FirstGiving is committed to maintaining the highest possible standards of data security. We have implemented key international standards of best practice in online and data security, including Payment Card Industry Data Security Standard.
Thousands of nonprofits outsource their transaction security to us. It is our top priority to ensure that transaction data is kept secure at all times.
We take an active role in the overall reduction of identity theft and fraud on the internet by ensuring the security of our IT systems, personnel and infrastructure.
Our staff are trained in all aspects of web application security, including infrastructure vulnerabilities, cross-site scripting, secure data storage, and using the software development life cycle to maintain and improve security.
FirstGiving has been certified PCI compliant by Trustwave , an official Visa Qualified Security Assessor. This means our systems and services comply with the Payment Card Industry Data Security Standard and that we actively protect our customers' identities, personal information and financial details.
Our security efforts are focused on the following areas:
All transaction and credit card information entering FirstGiving systems is encrypted using 128-bit SSL certificates from Verisign. No cardholder information is ever passed unencrypted in a web browser to FirstGiving. You can be completely secure in the knowledge that nothing you enter as part of a secure FirstGiving transaction can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and data storage
At our Data Center rigorous physical, electronic, and personnel security measures protect your data. Those measures are regularly assessed by One-Sec Ltd, an official Visa Qualified Security Assessor.
Once on our systems, credit card data is encrypted and securely stored in our dedicated hosting facilities at our Data Center. Our servers and network infrastructure are owned and used by FirstGiving for the provision of fundraising services, and not shared with any other company or industry.
Links to banks
FirstGiving authorizes credit card transactions in partnership with Litle & Co. Any cardholder information sent to the banks and any authorization message coming back is secure and cannot be tampered with.
Our systems only allow access to authorized staff. Your transaction information and customer card information is secure even from our own employees because our systems never display the full card numbers, even on administration screens.
Payment Card Industry (PCI) Data Security Standard compliance
The PCI DSS is a set of
security standards that apply across the card payment industry worldwide that
help safeguard cardholder information and improve consumer confidence.
The Standard was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
FirstGiving is PCI compliant. For more information on our status please click here.
There are six categories of PCI compliance security standards:
(1)Building and maintaining a secure network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protecting cardholder data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintaining a vulnerability management program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implementing strong access control measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regular monitoring and testing of networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintaining an information security policy
Requirement 12: Maintain a policy that addresses information security.
If you have any questions about our Security Policy please contact us via email at firstname.lastname@example.org