This has been a crazy year to say the least. Nonprofits had to pivot their usual fundraising strategies and come up with new ideas to adhere to social distancing guidelines as a result of the COVID-19 pandemic. Now, we’re fundraising online more than ever before.
Taking advantage of the digital opportunities and virtual fundraising is all well and good. But it does mean that it’s essential for your organization to understand how these digital payments are processed.
Payment processing is everything that occurs from the time your donor hits “Donatesubmit” on your donation page until the time the gift enters your nonprofit’s bank account.
Understanding what happens during this process will ensure your nonprofit has done everything possible to keep supporter payment information safe and secure as you collect online gifts. Plus, you can be sure you’re maximizing revenue and not overpaying for processing fees.
In this guide, we’ll cover the basics of payment processing to provide insight into what your organization needs to know. We’ll discuss the following topics:
- Payment Processing Terminology
- Differences Between Donation Pages and Processors
- Aggregators vs. Dedicated Payment Processors
- Different Types of Payment Options
- Tips to Keep Data Safe
Payment processing is always important to understand. As your organization amps up your online fundraising strategies, it becomes even more so. Ready to learn more? Let’s dive in.
Payment Processing Terminology
As you read about payment processing, you’ll likely come across a variety of terms, some of which might be new to your vocabulary. Therefore, to get the most out of your research, you’ll first need to cover some basic terminology.
We’ll review some of the terms listed as most important in CharityEngine’s nonprofit payment processing guide to get started. These terms include:
- Merchant Account: A merchant account is like an in-between account where funds are held once they’re taken from your supporter’s account and before they’re added to your nonprofit’s bank account. These are necessary for credit and debit card transactions.
- Payment Gateway: Payment gateways use a series of encryptions and other measures to authenticate and authorize transactions before they move forward.
- Donation Page: Your donation page is the donor-facing page (likely on your website) where supporters can navigate to give — it initiates the payment process.
- Aggregator: An aggregator is a type of processor that uses a single merchant account for a variety of clients and their transactions. Paypal is the most widely-known aggregator.
- Dedicated Payment Processor: Unlike aggregators that use a shared merchant account, a dedicated payment processor uses a separate account for each organization.
Now that you have a basic understanding of key payment processing terms, let’s dive deeper into commonly misunderstood aspects of the process.
Differences Between Donation Pages and Processors
Many nonprofits, when they think about their online donations, only consider their online donation page. The online donation page is not the same thing as your payment processor.
Your online donation page is the donor-facing giving tool where supporters fill out their personal and payment information to contribute to your organization. Here’s an example of an online donation page taken from this resource:
As you can see, a well-designed online donation page is made up of a few main elements:
- Suggested giving levels ($25, $50, $100, or other levels that work for your nonprofit)
- Personal information (name, address, phone number, etc.)
- Payment information (credit card number, billing address, etc.)
However, this is not where payments are processed. There is a payment processor behind the scenes that handles the transfer of funds, the authorization and encryption of payment information, and the deposit of funds into your organization’s bank account.
Keep in mind that this is the case even if your nonprofit uses multiple donation pages. The result may be that you have multiple payment processors. For instance, the donation page above was built on CharityEngine’s platform which has a built-in payment processor. Therefore, The Puppy Advantage Foundation has one payment processor for the donations that come through their website.
However, let’s talk about Kenny, a supporter of The Puppy Advantage Foundation. For his birthday this year, he’s decided to start a Facebook birthday fundraiser on behalf of the organization. Because this is run through a third-party platform that’s not associated with the nonprofit’s donation page, it uses a separate donation processing system—either Network for Good or Facebook Payments.
When you consider your organization’s processing systems, be sure you understand the payment processor behind all revenue streams, so you can evaluate each giving system accordingly.
This is much simpler if your organization works with an all-in-one solution or a completely integrated fundraising platform to collect donations, because you’ll have fewer revenue streams to consider and evaluate.
