FundSvcs Community

View Only

Back to discussions

Expand all | Collapse all

Caller Validation

1. Caller Validation

Recommend
Marcy Serkin
Posted 7 days ago

Reply Reply Privately
Greetings Colleagues,

Recently, our IT department asked how we validate callers before releasing information, for example, a tax summary. If the address the caller gives matches what we have on file, we will send it to that address without further questions. IT would like us to have something more robust in place. However, we don't have social security numbers, and there's degree/school/year of graduation, but not everyone who calls is an alum. Sometimes callers can give us their ID number if it's printed on something they've received, but that isn't always the case. What do you do at your institution? Thank you all.

------------------------------
Marcy Serkin
Temple University
marcy.serkin@temple.edu
------------------------------
2. RE: Caller Validation

Recommend
Isaac Shalev
Posted 7 days ago

Reply Reply Privately
The method you described is considered a best practice, at least for that use-case. If someone calls and asks for information, releasing it, digital-only, to existing contact info already on file, is pretty secure - you're providing info to an address that was previously verified and to which you've previously released this exact information to before.

If they want to change their contact information over the phone, and then get information delivered to that new address, you need to use a stricter protocol. Multi-factor is the right approach here - combine name and current address with something secondary, like the date of the last contribution and the method used to give (paypal, check, credit card, etc.). For something really secure, you'll need to do something like one-time passcodes, which you may not have the technical setup to achieve yet.

Thank you,
Isaac Shalev
President
Sage70, Inc.
(917) 859-0151
isaac@sage70.com

Schedule a 30-minute consultation now:
https://calendly.com/sage70/30min
3. RE: Caller Validation

Recommend
John Taylor
Posted 7 days ago

Reply Reply Privately
What Isaac said.

The only additional point I'd add is that even if they verify the same information you have on file without making any changes, never provide the requested information over the phone. As you suggested in your question, deliver the requested information only via the provided and verified contact information. I'd go one step further and recommend using US mail only, as it's less easy to hack than an email address.

John

John H. Taylor, Principal
John H. Taylor Consulting, LLC
2604 Sevier Street
Durham, NC 27705

johntaylorconsulting@gmail.com
919.816.5903 (cell/text)

Serving the Advancement Community Since 1987

Original Message
4. RE: Caller Validation

Recommend
Marcy Serkin
Posted 6 days ago

Reply Reply Privately
Thank you both for this helpful information!

------------------------------
Marcy Serkin
Temple University
marcy.serkin@temple.edu
------------------------------

Original Message

FundSvcs Community

Caller Validation

Marcy Serkin7 days ago

Isaac Shalev7 days ago

John Taylor7 days ago

Marcy Serkin6 days ago

1. Caller Validation

2. RE: Caller Validation

3. RE: Caller Validation

4. RE: Caller Validation

Follow Our Socials

Contact Us

Membership

Privacy & Terms

FundSvcs Community

Caller Validation

Marcy Serkin7 days ago

Isaac Shalev7 days ago

John Taylor7 days ago

Marcy Serkin6 days ago

1. Caller Validation

2. RE: Caller Validation

3. RE: Caller Validation

4. RE: Caller Validation

Related Content

Screenings and validating

FYI: Blackbaud hackers did get SSNs, bank accounts, passwords

Payment Methods

Religious Organizations on Campus

Return of Stock Gift

Follow Our Socials

Contact Us

Membership

Privacy & Terms