How does the Donation Station handle data security?
When it comes to the Donation Station, we're often asked:
What happens to the payment data and how is it secure?
Security and compliance are critical for GWD
The Donation Station's performance is secure by design, reflecting our sustainability values to develop products that offer the best technology in the industry.
This can be explained by a few important facts about our use of payments technology:
We prevent access to data
- GWD doesn't handle your sensitive data, either on servers or on the device, other than the Gift Aid declaration information that is supplied via password-protected download on your customer portal.
Data is encrypted by the payment terminal
- The card payment terminal that sits inside the Donation Station (or externally for a Chip and PIN version) is separate to the donation journey on-screen. When someone makes a donation, the card terminal encrypts the card details, as it processes the payment, and once approved by the payment processor, data is re-encrypted on its confirmation back to the device.
The payment terminal is PCI compliant
- PCI compliance means that you can be confident that the payments made through the Donation Station are secure, because they meet the global security standards of the Payment Card Industry (PCI) to protect users against identity theft.
- Additionally, the payment process is PA-DSS certified, meaning it meets the requirements of the Payment Application Data Security Standard (PA-DSS), ensuring the Donation Station doesn't store data such as the security PIN, or CVV number, during transmission of cardholder data during authorisation or settlement.
We know each organisation will have their own security requirements and compliance queries to follow, so let us know what you need from us.