Back to Latest News


It’s an unfortunate yet realistic sign of the times that donor’s giving online using their credit card or payment details, may be concerned about the security of their information.

Online hackers are becoming more sophisticated, and in today’s digital climate, there is a small but real risk of breaches in cyber security with every transaction that can’t be ignored.

With news of online scams making donors warier, you may find your supporters are becoming more concerned about their own privacy and security, and less concerned about supporting the mission of their chosen charity.

To ease the minds of your supporters and build your reputation as a credible charity, here are our recommendations to guarantee donor security.

Adhere to Australian privacy and GDPR privacy laws

The General Data Protection Regulation is a 2018 EU regulation that protects the personal data of all online users within the EU.

Tighter controls consider the rapid growth of technology and give those responsible for data a higher level of accountability for how they use it.

GDPR privacy laws are only required for EU users, but if your charity has a global presence or is likely to attract the attention from worldwide supporters, it’s essential you follow the conditions of the regulation.

Whichever country you have a presence in, always follow government-set regulations regarding privacy.

Install a valid website SSL certificate

A website SSL certificate is a secure link that encrypts data sent between your website and a visitor’s browser.

If you’re taking donations online, you must have a valid SSL certificate which the donor can identify by the ‘s’ and padlock icon that displays in the address browser.

Install a secure payment gateway

If you’re taking payments through a third party such as PayPal or Stripe, you may trust that they have your donor’s security as a priority.

While this is a given, it’s your responsibility to thoroughly investigate all third-party protocol surrounding payment systems and data protection. If something goes wrong, it won’t be the payment system that’s associated with the transaction in question; it will be your brand and reputation.

Provide multiple contact options

If you provide little more than a ‘contact’ box on a website, you risk deterring potential donors, particularly those who haven’t given before.

Across your website and in all communication provide a variety of options for a donor to make contact and always include a direct phone number to validate authenticity.

Install robust anti-virus systems and firewalls

To the untrained eye, a donor may not be able to see if you have stringent security systems in place however it’s your responsibility to make sure donors’ details are never compromised. Ensure your website and any cloud-based systems follow best practice for security measures with regular updates taking place.

Have strict access to donor data in place

If you store donor data in an online system, only provide access to those who need it to avoid any chance of compromise.

While it may help your internal processes for volunteers and administrators to update records, they should only be given access to the information they need rather than all donation history and payment files.

When you choose SupporterHub, you can easily provide administrator and editor access where appropriate and set access levels dependant on tasks required. This will instil confidence in your donors that their details aren’t shared around, or privacy breached unnecessarily.

Layer appeal messaging with social media channels

If a donor is in any doubt of your credibility, they’re likely to carry out research of their own. Keep messaging consistent across all channels including your website and social media pages to make sure that suspicious activity is easier to identify through disparities in language, tone, and key messaging.

Protect credit card details

If a donor calls to give credit card details, where possible you must enter that donation into a fully encrypted system straight away. In no cases should a credit card number ever be written by hand.

For those donors who still write their credit card details on a printed donation form, the paperwork must be kept in a locked cupboard at all times until paperwork can be archived in secure storage or destroyed.

Online security is of the utmost importance to protect your donor’s details and maintain your credibility.

When you choose SupporterHub, our CRM is fully compliant with all security measures that make it impossible for donor information to ever be compromised.

To find out more about the security features of SupporterHub, call 02 8074 3788 in Australia today.