Aggregators vs. Dedicated Payment Processor
DNL OmniMedia’s digital strategy guide discusses the importance of evaluating your organization’s tech by saying, “Without a coherent, unified digital nonprofit strategy, you risk losing focus and visibility.” Your payment processor is an important piece of your digital tech puzzle. So whether you’re creating a new digital strategy or optimizing your current one, you need all of the facts.
We touched briefly on the difference between aggregators and dedicated payment processors in the terminology section of this guide. Understanding the difference between the two is immensely important when choosing a payment processor for your nonprofit.
The difference between aggregators and dedicated payment processors comes down to the way they use merchant accounts. An aggregator, like PayPal, uses a single merchant account for a number of their clients to process transactions. The process, therefore, looks something like this:
While many people trust aggregators, the downside to using one is a lack of personalized attention. So many clients use the services that their attention is split multiple ways, making it difficult to get one-on-one attention.
Meanwhile, dedicated payment processors offer a more personalized experience as they use a single merchant account for your nonprofit. It makes the process look more like this:
We recommend dedicated payment processors because they offer more individualized services. Plus, with aggregators, if one of the organizations with whom you share a merchant account has a security breach, it may lead to a breach of your supporters’ data as well. Meanwhile, dedicated payment processors offer more control over the payment process and the related security measures you take.
Different Types of Payment Options
One important engagement opportunity is to offer multiple ways to give. With multiple options, supporters can choose the one that works best for them.
Of course, in-person fundraising is on hold right now, but that doesn’t mean you can’t provide other donation options. You can ask them to mail in a check, or you can offer both ACH and credit/debit transactions through your donation platform.
For each of these methods of giving, the processing system may look slightly different:
- Debit/Credit transactions. For debit or credit card payments, the donor enters their card number using the online donation tool, the payment is sent to a third-party processor, it’s then sent to a merchant account, and finally, the payment is deposited into your nonprofit’s bank account. The image below shows what the process looks like:
- ACH (Automated Clearing House) transactions. ACH payments pull funds directly from your supporters’ bank accounts and transfer them to your nonprofit’s. It requires supporters to provide their banking information rather than a card number, but there are generally fewer processing fees.
- Paper check transactions. Paper check processing works similarly to ACH payments, except it requires supporters to provide a physical check to the organization. This can slow down the process as humans or machines need to physically read all of the information on the check to process it.
Even during the switch to increased online fundraising, make sure you’re offering your supporters options to give to your nonprofit. They can then choose what they’re most comfortable with in the giving process.
Tips to Keep Data Safe
Protecting your donors’ personal information during the donation process is essential to earning their trust. If you have a data breach, you’ll lose the valuable trust that you’ve worked to build with supporters, possibly forever.
That’s why you should know the security measures available for every system that uses or stores donor data. This includes your payment processor, donation page, and donor database.
You’ll likely run into a variety of security measures to take into account when you invest in new technologies. For instance, you should look for the terms tokenization and encryption. Let’s look at the difference between the two:
- Tokenization. Tokenization replaces the personal information entered by your supporters with a string of alphanumeric symbols.
- Encryption. Encryption also changes the personal information entered by supporters into another format. It changes it to cyphertext that can only be translated back with a specific key.
These methods are a part of the PCI compliance and PCI certification standards that you should look for when investing in payment processors and other technologies. The difference between these standards is as follows:
- PCI compliance. To become PCI compliant, organizations need to conduct a self-assessment that requires things like a strong vulnerability program and an installed firewall. This assessment can be completed in less than a month.
- PCI certification. To become PCI certified, organizations must have their system inspected by a qualified security assessor to ensure the safety of the software development and the developer training processes. The process of becoming certified can take up to six months.
While both measurements are great security indicators, PCI-certified organizations have gone the extra mile to make sure that their technology is secure. That, therefore, is what we recommend you look for in processing providers. After all, your supporters deserve the greatest security possible when it comes to their precious data!
Payment processing can be a somewhat confusing topic for nonprofits. It’s necessary to understand the basics of the process before you can make educated decisions about which processor will be best for your organization. With this introductory guide, you should have the basics necessary to move forward with choosing a system or diving deeper into research. Good luck!