How Charities Can Protect Their Donor Base and Increase Payment Security

By Aaron Lumnah, Digital Marketing Manager

£9.6 billion. That’s the amount of money that UK citizens donated to charities in 2015 according to Charities Aid Foundation’s (CAF’) “UK Giving 2015” report—not a paltry sum. With so much money flowing from the pockets of British donors into the bank accounts of these organisations, it’s not surprising that charities would be a prime target for payment fraud, especially as most have smaller IT budgets to spend on cybersecurity. And with the 20% increase in the amount of money lost on card-not-present (CNP) transactions over the last 10 years, there’s never been a more pertinent time to step up security practices.

According to another report by the CAF, “Cash continues to be the most common method of giving, with over half of donors (55%) making cash donations in the previous 12 months. Direct debit remains the second most popular channel, with 30 per cent using this in the last 12 months. Online giving has been used by 15 per cent of donors in the last 12 months, and ‘text’ by 11 per cent.” With a large chunk of these transactions occurring without the cardholder present, and with CNP fraud growing every year, donors may find themselves vulnerable in the event of a data breach.

When looking at the typical profile of a donor, it’s interesting to note that the average age skews much older than one might expect. As CAF’s “Mind the Gap” report found after studying generational giving habits over three decades, “More than half of all donations to charity (52 per cent) now come from donors over-60, compared to just over one-third (35 per cent) thirty years ago.” It goes on to say, “Older people are typically more generous than younger folks , giving more as a share of their total spending. This ‘generosity gap’ has widened over the past three decades. The over-60s are now more than six times more generous than the under-30s compared to less than three times more generous, thirty years ago.”

With older generations less accustomed to making payments through the aforementioned digital means, such as online and through text message, they are more likely to donate through traditional channels. These include payments made via the Mail Order Telephone Order (MOTO) channel – a classic target for CNP fraud. While people over 60 are among the most generous in the population, they are also much more likely to be retired and living on a fixed income. With the economic downturn stretching the budgets of charities more so than ever before, and with more people relying on their services, it’s never been more important to protect the donor base. Additionally, while younger people may be more likely to turn to digital options to donate to their charity of choice, call centres still serve a very important role in collecting payments, as the bulk of donations overall are still made through these traditional means. Fortunately, there are steps that every non-profit can take to mitigate the risks of contact centre fraud, and at the same time protect their valuable donor bases.

Technology solutions that descope contact centres and allow their agents to take payments securely over the phone greatly reduce the risks to both the charity and their donors. Ensuring sensitive data never enters the contact centre in the first place helps charities meet PCI DSS compliance and satisfy the numerous regulatory requirements they must follow for handling data.

One charity leading the way in contact centre payment protection is The British Heart Foundation (BHF), a customer of Semafone. In July 2016, the BHF implemented payment security software from Semafone, delivered over Gamma SIP Trunks, to protect supporters of the charity as they made donations over the phone. Semafone’s patented payment method allows callers to input card details into their telephone keypad. The numbers are obscured using dual tone multi frequency (DTMF) masking, so the contact centre agent cannot see or hear the numbers AND stay in full communication with the customer at all times to help with any issues that may arise. This serves as an added benefit especially for older customers that appreciate the personal touch and may need additional help when paying by phone.

Semafone takes the card details and transfers them directly to the payment service provider (PSP), bypassing the contact centre environment entirely and ensuring it is kept out of scope for PCI DSS. An added benefit of such a solution is its ability to prevent failed transaction charges as the card numbers are checked in real time.

Implementing Semafone significantly reduced the BHF’s telephone card payments operations from the scope of PCI DSS.

In the words of Ashley Bennett, IT Business Partner at the BHF, “Operationally, the whole process has been extremely smooth. The fact that there was no disruption is a huge benefit for the team. Very little additional training was required, average call handling time has been maintained at its target level, and feedback has demonstrated that donors have found the payment process very user-friendly.”

With Semafone, the BHF is now fully compliant with industry security standards and their critical infrastructure. And most importantly, their donors and their sensitive payment card information are now more secure. To learn more about how BHF is using Semafone, read their case study here.