Entering Gifts or Payments on Behalf of Someone Else
An administrator can enter gifts or online registration event payments on behalf of someone else using a paper authorization form, but this increases the scope of your PCI responsibility.
Entering credit or debit card data on behalf of a congregant will increase the scope of your church's PCI responsibility.
A form must be completed any time an online payment is added or edited.
Any time you add or update contributions or online event payments, a confirmation email is automatically sent to the congregant.
Authorizations taken by phone may only be for one-time gifts or payments.
It's best to not write down any of the card numbers, but NEVER write down or store the 3- or 4-digit security code found on a credit or debit card.
If you have questions, contact your payment processor.
Telephone Requests
Follow these best practices when obtaining written authorization over the phone for transactions.
If using a credit / debit card
-
The administrator should enter the credit card information directly into the system and complete the authorization form without recording the card data.
-
In the signature field, enter "TO" to indicate Telephone Order.
-
Be sure to record the date and the initials of the person who took the Telephone Order.
-
Completed forms must be retained in a locked cabinet and kept on file for at least 3 years.
If using ACH
Enter the congregant's bank account information they provide and be sure to keep the authorization forms on file for 2 years.
In Person Requests
Follow these best practices when obtaining in-person authorization for transactions.
For credit / debit card or ACH
-
The person requesting the transfer must complete the authorization form.
-
After entering the gift, the administrator must make all but the last four digits of the account number unreadable.
-
Completed forms must be retained either as paper forms or scanned images in a secure
credit / debit card authorizations must be kept for at least 3 years.
ACH authorizations must be kept for 2 years.
If you retain paper forms
-
Limit access to those individuals who require access in order to perform their job duties.
-
Store them in a locked cabinet or safe.
-
Mark them as confidential.
-
Maintain an inventory log of forms on file.
-
Use cross-cut shredding when destroying documents.
If you retain scanned images
- Store them in encrypted, password-protected files.
- Limit access to those individuals who require access in order to perform their job duties.
- Never store credit/debit card or banking information unless it is encrypted and password protected.
- Ensure that your computers have up-to-date virus protection programs.
- Ensure that your organization's website has a minimum of 128-bit SSL encryption.
- Never write down or share your MyVanco User ID and/or password.
- Review all Vanco reports and compare them to your bank statement to ensure transactions are being processed and deposited as expected.