Protect Your Donors
- To ensure the security of your Online Express donation forms, you must take appropriate security measures on the web pages where you post them and on the rest of your website as well. Here are several important considerations to keep in mind before you embed forms on your website:
Enable Secure Sockets Layer (SSL)
The web pages where you embed your forms should only be accessible via SSL. SSL is a protocol that encrypts confidential data such as credit card numbers so that you can safely transmit it over the Internet. Communication between your Online Express forms and the server is already SSL, but we strongly recommend that you enable SSL for the entire web page where you post the form to add an additional layer of security.
Comply with the Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a set of requirements to ensure that companies process, store, and transmit credit card information in a secure environment. It includes requirements for security management, policies, procedures, network architecture, software design, and other proactive measures. Online Express forms allow you to collect and store credit card information in compliance with PCI DSS, but before you place forms on your website, you should ensure that your site adheres to PCI DSS and proactively protects payment card information. To learn more about PCI DSS and download the specification and its supporting documents, go to www.pcisecuritystandards.org.