Mastering Payment Processing: Essentials for Safe Online Giving

Show Notes

Unlock the secrets to seamless online donations with Shane, Merchant Operations Manager for SafeSave Payments at DonorPerfect. Learn why an online donation form is crucial, understand business and legal details, manage transaction fees, and secure your donations with practical tips. Ensure safe, effective donations and boost your nonprofit's success.


Connect with DonorPerfect
LinkedIn | Facebook | Instagram | TikTok | X

Learn more: Online Fundraising, Donation Payment and Processing Software

Chapters

• 0:03: Online Payment Processing for Nonprofits
• 7:59: Securing Online Donations & Payment Fees

Transcript

DonorPerfect 0:03

Welcome to Nonprofit Expert presented by DonorPerfect.

Julia Gackenbach 0:14

Hi and welcome to Nonprofit Expert presented by DonorPerfect. So glad you've joined us today. I'm excited to welcome Shane here with us. And Shane, why don't you tell us a little bit about what you do at DonorPerfect?

Shane McMullin 0:28

Sure, so my name is Shane. I am the Merchant Operations Manager for SafeSafe Payments, the integrated electronic processing solution for DonorPerfect.

Julia Gackenbach 0:37

I have so many questions for you today, Shane.

Shane McMullin 0:40

Hopefully I have plenty of answers.

Julia Gackenbach 0:41

I'm sure you do. I'm very excited you're here. So before I worked at Donor Perfect, I was a Donor Perfect client actually. So I was a development director and I went through setting up all of our payments and all of our forms and things like that, and I have to tell you, half the time I was signing a form I had no idea what I was doing. So I'm very excited to learn from you today and I hope that our listeners are going to be able to learn from you too. So let's start a little basic first. Tell me why nonprofits should have a way to give through an online form.

Shane McMullin 1:15

Yeah, I mean absolutely. Not having an online processing solution at all is a really big missed opportunity for a nonprofit organization. Now, while it's true today most payments that come in are offline still paper, paper check, things like that it's really trending in the direction of online and as the generation shift happens, where younger donors are kind of taking the place of the older donors, it's going to keep shifting in that direction even more. There's going to be more people wanting to pay by credit card, apple Pay, google Pay, contactless payments. So we're going to see paper checks keep going down and online keep going up.

Julia Gackenbach 1:50

Yeah, so not having that, you'll miss the trend for sure.

Shane McMullin 1:53

Absolutely.

Julia Gackenbach 1:55

Well, and I mentioned these forms that I filled out, can you tell me a little bit about why you need to fill out those forms when setting up payment processing?

Shane McMullin 2:09

Tell me what was on those forms and why they were necessary? Yeah, absolutely. There's certain pieces of information we need to collect when setting up an account for you. We need business info, we need a signer, we need banking info where we're going to deposit your money and a lot of that. It is tied to the IRS. So we're collecting your nonprofit status, verifying that nonprofit, and you'll actually get statements from the IRS too, saying you know, this is what you processed the year before. So all that information is necessary for us to get an account going. And yeah, so it's legal info, business info, contact info, banking all of that.

Julia Gackenbach 2:37

Well, and something that, to be quite honest, gave me a little pause when I was filling out my form was that I asked for my social security number and for me, like I was an individual representing an organization, why was it that you needed my social security number?

Shane McMullin 2:52

Right. So that's actually something that a lot of you know people petitioned against back in 2018. And we were very against it as well, because, it's true, nonprofits and public entities don't have an owner. They weren't providing that in the past, but in 2018, fincen released something called the Customer Due Diligence Rule, which requires anyone signing up for a merchant account to pass what's called a know-your-customer check. So we have to do that. We have to run a check.

Shane McMullin 3:16

Nonprofit, for-profit doesn't matter where. We verify the identity of an authorized signer or a control owner. So an authorized signer would be what we use for a nonprofit. So we're verifying that they're not part of any sort of terrorist list, blacklist, anything like that, and we really are just verifying the identity. We're not running credit. We're not doing anything like that. We're simply trying to make sure that the information they provided matches what's available publicly so we can verify it, and really it's not just for their protection but for ours as well.

