If your organization accepts credit cards to process donations, you are considered a “merchant” by the Payment Card Industry (PCI) and subject to PCI rules. These rules are in place to ensure that card payments are safe and secure, and obeying these rules is explicitly mandated in the contracts that nonprofits sign with Stripe, Paypal, Worldpay, iATS or whichever other payment gateway you may be using.

In 2024, a new industry-wide set of PCI rules (“Version 4.0”) was imposed by the credit card industry, for the first time requiring merchants to use an Approved Scanning Vendor (ASV) to scan any web pages that process transactions.

To remain PCI compliant, Engaging Networks, along with all of our fundraising clients (that means you!), are now required to perform ASV scans of all such pages, and address any security vulnerabilities.

Take this short training to help understand your organisation's responsibilities relating to these PCI compliancy requirements and what actions you require to be taking to meet these.

Course curriculum

  • 1

    PCI DSS Explained & What It Means For You As An Engaging Networks Client

    • PCI DSS Explained
  • 2

    Using Low Volume and Vulnerability Scan Reports to Improve Security & Prepare For Official ASV Scanning

    • Engaging Networks Internal Scanning Reporting
  • 3

    ASV Scanning Requirements: Vulnerability Scanning with ControlCase

    • Scanning With Control Case

    • ASV Scanning FAQs
  • 4

    Your Next Steps Checklist!

    • Getting Support For PCI DSS