When you buy stuff online do you pay with a debit card or a credit card? Me? Well I’m in the credit card camp mainly ‘cos I reckon that there’s just that little bit more protection – or shall we say less transference of risk. I may be woefully wrong. But whichever camp you feel happiest with, it’s likely that your charity will be taking online donations, and possibility running some sort of trading operation. With each of these activities comes the requirement to comply with PCI-DSS. And if you don’t know what that acronym stands for then you’d better get googling quickly.
Arguably one of the data items that truly qualifies for the ‘hot potato’ tag, the PAN (another acronym to google) is one data item you do not want in your database. Or your spreadsheets. Or written on neat little piles of paper. Or in someone’s homemade website. There’s a whole payment card industry out there (that’s a clue by the way), and a whole stack of experts (some of whom are CSF members) who can help guide us through this morass. But remember that when your supporters supply their payment card credentials in exchange for a warm fuzzy feeling they expect you to take great care of what amounts to the keys to their bank account.