Shane McMullin 3:44

So we have caught several identity theft cases recently where a legitimate business applies a person that's on the website. That's who's the signer. Driver's license is provided, we find out it was Photoshopped. We call a publicly available number and verify that they had all stolen information Because the real person goes no, I didn't apply, I have no idea what you're talking about, I don't know who you are, what Donor Perfect is. So we are just really trying to verify identities, making sure that the person applying is who they say they are, and again, it is a requirement. When it's not something we can get around, we have to do it, we have to verify it, we have to show that we ran this check and we're able to match everything else.

Julia Gackenbach 4:20

That is so interesting. That makes me feel much better. That's great, okay, well, and you've mentioned a few things as you were speaking a few language terms that I am not familiar with, so like a merchant account, and there were a few like what is a payment processor? I know you've used the term gateway in the past. What are the difference between these terms?

Shane McMullin 4:43

Absolutely so. Merchant account and processor are really one in the same, but.

Shane McMullin 4:46

I'm going to start with gateway. So that's really what our main function is, that's what we started as and a gateway. I really like to describe it as like a bridge a bridge between donor perfect the software and the processor. It allows the two to communicate. So when a payment goes through donor perfect, the gateway is taking that payment information and securely transmitting it to the processor. The processors then pinging visa, mastercard, discover whoever card number amount, getting a response and then the money ultimately is deposited by the processor to the non-profit. Um. So the gateway is that kind of piece in the middle and then processor merchant account, like I just described. They're the actual, actual bank that's communicating with the other banks to say, hey, charge this much to this card. Then get a response back. It lets the gateway know, the gateway passes it back to DonorPerfect. So really, the gateway is kind of that conduit between the two.

Julia Gackenbach 5:34

Yeah, like kind of the communicator.

Shane McMullin 5:35

Yeah, exactly, yeah, that makes sense Okay.

Julia Gackenbach 5:48

Something else I've heard that I'm unfamiliar with is the phrase PCI compliance. I feel your big sigh when I ask that question, so imagine what kind of sigh I had when I learned about PCI compliance. Why don't you share with? Us a little bit about what that is.

Shane McMullin 5:55

Sure. So PCI compliance. It was made up by the PCI Council, which is made up of the four major card brands Visa, mastercard, Discover, amex. They got together and formed this council to kind of create a set of security standards that the entire credit card ecosystem has to follow merchants, users, everything. The set of requirements are different based on who the players are, but some examples of security measures around PCI are some simple things like if you're a business that takes credit cards, your Wi-Fi needs to have password on it. Or if you take paper credit card information like mail in, you have to shred it. After the fact. You know, making sure you're not storing like the security code. You're not actually allowed to store that. So things like that are part of kind of PCI. Now, good news is our gateway kind of handles almost all of that.

Julia Gackenbach 6:44

Oh great.

Shane McMullin 6:45

Our gateway is fully PCI compliant, level one, which is the highest level. Certain things obviously we can't help with, like the Wi-Fi password at your location.

Julia Gackenbach 6:53

Or the shredding of the pledge cards. Well, you know our gateway stores all that information so you don't need to do it that way anymore. So then you can shred it Exactly. But now, as I mentioned, I was a development director. I've set up many forms for giving opportunities for events, things like that. Can you tell me what happens once a donor gets to a page and puts their information in that form? How does the money go? What happens in that flow of giving?

Shane McMullin 7:27

Absolutely so. Yeah, it starts with entering that online form, entering the donation information. That's then being passed to that gateway kind of that bridge we talked about a little bit ago and the gateway is taking that information and securely passing it to the processor. Now, in the case of our processing, we are both so we're really kind of just passing it to a different part of ourselves and the money's again paying the banks you know this card, for this much is it available? And then sending back a response like approved, declined. The donor would see that too, like hey, your donation was successful.

