The experts in
not for profit

Online donation website security

Donate Charity

Australians donate generously to charities. Results from the Australia Giving 2019 report, produced by Good2Give and the CAF (Charities Aid Foundation) Global Alliance, indicated that 68% of Australians had made a financial donation within the previous 12 months.

While giving cash was the most common way of making a donation, completing an online transaction with a bank or credit card was the second most popular method.

With this in mind, it is extremely important that not for profit organisations make sure their online donation platform and all website data remain well-secured.

Hands holding credit card and using laptop

What can be targeted?

Unlike most commercial e-commerce websites that have complex shopping carts and multiple layers of security through their check out process, NFP donation websites tend to be more straightforward and have easy to navigate donation forms.

Unfortunately, while these types of ‘donate now’ pages are extremely user-friendly for a potential donor to complete, they can also be targeted by hackers seeking to harvest personal information. This is where you need to have a sharp focus on security and minimise the possibility of donors’ information being compromised.

Man and woman programming and coding technologies

Keeping data secure

If you are unsure about the security of your online donation platform, then the first step is to speak with your IT service provider and potentially conduct a risk assessment. Once you understand where you are vulnerable, you can put processes in place to improve your cybersecurity.

It’s imperative that you meet all the compliance requirements of the Payment Card Industry Data Security Standards (PCI DSS). If you don’t meet these standards you could experience a range of repercussions.

These include financial losses, damage to your brand reputation, downtime caused by online attacks, legal risks associated with privacy infringements and, ultimately, the termination of your ability to process card transactions.

You need to make sure your data protection solution provider is PCI DSS-compliant. Features such as multifactor authentication, donor fraud protection, credit card and bank account security, and IP security should all be incorporated into your system to protect it from both local and international online threats.

Display screen with https and www url

Encryption is essential

If you store or transfer personal information, it is mandatory for you to encrypt your data. It is your responsibility to make sure that your donors are protected from data breaches. Encryption converts original data into an unreadable form or ‘ciphertext’ and keeps it safe from unauthorised access. This is an integral part of your website security.

An SSL or TLS Certificate is central to this security as it establishes encrypted links between your website server and the internet browser being used to visit your site.

The inclusion of the certificate’s details or specific security icon on your donation page will give your donors peace of mind when they are preparing to input their confidential information.

If you do not have an SSL or TLS Certificate on your website it is likely to be flagged by Google or other search engines as an unsecure site. Online visitors will be notified before they enter the site and in some instances will be restricted from accessing your webpages.

Username and Password on Computer Screen

Other best practices

In addition to making sure you have optimal website security, there are also some other best practices that should be followed. These include:

  • collecting as little information as possible. Not only does this reduce the potential for privacy violations, but it also makes the donation process easier for your donor
  • limiting the number of staff members that have access to confidential donor data. It is recommended that organisations following the ‘principle of least privilege’, where individuals only have access to information relevant to the tasks they perform.
  • having unique credentials for each individual accessing the donor database so that you can define permissions accordingly and also easily identify any unauthorised activity associated with those credentials
  • updating plug-ins and checking payment gateways. This should be a regular part of website administration as developers will often release updates that fix recognised security issues.
Happy aged woman in glasses working at laptop

Don’t forget to say thank you

In 2020, the ability to receive donations via your website has become more important than ever, with many regular fundraising activities being postponed due to COVID-19 restrictions. Your website is one of the best ways to connect with potential donors and helps to build their trust with your non-profit organisation.

You need to show them that you are serious about data privacy and online security. Plus, don’t forget to say thank you when they go through the process and make their valuable donation.

Learn about our not for profit accounting services or read more not for profit governance articles.

Client Stories

LFLF partners with NFP accounting experts

“Accounting For Good is not just a single use service. They know how our organisation works... they’re very much part of our team.”

Literacy for Life Foundation

Read More

Outsourcing Secures Allevia's Future

"The collaboration of our financial management saw a quick shift to better accounting systems, practices, data and planning."


Read More

NFP accounting skills are critical for GCNA

“For us, the benefit of partnering with Accounting For Good is that they really understand not for profit accounting… ”

Global Compact Network Australia

Read More

Contact Accounting For Good