jump to navigation

Do You Take Credit Cards? Are You Prepared for PCI DSS? May 14, 2010

Posted by charitysolutions in charities, charity computers, charity database, charity IT, General, PCI DSS, Uncategorized.
add a comment

Does your charity accept donations or payment via credit cards?  If so, you will probably aready know all about PCI DSS.  But if you don’t, you will need to – VERY SOON!

If you store, process or transmit any cardholder data electronically or manually, then your organisation needs to comply with the Payment Card Industry Data Security Standard (PCI DSS) – and prove it - by 1st September this year.  And if your organisation doesn’t comply, you run the risk of a massive fine.

PCI DSS is a set of comprehensive requirements for enhancing payment account data security.  It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, in order to ensure the broad adoption of consistent data security measures on a global basis.

It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures – all designed to help proactively protect customer account data. 

It includes a whole range of requirements, including rules about what data you can and cannot store and what levels of security your organisation and systems network must meet.

It is important  realise that it covers your entire trading environment, including all third-party partners that store, process or transmit data for you as part of your credit card payment process.  Third parties include:

  • Resellers
  • Till vendors
  • EPOS vendors
  • Software application providers
  • Payment service providers
  • Payment processing bureaux
  • Data storage providers
  • Web hosting providers
  • Shopping cart providers
  • Software vendors

You can’t just assume that your website host or any third-party organisation you use will deal with this – the buck stops with you and you will need to make sure that all your providers, facilities and software comply before you can achieve compliance. 

More to follow soon ….

Share

New Report – Choosing Your Charity Database – available free to our blog readers January 23, 2009

Posted by charitysolutions in charity computers, charity database, databases, General.
Tags: , ,
add a comment

Just a short note to let you know that we have combined all the information in our previous blog entries about Choosing Your Charity Database (with lots of updates and additions) into a brand new 18 page report.  

This is available to all our Blog readers totally free of charge from http://www.charitysolutions.co.uk/db_rep_blog.html

Hope you find the report useful.  Any comments (good or bad!) are very welcome.

Choosing Your Charity Database – Selecting the Best Provider February 18, 2008

Posted by charitysolutions in charities, charity computers, charity database, charity IT, databases, Uncategorized.
add a comment

Lets assume the ‘must have’ list of your priorities on what features you need (covered in our previous blog entries) has been reviewed and now agreed with all your colleagues.  Now you are ready to buy a database for your charity or NFP.

It’s now time to find out exactly what the database providers are offering,  and how well their products meet your needs and budget.

When choosing your database provider, here are some things to consider.

If any database provider blinds you with science and offers what they see as great must-have features, please “stick to your guns”. Compare your list of requirements against what the provider can offer, and don’t be persuaded away from your ideal specification. This way you will not end up paying for features that you will not use.

Ask to speak to some of their customers and find out what actual users think  of the software and long-term support provided.  But remember that the provider will probably only give you names of customers that will give a favourable report – so use your own discretion here!

Get a database provider to give you a demonstration of the software.  A word of warning  – find out how big a database the demonstration is based on, and the specification of the computer it is run on. If you have a larger number of records and will be running your database on a less powerful computer, your experience of the speed and power of the database might not be so impressive!

Do your research and  it will pay dividends….  Search on-line forums. Network at charity events. By talking to similar organsiations you will be able to learn from their experiences and see what worked for them.   And remember, word of mouth recommendations are worth their weight in gold.

Choosing your database provider is an important decision. Mistakes can be costly and time consuming. Some providers will be totally upfront about all features, and some won’t, but it is up to you to find out the true facts and to evaluate them against the specific needs of your organisation.  Make sure you are confident that your final choice is the right one.

Post us a comment - we would appreciate your views and welcome any questions.

Choosing Your Charity Database – What Features Do You Need? February 11, 2008

Posted by charitysolutions in charities, charity computers, charity database, charity IT, databases, Uncategorized.
add a comment

Choosing a new database can be confusing – particularly if you are not an IT or database expert. You need to be confident that you can balance the needs of your organisation with the right database features and costs.

But having to look at and compare different software can be a mind-numbing experience and also very time  consuming if you are not sure what to look for.

Here’s a simple route map to help you navigate through this IT minefield. Start with a big list of all the features you think you and your colleagues might need, want or like on your database system for example:

  1. Do you need to record fund raising results? If so, in what kind of detail?
  2. Does it need to integrate with other programs (e.g. Word or Excel)?
  3. Does it need to include Gift Aid processing?
  4. Do you need a full audit trail for all donations and transactions?

It may sound obvious, but you will need to carefully consider who will be using the system.

Do you have a small set of full time people who will be using the system all the time and so will become familiar with a complex system? Or will you be staffed by volunteers who will only use it one day a week in which case a simple intuitive system that is easy to use will be  an essential requirement to add to  your list.

A good help file and good documentation could also be a big help, but realistically will your users really look at them?

So now you  have your list, you will need to review and “grade” how important each feature really is to your organization. Sort them into:

  • - Must have features.
  • - Should have features.
  • - Nice to have but not essential.

Review your list with your colleagues and gauge whether your views match theirs. For instance a Finance Manager might feel Gift Aid processing is the most important thing, but a Fund Raising Manager might want more extensive features on campaign management.

A word of caution… It’s easy to be impressed with super features that, in reality, won’t really be of much use for your specific needs. So be honest with your own evaluation!

Then when you and your colleagues are all agreed, it’s time to go out and look at what the database providers can offer. We will talk about this next time.

Hope this post has been useful.   Please continue sending us your comments and questions and we will try and include them in future posts.  Just post a comment below or send an email to sales@charitysolutions.co.uk.

Follow

Get every new post delivered to your Inbox.