So, this weekend my debit card/checking account was hacked for over $1,100! Lucky for us, we have a great credit union that helped me get the issue fixed immediately Monday morning and all of it (including the overdraft fees that it caused) will be fully refunded.
My mother asked me who actually ends up paying for these issues since the culprits are rarely caught. Strangely, I knew the answer because I have been trained on PCI compliance. The credit card companies end up eating the cost of fraudulent charges.
If you aren’t familiar with the term, PCI or PCI DSS stands for Payment Card Industry Data Security Standard and it is an effort on the part of credit card companies to prevent fraud and protect their bottom line. Anyone who charges credit or debit card is responsible for handling cards in a PCI compliant way.
As fundraisers (and more specifically phonathon managers), if you aren’t sure what PCI is or whether you are PCI compliant, you probably aren’t doing it right. Check with your Advancement Services staff and ask about this. Educate yourself, your student supervisors and your callers. The standards were updated in April 2016 and you can download them for review by visiting www.pcisecuritystandards.org/.
This happened to me at the University of South Carolina. We utilized every standard and precaution and took it very seriously. However, over a six week period, we started to get a string of complaints about rogue charges a few days after the alumni had made gifts via phonathon. There was no traceable pattern to the issues. Although we never identified the offending caller, we did isolate through analysis of our nightly seating charts that it must have been a caller who was overhearing other callers read out the number to the prospect for verification. We changed that part of the script and never had a problem again.
I talk about training our student callers about donor confidentiality and PCI compliance as often as I can because it impacts donor confidence in our organizations but also it impacts families. Most donors are not multi-millionaires, they are well meaning folks whose monthly budget can be wrecked by fraudulent charges and the time it takes to clean them up.
So, review the policies and start asking questions about how data and credit/debit cards are handled in your shop. Train your employees about properly taking care of the data, which is really taking care of people. It’s part of stewardship and it’s super-important.
If you found this article helpful, you may also be interested in my e-book How to Staff Your Phonathon Super-Fast: Seven Secrets to Fill the Seats. It's on sale now for $40 with the coupon code fillseats (valid through 9/1/16). This book guides you through innovative ideas and practices to turbo-charge your phonathon staffing efforts and break free from the hamster wheel of turnover. It also includes an appendix full of templates and samples to get you started implementing this system fast.
Jessica Cloud, CFRE
I've been called the Tasmanian Devil of fundraising and I'm here to talk shop with you.