Two years ago our website got hacked. I wish I could say it only happened once, or even just twice, but it didn?t. It happened four times within months. From passwords being compromised to Trojans creating redirects, all sorts of security holes were exposed and patched. We learned some hard lessons, and hopefully you can benefit from what we learned.
Seeing our site redirected shook my confidence. It was also troubling because I knew the havoc that might be unleashed on the confidence of our members who had trusted us to keep their personal financial information secure. Regardless of how much or how little your church receives through online contributions, it?s imperative that this process remains secure.
In our case, the hacks were embarrassing at worst. Thankfully, we had made some good decisions that had successfully prevented the hacks from exposing the personal financial information of our contributors. But our site was still hacked. We learned as a result of being hacked, and in turn, improved our security.
A great online giving experience begins with securing your website.
We want to provide contributors with a great online giving experience, and that starts with providing the same standard of security they have come to expect when shopping online with any major retailer. What does that look like? That means the server that handles financial information is appropriately configured behind a firewall with an SSL certificate and adhering to PCI compliancy standards. (If you are not familiar with ?PCI compliancy,? you can learn more about that through a simple Google search.)
We have also learned the value of penetration testing where an independent technology firm attempts to access the secure information in order to find any potential risks that may exist. We implemented quarterly penetration testing to ensure our data is safe from compromise. It?s not cheap, but it is worth every penny to ensure we keep the trust of our members. The bottom line is that any church receiving financial gifts online must follow the industry standard approach to securing data online if they intend to keep the trust of their contributors.
We have also increased the security of our website content management system (CMS) by requiring strong passwords for all users and enabling ?Away Mode? for the admin area. This enhances security by making the user accounts more difficult to compromise and also limits access to the admin login during a specific time range.
It is important for churches to recognize that a great online giving experience begins with taking security seriously. No shortcut is worth it. Securing your servers and website is of highest importance. Here are a couple of steps you can take to make sure your church is protected:[quote]A?great online giving experience begins with taking security seriously.[/quote]
- Implement penetration testing though an independent firm like Digital Defense. We do a quarterly scan of all servers and we receive a list of any vulnerability that needs to be fixed.
- Submit your URL to Virus Total, which is a free online service that will scan your site and provide a list of any suspicious files or URLs.
A great online giving experience requires a user-friendly website.
Giving online should be easy. Even though we clearly see commands for tithing in the Bible, people are less likely to give if the process is difficult. Giving a gift should take less than 90 seconds, whether the gift is given through a mobile device or a web browser. If it consistently takes longer, there are several ways to speed up the process. Keep in mind, when people are required to do something before they give (ie: download your app before they can give on their mobile device), you will lose some people before they get to the give moment. When people feel as if the giving process is taking too long or is too complicated, they will delay giving, or worse, the gift may never happen.[quote]Giving online should be easy.[/quote]
Here are several ways you can shave off time to make online giving faster and simpler.
- Reserve a consistent place on your site where people can go to give no matter where they are in your website or mobile device. The giving link could be available in a header and should always be in the footer menu options.
- Provide options for simplifying the giving process in the future. You can do this by offering a way for people to schedule a reoccurring gift or to give through PayPal.
- Pre-fill personal information when a return donor logs into your secure site. People will get tired of typing in their billing address information every time they login to give, so pre-fill the essentials.
- Provide a ?Text to Give? option for one-time gifts on mobile phones.
- Allow people to give without creating an account and try to match the mobile phone number or email address to information in your database. If there is a match, you can automatically attribute the gift to the appropriate account and initiate a thank you email. If they are not in the database, you can capture the information to make it easier to give in the future.
If you are handling servers, coding websites, or helping with the user web experience at your church, you are faced with finding the answer to important questions. So I wonder: What one change would you make to your giving process to make it simpler for people to give? When you consider the security of your database and website, how certain are you that you have done everything you can to protect the personal financial information entrusted to your care? Getting these things in order can restore confidence in the minds of your congregation and encourage them to try online giving again.