home

Trust Center

RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite
RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite

What would you like to know more about?

Show Contents

Show Page Sections

thumbnailTrust Center

Security Tips

Entering Gifts or Payments on Behalf of Someone Else

An administrator can enter gifts or online registration event payments on behalf of someone else using a paper authorization form, but this increases the scope of your PCI responsibility.

A congregant may call or stop by your church requesting that you change their giving information, add a new payment method or gift, or make an online payment for a registration event. Follow these steps in order to comply with PCI guidelines.
CAUTION:

Entering credit or debit card data on behalf of a congregant will increase the scope of your church's PCI responsibility.

  • A form must be completed any time an online payment is added or edited.

  • Any time you add or update contributions or online event payments, a confirmation email is automatically sent to the congregant.

  • Authorizations taken by phone may only be for one-time gifts or payments.

  • It's best to not write down any of the card numbers, but NEVER write down or store the 3- or 4-digit security code found on a credit or debit card.

If you have questions, contact your payment processor.

Download Form

Telephone Requests

Follow these best practices when obtaining written authorization over the phone for transactions.

If using a credit / debit card

  • The administrator should enter the credit card information directly into the system and complete the authorization form without recording the card data.

  • In the signature field, enter "TO" to indicate Telephone Order.

  • Be sure to record the date and the initials of the person who took the Telephone Order.

  • Completed forms must be retained in a locked cabinet and kept on file for at least 3 years.

If using ACH

  • Enter the congregant's bank account information they provide and be sure to keep the authorization forms on file for 2 years.

In Person Requests

Follow these best practices when obtaining in-person authorization for transactions.

For credit / debit card or ACH

  • The person requesting the transfer must complete the authorization form.

  • After entering the gift, the administrator must make all but the last four digits of the account number unreadable.

  • Completed forms must be retained either as paper forms or scanned images in a secure

    • credit / debit card authorizations must be kept for at least 3 years.

    • ACH authorizations must be kept for 2 years.

If you retain paper forms

  • Limit access to those individuals who require access in order to perform their job duties.

  • Store them in a locked cabinet or safe.

  • Mark them as confidential.

  • Maintain an inventory log of forms on file.

  • Use cross-cut shredding when destroying documents.

If you retain scanned images

  1. Store them in encrypted, password-protected files.
  2. Limit access to those individuals who require access in order to perform their job duties.
  3. Never store credit/debit card or banking information unless it is encrypted and password protected.
  4. Ensure that your computers have up-to-date virus protection programs.
  5. Ensure that your organization's website has a minimum of 128-bit SSL encryption.
  6. Never write down or share your MyVanco User ID and/or password.
  7. Review all Vanco reports and compare them to your bank statement to ensure transactions are being processed and deposited as expected.
Legal and Policy
Best Practice
Realm
Realm Accounting
ACS
PDS

Last updated: November 6, 2024