Is your charity thinking about PCI compliance? You’re not alone. Across the third sector good causes that accept online donations are making sure they meet the important criteria.
If you’re a little unclear on exactly what PCI DSS is then don’t worry, we’re here to help. In a world saturated with acronyms it’s easy for another one to get lost in translation.
So let’s break down what PCI DSS is and why it matters to your charity in simple terms.
What is PCI compliance?
PCI DSS stands for Payment Card Industry Data Security Standard. It’s a set of security standards designed to protect cardholder data when they make transactions.
Why do charities need to be aware of PCI DSS?
For charities that accept online donations via payment cards, there’s a responsibility to keep the cardholder’s data safe by reducing the risk of fraud or other types of breaches.
Why is it important that Enthuse is PCI compliant?
As providers of digital fundraising technology for charities, it means a lot of good causes have payments data processed through us, so we need to make sure that we’re keeping supporter data safe. That’s why Enthuse is PCI DSS compliant.
What changes can we expect from April 2025?
Part of the reason PCI is a topic of conversation, at the time of writing, is because PCI DSS V4.0.1 brought about changes that took effect from 31st March 2025.
What that means is, in addition to the PCI DSS v4.0 regulations – which includes numerous measures to keep donors’ cards safe – there are two notable changes we’ve made in March in line with V4.0.1 to ensure we’re providing the most up-to-date security protocols possible:
- We’ve further tightened our Content Security Policy so that any authorised scripts on our payments pages are specifically allowed (Requirement 6.4.3)
- We’ve also added a crawler to our checkouts to monitor for unauthorised modifications; this keeps your customers safe and ensures your checkouts haven’t been tampered with or broken in any way (Requirement 11.6.1)
What’s more, we continue to run regular scans on an ongoing basis to certify our PCI compliance and we never log or store sensitive customer information which is robustly encrypted by our payment partners.
Key takeaways
So, to summarise – here are the key details you need to know about PCI DSS right now:
- PCI DSS is about protecting supporters when they make an online donation to your cause
- As a digital fundraising platform, Enthuse processes payment card transactions for our charity partners – that’s why we’ve made sure we’re compliant
- Not only is Enthuse compliant for PCI DSS V4.0 but we have already taken action to ensure we’re compliant with the standards for V4.0.1
Charities that use Enthuse can rest assured that they’re benefiting from charity-branded fundraising solutions that help them raise more for their cause, while being in line with the latest PCI DSS requirements.
Interested in finding out more?
Speak to a helpful Enthusiast about your digital fundraising.
