Frequently Asked Questions
Technology Risks
If we collect credit card information what are the risks?
A primary risk is identity theft. There are state and federal laws protecting consumers from the inadvertent of their personal financial information. These laws create an obligation on businesses that take credit card orders, including nonprofits, to maintain the confidentiality of consumers' financial information. Specifically, a federal law, effective in January 2008, called the "Fair and Accurate Credit Transactions Act" (FACTA) applies to every business that employs one or more persons and that maintains or possesses consumer information for a business purpose. FACTA requires organizations to adopt written privacy and security policies to address the protection of consumer's financial information. Penalties can result if your organization does not comply with the requirements of the Act plus your organization could be responsible for actual losses incurred by individuals whose identity is stolen as a result of your organization's failure to safeguard their personal financial information.
Consequently, taking good care to maintain the confidentiality of credit card order information is sound risk management! We recommend:
- that your organization adopts a written policy to address the collection, storage and destruction of consumer's personal financial information in order to maintain the confidentiality of such information, assigning responsibility for the oversight of the policy's implementation to a staff member who will develop and monitor any procedures needed to enforce or enhance the security of consumer information
- that your organization takes a careful look at how it stores such information and how long it keeps such records and considers whether the paper records or digital records are vulnerable to loss or theft
- that your organization takes a comprehensive look at its technology — do you have firewalls in place? anti-spyware software? are your computers backed-up regularly?