a) Need for E-Giving
As society moves to simplify the way bills are paid, financial transactions are completed and charitable contributions are offered, it is important for the Church to remain open to the changing environment of e-giving. E-giving offers an easy, hands off, approach to charitable giving for many demographics within our parish communities. There are two basic types of EFT’s; wire transfers and Automated Clearinghouse (ACH). A wire transfer is an electronic movement of funds through the Federal Reserve Bank with same day settlement for the initiator and availability for the receiver. Wire transfers are generally initiated one by one and used for large dollar amounts. Automated Clearinghouse (ACH) is an electronic movement of funds through the Federal Reserve Bank with next day settlement for the initiator and availability for the receiver. ACH transactions are generally initiated in multiples or batches and used for smaller transactions. In addition to EFT’s, credit and debit cards are other types of e-giving and are subject to very detailed governmental regulations that require the recipient of these cards to be PCI compliant. Payment Card Industry (PCI) security standards are minimum requirements for protecting your customers’ payment card information. Adopted by Visa, MasterCard, American Express, Discover Card, and JCB, PCI compliance is required for all merchants that store, transmit, or process payment card information.
b) Exposure to Potential Liability
Although e-giving offers a simplified means for our parishioners to contribute to their respective parishes, it is important to understand the potential liability associated with this type of giving. In the case where the parish is receiving gifts made via credit/debit cards, it is important to establish that the parish is not the “Merchant of Record.” In the event of any security breach in your program, the Merchant of Record is in all cases fully liable, regardless of fault. This is true even if your parish does not handle your parishioners’ sensitive financial information. In the event of any breach in security resulting in the release of secure credit card information, the parish would be responsible for the following:
- Notifying all individuals affected by the breach.
- Reporting the breach to each card brand separately. Visa, Discover and American Express require that Merchants provide notification immediately, and Master Card requires notification within 24 hours of the breach.
- Providing credit monitoring services for one full year for every affected parishioner, costing as much as $15 per month ($180 per year) per donor.
- Forensic investigation of the breach. Credit card companies require the Merchant of Record to hire an approved forensic investigator and provide a full report of the incident within three days.
- Fines are levied by card brands against the processor who passes the cards directly to the Merchant regardless of fault. Fines can be as high as $5,000 per day until issues are corrected and the Merchant can pass new Compliance verification.
- In addition to the financial exposure a parish may incur, equally as concerning is the significant damage to the reputation of the parish and its efforts to exhibit good stewardship.
It is important to note that similar liabilities exist with the self-management of ACH related receipts in our parishes.
c) Third Party Merchant of Record
Due to increased possibilities of potential liability, security and fraudulent activity, the Archdiocese of Kansas City in Kansas recommends the following safeguards:
- Parishes employ the services of third party e-giving providers that act as Merchants of Record for all credit and debit card transactions.
- Parishes employ a third party vendor for all ACH (Automatic Clearing House) activity
A list of recommended vendors can be obtained by contacting the Archdiocesan Internal Auditor, Mike Horn or the Office of Stewardship & Development. Third party vendors are able to adapt to all of your electronic giving needs, (i.e. auctions, fundraisers, merchandise sales, and other similar activities).