Should You Have a Security Seal on Your Website


AccuFund primarily concerns itself with security and fraud prevention in its accounting products and takes that responsibility seriously.  Separation of duties, auditability and control are all considered in the design of the system.

If you are a senior financial person in your organization you may be expected to think more broadly about security and fraud including your website and the safety of website donations with credit card information.  One way to give your donors confidence is to include a “Security or Trust Seal” on your website.  The seals available from WebTrust, Symantec/Norton, Comodo and other sources provide a level of confidence that this is a real organization and some independent third party has checked your processing and data handling procedures.

In a study currently being conducted by faculty at Rutgers University they found that only 15% of the top 2000 nonprofits have a trust seal on their site.  One assumption may be that they are well known and above the need to provide a certificate. Other possibilities are that they don’t want to pay the $1,700 or so that it takes to get a “Trust Seal” or they may not even know about them.  (You can read the full article here)

Briefly there are two kinds of seals, Trust seals and SSL seals. SSL seals certify that the site is using a tested TLS/SSL encryption communication so that no one can hack into the data exchange between donor and the server hosting the nonprofit’s site. The Norton secured symbol is an example of that. Trust seals provide confidence in who the site belongs to and that it is who it says it is.  Examples are McAfee and Better Business Bureau.  These may or may not include certification of the communication.
Either of these give donors on your site at least a perceived sense of additional security. Using a recognized third party to actually collect the credit card data such as PayPal or Chase Payment Tech further supports their confidence.  Besides the financial data a nonprofit also needs to maintain the security of their donor’s personal data.  If storing on on-site servers make sure that you are regularly checking your firewalls and checking its log for intrusion attempts.  If using a cloud solution like Salesforce for nonprofits, which we support and with which we integrate donation data, make sure you are regularly having users change passwords and shutting off users that have left the organization.

The current events with Sony demonstrate the need for diligence in securing your systems.  Make sure part of your plan is to work with your internal or consulting IT staff to keep your systems and data secure.  
Some of the data here was from a blog posting by Baymard Institute (see original post)