Payment Processing

Secure and flexible payment processing is a critical requirement for any digital giving platform. This section details the necessary capabilities to handle online financial transactions reliably, securely, and in a way that supports global operations and donor preferences.

‍

🌍 Support for Common Payment Methods

The platform must support commonly used payment methods relevant to the organization’s target markets to ensure donors can give using their preferred method. This level of flexibility increases conversion rates and enhances donor satisfaction.

• Accepted methods should include:
  
  
  • Credit and debit cards (Amex, Visa, Mastercard, Discover, Diners Club)
    
    
  • ACH / direct debit
    
    
  • Digital wallets (Apple Pay and Google Pay are high priority; PayPal also supported)
    
    
  • Bank login services (e.g., Plaid)
    
    
  • Alternative options like Crypto, Stock, and Donor-Advised Funds (DAFs)
    
    
• The platform should allow rapid adoption of newly emerging payment methods.
  
  

“Our donors often ask to give using Apple Pay or ACH, so we need a platform that supports all major options and evolves with new payment methods.”

‍

🔀 Processor Flexibility (BYOP & Integrated)

Organizations require freedom in selecting or retaining their preferred payment processors. The platform must provide:

• The ability to Bring Your Own Processor (BYOP) or use built-in processors
  
  
• Support for multiple backup processors to ensure redundancy and competitive rates
  
  
• Examples of supported processors may include WorldPay/Vantiv, Stripe, TSYS, PaySafe, and Finix
  
  
• Details on integration approach (Direct API, Stripe Elements, or Stripe Checkout)
  
  
• Clarification of any feature limitations when BYOP is selected
  
  
• Capability to pass custom metadata to the processor within the donation payload
  
  

“We already have a contract with Stripe, but want to ensure nothing is lost if we choose to keep our current processor.”

‍

🔐 PCI-DSS Compliance & Secure Data Handling

Data security is non-negotiable. The platform must fully comply with PCI-DSS standards and implement robust security protocols for donor data.

• Platform and transactions must be PCI-DSS and PA-DSS certified
  
  
• SSL/TLS encryption must be enforced for data in transit
  
  
• Sensitive information must be protected at rest and logically segregated
  
  
• No sensitive card data should pass through or be stored on backend servers
  
  
• Tokenization and hosted payment fields must be used for secure handling
  
  
• The system should include real-time fraud detection tools and defense against card spinning
  
  

“We can’t afford any data breaches. We want tokenization, hosted fields, and compliance baked in from day one.”

‍

🔁 Nonprofit Token Ownership & Migration

Nonprofits must retain ownership of payment tokens, especially for recurring donations. This safeguards continuity and flexibility when changing processors.

• Token migration processes must be clearly documented for both card and ACH data
  
  
• Vendors should enable visibility of payment tokens in the CRM UI, such as Salesforce, for phone-based donor support
  
  

“We’ve been burned before—vendors holding our recurring tokens hostage. We need clarity and control.”

‍

💱 Multi-Currency Support

Support for multi-currency donation processing is required to enable effective global fundraising.

• Campaigns must accept non-USD currencies
  
  
• Corporate/employee giving and international donors must be supported
  
  
• Currency selection should be configurable at the campaign/form level
  
  

“Our Canadian and European donors need to give in their own currency—this isn’t optional.”

‍