Background
PCI Compliance refers to adherence to the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
The PCI DSS was developed by major credit card companies (Visa, MasterCard, American Express, Discover, and JCB) to protect cardholder data from breaches and fraud.
How Does PCI Compliance Affect Nonprofits?
Any website that collects payments, including donations, is required to be PCI compliant.
Cornershop always recommends that you consult a legal professional to inform the level of compliance you are required to meet. When in doubt, we always recommend that clients aim for the highest level of PCI compliance and, use a payment processor that is PCI compliant and (after 03/31/2025) avoiding any “payment pages” solely within WordPress.
Most of the common donor management platforms and payment processors are already PCI compliant. If all payment processing happens on the third-party payment processor website/domain/server, then PCI compliance does not impact the client’s main website.
After March 31, 2025, if any payment forms are embedded on a website -- including popup modals where the form is being processed elsewhere -- the website will have specific requirements to be PCI compliant.
Resources
Need help?
Let Cornershop help you stay up to date with the latest PCI Compliance issues. Please contact us at [email protected], if you'd like more information or discuss solutions.