Shane McMullin 7:59

On the back end, that money's then going through the banking system About two to three business days. Later it'll hit your bank account, the nonprofit's bank account. It's a little different for checks. So if we're doing e-check, it's slightly different Credit cards about two to three business days, but with e-check and typically we float that money, it's deposited the next business day. But an e-check, just like a paper check, takes about seven business days to fully go through the ACH system, at which point it can still bounce. So it's a little different the way checks are handled. But ultimately end result is it ends up in the bank account automatically.

Julia Gackenbach 8:30

Wow, yeah, these are the things I would just never know, you know. The other question I have for you is there's a little bit of trepidation when it comes to people giving online, mainly as it relates to fraud. Do you have any recommendations on how to avoid fraud, or how does DonorPerfect set up gateways so that fraud is avoided?

Shane McMullin 8:58

Fraud? Yeah, it's very prevalent, unfortunately, in the credit card world and nonprofits, believe it or not, are attacked quite often because their forms tend to be public facing, they're not locked behind username and passwords. They're a great place to do what's called credit card testing. So people run scripts of credit cards stolen credit cards typically and just charge them for low amounts $1, 50 cents just trying to see which ones are returning approved responses. Now they know they can sell that approved active credit card to someone else who can then run away with it. And now, although most of those cards do fail, our nonprofits still feel the brunt of it. There's transaction fees. Even though the card didn't go through, there's still a transaction fee for every transaction that hits the gateway.

Shane McMullin 9:41

So we've done many things over the years trying to prevent this. We've added captures. One way to do it there's limit rules in place behind the scenes. There's rules that kind of turn the gateway off if too many failures come in, just so that it can't keep happening. It shuts down and doesn't allow it to continue, which minimizes the impact financially. So again, other ways to avoid it are requiring things like billing address, requiring the security code. A lot of times these stolen cars. They don't have the billing info or that security code, they just have a number.

Shane McMullin 10:11

That's a great point so if you require these additional fields, it's harder to do anything with it. Now, as a donor, if you're going to donate on a nonprofit's website, yeah, look for those things. Required fields for billing and security code. Is there a lock in the URL to the left showing that it's a secure connection? Does it have a statement at the bottom saying it's secure? 256-bit security measures in place? Things like that are other things to look for when it comes to them.

Julia Gackenbach 10:35

Wow, I'm about to look for all those things when I go donate, just because they're not there doesn't necessarily mean, oh, it's not safe, it's not secure, it's just.

Shane McMullin 10:41

Those are some things, that's a lot of things. We recommend to our nonprofits is require this info, require address. Yes, it's a few extra fields, but how often do you pay for something and don't have that information handy, your address, your zip code, right? So we recommend anything we can do, you know anything they can do to to help prevent and curb any sort of fraud.

Julia Gackenbach 11:01

That's a really great point, I think. A lot of times in nonprofit world they tell you to take certain fields off of your form because you want your donors to be able to give really quickly, but you also want your donors to give securely. So having these couple of fields will benefit your donor in the long run.

Shane McMullin 11:18

Absolutely, and we understand that. We understand we don't want to scare donors away. We want, you know. Obviously these nonprofits are trying to do better for the world and want to get as many donations as possible. We don't want to scare people away but again, we want to make sure it's secure too.

Julia Gackenbach 11:30

Yeah, that's a great point. My next question is a little bit about fees. You touched on fees briefly. Can you explain to me how the fees work for something like a gateway or payment processor?

Shane McMullin 11:41

So our new way of doing things. We really kind of simplified everything. We made everything a flat rate. There's no monthly fees. And it's really just whatever you process, tally it up at a certain percentage and a certain per transaction fee A lot of other processors will you almost kind of need a college degree to read a statement. They're very confusing. I've been doing this for 12, 13 years and I still have trouble reading some of these statements. They're just so complex because there's so many different fees involved Interchange fees what does that mean? Right?

Shane McMullin 12:10

I don't know Every single credit card out there has its own set interchange and it's not as simple as just saying oh, it's 2%.

DonorPerfect 12:18

It's okay.

Shane McMullin 12:19

Is it a Visa card? Is it a Visa debit? Is it a Visa rewards debit? Is it a Visa airline miles card? Is it a Visa cash back? All of these cards have different levels and different base interchange costs. That's what Visa MasterCard, whoever's charging, right off the bat. That's what they're charging us to allow you to take it. So let's say it's 3% for that card.

