FundSvcs Community

 View Only

  • 1.  Using QR codes on direct mail solicitations

    Posted 09-06-2024 01:55 PM

    Hi all, I am researching what the potential impact on revenue may be by using QR codes on direct mail solicitations--redirecting donors to a dedicated landing page--instead of including the option to handwrite credit card information. Would be great to learn about your experience transitioning to QR codes or even testing them out. Thanks



    ------------------------------
    Adam Cross
    Unicef USA
    arcross@unicefusa.org
    ------------------------------


  • 2.  RE: Using QR codes on direct mail solicitations

    Posted 09-10-2024 02:48 PM
    Good afternoon, Adam - 

    I'm sorry I don't have any stats for you but want to caution about one component of PCI compliance that seems to still be less enforced than it needs to be (this comment is based on a number of conversations I had at last year's AASP Summit). It is NOT permissible to ask donors to include their authorization code on hard copy response devices (see details on this PCI DSS Guide). One simple way to still allow donors who aren't yet comfortable going online to make their own credit card gift is to establish a dedicated phone number to your gift accounting staff to take calls from donors who wish to make a credit card gift. 

    Unfortunately, there still seem to be platforms used by nonprofits for processing credit cards which require the authorization code in order to complete a charge. Even if your particular platform doesn't require the code, it strikes me as being more forward thinking to embrace QR codes. Just think, you could be creating QR codes that support mini-campaigns proposed by volunteer fundraisers that would be so much more efficient than the old "pass the hat" routine. QR codes could be added to business cards that might direct gifts to your general Annual Fund which could facilitate "on the go" opportunities for folks to make gifts. For academic institutions with athletics programs, imagine how much easier it would be for coaches and team members to fundraise for their sport at any time or place if they were provided with some form of card with a QR code. The same result could be for any larger organization where specific programs have built up engagement with current and potential donors. 

    Good luck and I hope some of our community might come through with some stats for you!

    Amy J. Phillips

    Founding, Charter and Active member of AASP!



    Original Message


  • 3.  RE: Using QR codes on direct mail solicitations

    Posted 09-10-2024 03:31 PM
    Amy, I wish I had some hard numbers to share! I wanted to mention that a phone number may not solve the PCI issues. These days, when so many of us are using soft phones, the audio data itself, and thus, any of the servers and physical devices involved in transmitting that audio data, would fall under PCI scope. Even hard-line phones are technically under PCI and absent special equipment, are not PCI-compliant, though at least they don't increase PCI scope to the rest of your data network. There are technical and service-based solutions to this issue, like IVR or outsourcing to a compliant call-center, but those solutions only make sense at reasonable volume.


    Thank you,
    Isaac Shalev
    Data Strategy Expert
    Sage70, Inc.
    (917) 859-0151
    isaac@sage70.com

    Schedule a 30-minute consultation now:





    Original Message


  • 4.  RE: Using QR codes on direct mail solicitations

    Posted 09-10-2024 03:38 PM
    Hey there, Isaac - I guess I wasn't very clear about what I meant by a dedicated phone number. It was my intention to indicate that if a dedicated phone number was established, then gift accounting staff could field phone calls to process credit card gifts during regular business hours. A voice message on the line would encourage donors to leave a time and number when they could be reached for a call back and discourage them from leaving any actual card information in their message. 

    I don't believe that approach would be out of compliance with the current PCI DSS requirements. 

    All for now - Amy



    Original Message


  • 5.  RE: Using QR codes on direct mail solicitations

    Posted 09-10-2024 04:28 PM
    Amy, whether this is compliant or not really depends on the org's phone systems, not who calls whom. The short version is that if you want to take payments over the phone, and your phone line is not a copper-wire phone, it puts every other device on that network into scope for PCI compliance. The ways to avoid this are either to isolate the phone from the rest of your network, or to isolate the payment information so it never reaches your phone, by using something like IVR (interactive voice response) or a dialtone (DTMF) system to process the payment information. If you isolate your phone, you still need to use encryption, and you need to train staff not to write anything down, among other things. 
     

    Thank you,
    Isaac Shalev
    Data Strategy Expert
    Sage70, Inc.
    (917) 859-0151
    isaac@sage70.com

    Schedule a 30-minute consultation now:





    Original Message


  • 6.  RE: Using QR codes on direct mail solicitations

    Posted 09-20-2024 10:01 AM

    Issac and Amy, thank you so much for the insights and detailed responses on PCI compliance. You raised a few other questions for me that I am now going to bring back to my team. 



    ------------------------------
    Adam Cross
    Unicef USA
    arcross@unicefusa.org
    ------------------------------

    Original Message


Related Content