, a group that was formed by major credit card companies to establish best practices for handling payment card information.

If you accept credit or debit card payments on your website, you are required to comply with the PCI DSS (Data Security Standards). These standards outline the requirements for storing, processing, and transmitting payment card information, as well as the measures that must be taken to ensure the security of this information.

Why is PCI Compliance Important?

PCI compliance is important because it helps to protect both you and your customers from financial fraud and identity theft. Payment card information is a prime target for cybercriminals, and non-compliance can lead to costly data breaches, lawsuits, and damage to your reputation.

If you are found to be non-compliant, you may face penalties, fines, and other consequences that can significantly impact your business. Additionally, if a data breach occurs, you may be held liable for any fraudulent charges that result from the breach.

How to Achieve PCI Compliance

Achieving PCI compliance requires adherence to a set of standards that outline the requirements for handling payment card information. These standards are divided into six categories, each of which includes a set of specific requirements that must be met in order to achieve compliance.

  1. Build and Maintain a Secure Network

    The first step in achieving PCI compliance is to build and maintain a secure network. This includes implementing firewalls and other security measures to protect against unauthorized access, and ensuring that all system passwords are secure and regularly updated.

  2. Protect Cardholder Data

    The second category of PCI DSS requirements is to protect cardholder data. This includes encrypting payment card information both in transit and at rest, and limiting access to this information to only those who need it to perform their job duties.

  3. Maintain a Vulnerability Management Program

    The third category of PCI DSS requirements is to maintain a vulnerability management program. This includes conducting regular security assessments to identify and address potential vulnerabilities in your system, as well as regularly updating and patching software to address known security issues.

  4. Implement Strong Access Control Measures

    The fourth category of PCI DSS requirements is to implement strong access control measures. This includes restricting access to payment card information to only those who need it to perform their job duties, and implementing multi-factor authentication to prevent unauthorized access.

  5. Regularly Monitor and Test Networks

    The fifth category of PCI DSS requirements is to regularly monitor and test networks. This includes monitoring your system for suspicious activity, as well as conducting regular penetration testing to identify potential vulnerabilities.

  6. Maintain an Information Security Policy

    The final category of PCI DSS requirements is to maintain an information security policy. This includes establishing and communicating clear policies and procedures for handling payment card information, and ensuring that all employees are trained on these policies and understand their role in maintaining a secure environment.


If you accept donations on your website, achieving and maintaining PCI compliance is critical to protecting your customers and your business. By complying with PCI DSS requirements, you can help to prevent data breaches, protect against financial fraud and identity theft, and ensure the security of sensitive payment card information.

Additionally, achieving PCI compliance can help to build trust between you and your potential donors. Being compliant let’s them know that you’re serious about data privacy and the security of their information.

If you have any questions about PCI compliance or how to become compliant, it’s always best to consult with a professional in the field. We’re always available to help, please contact us to get started.

Contact us! We know that every project is different. Let’s chat about what makes your project unique and how we can help.

Let’s work together