Entering Gifts or Payments on Behalf of Someone Else

An administrator can enter gifts or online registration event payments on behalf of someone else using a paper authorization form, but this increases the scope of your PCI responsibility.

A congregant may call or stop by your church requesting that you change their giving information, add a new payment method or gift, or make an online payment for a registration event. Follow these steps in order to comply with PCI guidelines.
CAUTION:

Entering credit or debit card data on behalf of a congregant will increase the scope of your church's PCI responsibility.

  • A form must be completed any time an online payment is added or edited.

  • Any time you add or update contributions or online event payments, a confirmation email is automatically sent to the congregant.

  • Authorizations taken by phone may only be for one-time gifts or payments.

  • It's best to not write down any of the card numbers, but NEVER write down or store the 3- or 4-digit security code found on a credit or debit card.

If you have questions, contact Vanco's Compliance and Risk Management Department at 1-800-675-7430 or pcisupport@pci.vancopayments.com.

Download Form

Telephone Requests

Follow these best practices when obtaining written authorization over the phone for transactions.

If using a credit / debit card

  • The administrator should enter the credit card information directly into the system and complete the authorization form without recording the card data.

  • In the signature field, enter "TO" to indicate Telephone Order.

  • Be sure to record the date and the initials of the person who took the Telephone Order.

  • Completed forms must be retained in a locked cabinet and kept on file for at least 3 years.

If using ACH

  • Enter the congregant's bank account information they provide and be sure to keep the authorization forms on file for 2 years.

In Person Requests

Follow these best practices when obtaining in-person written authorization for transactions.

For credit / debit card or ACH

  • The congregant must complete the authorization form.

  • After entering the gift, the administrator must make all but the last four digits of the account number unreadable.

  • Completed forms must be retained in a locked cabinet and kept for at least 3 years for credit / debit cards and 2 years for ACH transactions.

Authorizations may be retained as either paper forms or scanned images.

If you retain paper forms

  • Limit access to those individuals who require access in order to perform their job duties.

  • Store them in a locked cabinet or safe.

  • Mark them as confidential.

  • Maintain an inventory log of forms on file.

  • Use cross-cut shredding when destroying documents.

If you retain scanned images

  1. Store them in encrypted, password-protected files.
  2. Limit access to those individuals who require access in order to perform their job duties.
  3. Never store credit/debit card or banking information unless it is encrypted and password protected.
  4. Ensure that your computers have up-to-date virus protection programs.
  5. Ensure that your organization's website has a minimum of 128-bit SSL encryption.
  6. Never write down or share your MyVanco User ID and/or password.
  7. Review all Vanco reports and compare them to your bank statement to ensure transactions are being processed and deposited as expected.