How to Verify Your Charity Auction Software is Secure

In 2020 a major fundraising software provider suffered a data breach that exposed sensitive donor data including financial information and social security numbers. The FTC report found poor encryption, failure to monitor for suspicious activity, poor password controls, inadequate data deletion practices, and outdated security updates. According to CharityAuctions.com platform data, more than 50,000 organizations have used CharityAuctions since 2007. This guide covers how to verify that your charity auction software has proper security.

How to Verify Your Charity Auction Software is Secure as a Customer

1. Look for features that protect donors
2. Look for features that protect your nonprofit
3. Verify their payment methods
4. Check for donor privacy controls
5. Ask questions before you buy

1. Software Security Features That Protect Donors

To protect donor data, look for:

Encryption: URLs that start with HTTPS. Verify the platform encrypts stored data in their databases.

PCI compliance: Meeting strict security standards for handling payment info. Only use software that is PCI compliant.

Two-factor or multi-factor authentication: Prevents unauthorized access even if passwords are compromised.

Off-platform payment processing: Platforms that use third-party payment providers like Stripe or PayPal. Credit card information is processed and stored by the payment provider, not on the auction platform. More in Section 3 below.

Read our in-depth software security features list for more details.

2. Software Security Features That Protect Your Nonprofit

While rare, your nonprofit may encounter scammers or bidder fraud. Fraud happens when someone places bids with no intention of paying, uses stolen credit cards, or disputes charges after winning (a chargeback).

Example: Someone bids $3,000 on a luxury watch using a stolen credit card. They win, you ship it, and two weeks later the real cardholder disputes the charge. You lose both the watch and the $3,000.

A more common scenario is a failed credit card payment that the winner does not resolve. Good platforms provide:

• Automatic fraud monitoring
• Chargeback prevention: waiting periods before fund withdrawal, dispute management
• Real-time transaction monitoring: invoice statuses like Paid, Pending, Failed

Learn more about how auction platforms prevent bidder fraud.

3. Most Secure Payment Methods for Auction Platforms

The most secure payment method is any certified third-party payment provider. Donors still pay on the auction platform, but payment data is processed off-platform. Auction platforms do not store full credit card information.

Using third-party processors with robust security reduces risk and helps protect donor information from similar attacks.

Trusted payment providers include:

• Authorize.net
• Stripe
• Square
• PayPal
• Apple Pay
• Google Pay

Secure auction payment methods explains tokenization and which methods to use. Credit card processing in CharityAuctions for platform specific setup.

4. Donor Privacy Controls

Security and privacy go together. Use controls your platform provides:

Anonymous donations – Options for donors to remain anonymous to the public while you track contributions internally.

Admin permission controls – Only give authorized staff access to view sensitive donor info.

Easy data deletion – Privacy laws give people the right to request deletion of personal information (names, emails, phone numbers, addresses, donation history). Your platform should support these requests.

See donor privacy in charity auctions for a full guide to donor data protection and compliance.

5. Security Questions to Ask Before You Buy

Find your platform's security features on their help or support page. If they do not list every protocol, ask.

Payment security:

• Are you PCI compliant?
• Do all payments go through a certified payment provider?
• How do you handle chargebacks and payment disputes?

Data protection:

• Can we control who on our team has access to donor information?
• Can donors donate anonymously?

Security protocols:

• How often do you update the platform's security?
• What are your data deletion protocols?
• Do you encrypt stored data in your databases?

CharityAuctions Security Features

According to CharityAuctions.com platform data, more than 50,000 organizations have used CharityAuctions since 2007. At CharityAuctions, we keep you secure with:

• PCI DSS compliance
• Credit card payments secured via Stripe
• Mobile wallet payments secured via Stripe
• Automatic fraud monitoring via Stripe
• Admin permission controls
• Refund management
• Automatic chargeback prevention measures
• Follow-up tools for unpaid invoices
• Donor visibility settings

If you have questions about security or run into a security issue, reach out to us. Our customer service team is available 24/7.

Create your auction or talk to our team to get started. See silent auction software for a full platform overview.

---

This guide is maintained by CharityAuctions and is for informational purposes only. For security guidance specific to your organization, consult your technical team. Questions about your auction? Talk to our team.