Shane McMullin 12:42

That's what interchange is, that kind of base cost behind the scenes. Then there's just all these other network fees, that's other fees, just again charged by Visa Network, mastercard, discover, but they're charging everybody no matter what. And then there's all these other fees involved with the account monthly fees, statement fees, on and on and on. We just kind of made it simple.

Shane McMullin 12:57

We kind of like, yes, those fees still exist, but we kind of tried to minimize it we bundle everything and we've done a lot of research and comparisons and really we are in line and, if not better than a lot of kind of what else we see out there there's. So often we compare statements to people switching over to us and we're saving them decent amounts of money.

Julia Gackenbach 13:17

Yeah, that's an interesting thing. When I was shopping for DonorPerfect, I was a DonorPerfect user. When I decided to use DonorPerfect, something I had to compare was the fees that were applied, because everything I was looking at would have these fees. So it's not a one-off thing. Everybody needs it and I appreciate how Donor Perfect has bundled them and made it much easier.

Shane McMullin 13:40

And don't get me wrong, there are other options available with us. Should then, you know, be the optimal solution? We find that more often than not it is but, we're happy to work with anyone to kind of try and find what works best for their nonprofit.

Julia Gackenbach 13:51

Great, that's great to know. And, in that same vein of kind of comparing things, you know a lot of people are more used to giving online through something like PayPal or Venmo. How is it different to give through a DonorPerfect donation form than to give through PayPal or Venmo?

Shane McMullin 14:09

PayPal. It's a little different. It's kind of a separate third party there and really you want to think about two things like who is using PayPal? You know, kind of impact does it have on the nonprofit? So who's using PayPal? Who's gonna donate via PayPal? Typically it's gonna be someone maybe on a mobile phone or who already has a PayPal account. Not everyone does. On the other side, our direct integration with DinerProver kind of handles everything else, including someone who has a PayPal account. Now they don't have to log into PayPal, they can just give right through us. But there are some benefits and really the impact to the nonprofit that we kind of look at. So we do have this PayPal integration available on our online forums, which is great oh, that's great. But there's certain functionality that's not available there, such as setting up recurring payments or status updates.

Shane McMullin 14:53

If there's a charge back or something like that, it's not going to come back. With our direct integration, it pulls all that information right into DonorPerfect. There are status updates. Payments fail. After the fact. That's all updated right in DonorPerfect. You can set up pledges and recurring payments. So it's definitely a nice option to have, because people have been asking for it for a long time. So it is available now, which is great. But then there's just different admin costs and things like that take into effect when you have more coming in via PayPal. Since most of it's handled with the direct integration with us, some of it's not available with the PayPal integration.

Julia Gackenbach 15:25

That makes sense. Yeah, I think, thinking about how the gateway speaks to all the different places, and thinking about how someone gives on a form and then their information is directly into DonorPerfect. As a former fundraiser, having everything in one place is such a benefit, and so it sounds like that's the most secure and most seamless way to accept online gifts, which is wonderful.

Shane McMullin 15:49

Yeah, and like I said that, PayPal option is available now too.

Julia Gackenbach 15:52

Yeah.

Shane McMullin 15:52

It's something that we've heard for years. What about PayPal? Can I accept PayPal? So it is available now too as well, which is great.

Julia Gackenbach 15:58

That's great.

Shane McMullin 15:58

Again, more options for people to get online is always better.

Julia Gackenbach 16:02

Wonderful Well. Thank you so much, Shane. This has been so helpful to me. I feel like I know much more about accepting gifts online, and I hope that those listening do too.

Shane McMullin 16:11

Yeah, absolutely my pleasure. Thanks for having me and I hope that those listening do too.

DonorPerfect 16:15

Yeah, absolutely my pleasure. Thanks for having me. Thanks, Thank you for listening to Nonprofit Expert presented by DonorPerfect. For more information and a special offer, visit DonorPerfectcom slash podcast.