A valuable resource for phone banks.
An Overview of Phone Bank PCI Compliance
Many nonprofit customers use phone-a-thon type events in their fundraising. Donations made during these events can involve donors calling a phone bank established by the nonprofit and manned by volunteers. Donors call the phone bank and provide their credit card information and gift amount to a volunteer.
iDonate Payments and the iDonate Platform support the acceptance of these card-not-present donations while maintaining PCI-compliance.
Each merchant/nonprofit is capable of key entering a donation amount. These type transactions are called MOTO (Mail Order/Telephone Order) transactions. Using the iDonate giving embed interface, nonprofits have a "virtual terminal" tool complete MOTO transactions without PCI issues. While on the phone with a donor, a nonprofit staff member or volunteer captures the donor card information and amount by entering the data directly into an iDonate giving embed.
PCI compliance is an important safeguard in protecting a donor's card information during nonprofit donation transactions (or merchant transactions as well).
A MOTO transaction type IS a PCI-compliant transaction as long as the nonprofit staff member or volunteer taking the card information keys it directly into the iDonate software without “storing” it anywhere before doing so.
For instance, if an employee first writes down the card information on a piece of paper before turning around and keying that info into an iDonate giving embed or an iDonate virtual terminal, the transaction is no longer a PCI-compliant transaction . Writing the card information down is considered “storage” of card information which removes the protection of PCI Compliance.
When using iDonate to support phone-a-thon type events, a nonprofit create a webpage, create an event embed in iDonate, add the embed to the new page, provide an iPad or similar device to each phone-a-thon volunteer, lock the device onto the configured webpage, and have volunteers enter each donor's card information directly into the giving embed shown on each iPad device.
Please contact your iDonate Payments representative with any other questions or information needs.
Entering Card-Not-Present Donations
You can use iDonate to capture card-non-present donations with information provided by a donor either over the phone or in person.
While you can login to your iDonate backoffice, open one of your existing embeds, and enter the donation directly within your iDonate account, that becomes untenable when multiple terminals are involved, e.g. a phone bank.
Luckily, there's an easy way to get each terminal set up to take PCI-compliant card-not-present donations.
Access the Giving Form
From the Campaigns section, select the campaign you wish to involve. Then, hover over the Giving Form card and select Embed Code. Copy the resulting code, then proceed to the next step.
Create a Page to House the Giving Form
Create a blank HTML document somewhere on your website and add the code you copied during the previous step. This will allow as many staff members as needed to be able to access the Giving Form in order to enter card-not-present donations.
An Example of a Giving Form Page
Here's what your HTML document would probably look like.
<!DOCTYPE html>
<html>
<head>
<script src="https://apps.dev-idonate.com/idonate-giving-form.js"></script>
</head>
<body>
<div id="idonate-giving-form-container" data-embed-id="c2bd5f91-7358-49d9-a70a-2dc2498b5c2a"></div>
</body>
</html>