Following the hacking of a UK charity's website resulting in the theft of almost 3,000 credit card details, the Charity Commission warned that Charities need to be on their guard against internet fraud. But it's more than just external access. Charity offices are often shared, or their systems used by volunteer workers or fundraisers. Many workers have MP3 players, digital cameras, memory sticks and the like plugged in to computers at work. It's too easy to load data onto such portable devices, such as reports or spreadsheets with customer information on them.
Now, more than ever, every charity should have a robust security policy in place to protect their sensitive data.
All charities need to regularly review security and make sure they stay ahead of hackers and fraudsters. Any breach will have a major impact. Fraudsters would use stolen data using the charity's identity, with resulting damage to its reputation. But the greatest damage is to all those supporters who may have had their credit card or bank details accessed.
Your top priority is to ensure that transaction data is kept secure at all times, so-
- take a pro-active role in the reduction of identity theft and fraud
- maintain the highest possible security of your IT systems, personnel and infrastructure.
- implement best practice in online and data security.
- train your staff, particularly database administrators.
- actively protect our customers' identities, personal information and financial details.
- ensure credit card and bank account data is encrypted and securely stored on your server, whether local or remote.
- only allow access to authorised staff. Your supporters' transaction information and customer card information should be secure even from your own employees.
The Data Encryption add-in for Progress and ProgressCRM provides additional protection for the most sensitive data in your database.
ProgressCRM Data Encryption Add-in is designed to complement the standard ProgressCRM security by encrypting bank account and credit card numbers stored in the ProgressCRM database.
Key features of the Add-in
- It encrypts all types of payment card data and bank account information for total security
- Fisk Brett provides a get a 'key' to decrypt it (for example for use in confidential reports, BACS exports etc).
- It is fully compatible with the ProgressCRM Payment Card Processing module.
- The encryption is performed at SQL Server level to prevent access from other applications.
For more details on the Encryption and installation process, download the information sheet here
