How to Verify Your Charity Auction Software is Secure
How to Verify Your Charity Auction Software is Secure
In 2020, hackers breached Blackbaud—software used by nonprofits for fundraising and donor management—and accessed sensitive donor data including financial information and social security numbers. The FTC report found:
- Poor encryption
- Failure to monitor for suspicious activity
- Poor password controls
- Inadequate data deletion practices
- Fallen behind on security updates
Best security practices weren't followed. So as a customer, how can you verify that your charity auction software has proper security? How can you avoid putting your donors and team at risk?
This guide covers what to look for in your software. If you're a CharityAuctions customer, we've listed our security features at the end.
How to Verify Your Charity Auction Software is Secure as a Customer
- Look for features that protect donors
- Look for features that protect your nonprofit
- Verify their payment methods
- Check for donor privacy controls
- Ask questions before you buy
1. Software Security Features That Protect Donors
To protect donor data, look for:
Encryption – URLs that start with HTTPS; verify the platform encrypts stored data in their databases. Learn more about HTTPS.
PCI compliance – Meeting strict security standards for handling payment info. What is PCI compliance?
Two-factor or multi-factor authentication – Prevents unauthorized access even if passwords are compromised. Benefits of MFA
Off-platform payment processing – Platforms that use third-party payment providers like Stripe or PayPal. Credit card information is processed and stored by the payment provider—not on the auction platform. More in Section 3 below.
Read our in-depth software security features list for more details.
2. Software Security Features That Protect Your Nonprofit
While rare, your nonprofit may encounter scammers or bidder fraud. Fraud happens when someone places bids with no intention of paying, uses stolen credit cards, or disputes charges after winning (a chargeback).
Example: Someone bids $3,000 on a luxury watch using a stolen credit card. They win, you ship it, and two weeks later the real cardholder disputes the charge. You lose both the watch and the $3,000.
A more common scenario is a failed credit card payment that the winner doesn't resolve. Good platforms provide:
- Automatic fraud monitoring
- Chargeback prevention – Waiting periods before fund withdrawal, dispute management
- Real-time transaction monitoring – Invoice statuses like Paid, Pending, Failed
Learn more about how auction platforms prevent bidder fraud.
3. Most Secure Payment Methods for Auction Platforms
The most secure payment method is any certified third-party payment provider. Donors still pay on the auction platform, but payment data is processed off-platform. Auction platforms do not store full credit card information.
Using third-party processors with robust security reduces risk and helps protect donor information from attacks like the Blackbaud incident.
Trusted payment providers include:
- Authorize.net
- Stripe
- Square
- PayPal
- Apple Pay
- Google Pay
Secure auction payment methods explains tokenization and which methods to use. Credit card processing in CharityAuctions for platform specific setup.
4. Donor Privacy Controls
Security and privacy go together. Use controls your platform provides:
Anonymous donations – Options for donors to remain anonymous to the public while you track contributions internally.
Admin permission controls – Only give authorized staff access to view sensitive donor info.
Easy data deletion – Privacy laws give people the right to request deletion of personal information (names, emails, phone numbers, addresses, donation history). Your platform should support these requests.
Learn about our privacy policy.
5. Security Questions to Ask Before You Buy
Find your platform's security features on their help or support page. If they don't list every protocol, ask.
Payment security:
- Are you PCI compliant?
- Do all payments go through a certified payment provider?
- How do you handle chargebacks and payment disputes?
Data protection:
- Can we control who on our team has access to donor information?
- Can donors donate anonymously?
Security protocols:
- How often do you update the platform's security?
- What are your data deletion protocols?
- Do you encrypt stored data in your databases?
CharityAuctions Security Features
We've served nonprofits for almost 20 years. At CharityAuctions, we keep you secure with:
- PCI DSS compliance
- Credit card payments secured via Stripe
- Mobile wallet payments secured via Stripe
- Automatic fraud monitoring via Stripe
- Admin permission controls
- Refund management
- Automatic chargeback prevention measures
- Follow-up tools for unpaid invoices
- Donor visibility settings
If you have questions about security or run into a security issue, reach out to us. Our customer service team is available 24/7.
Create your auction or talk to our team to get started.
Ready to create your auction?
Start building today with no upfront cost, no credit card required, and everything you need to run a successful fundraiser.
Frequently asked questions
How can I verify my charity auction software is secure?
Look for features that protect donors (encryption, PCI compliance, 2FA, off-platform payment processing), protect your nonprofit (fraud monitoring, chargeback prevention), verify payment methods use certified third-party providers, and check donor privacy controls. Ask security questions before you buy.
What payment methods are most secure for charity auctions?
Certified third-party payment providers like Stripe, Authorize.net, Square, and PayPal. With these services, credit card data is processed and stored by the provider—not on the auction platform. Digital wallets (Apple Pay, Google Pay) also add security by keeping card details on the device.
What security questions should I ask before buying auction software?
Payment: Are you PCI compliant? Do all payments go through a certified provider? How do you handle chargebacks? Data: Can we control team access to donor info? Can donors donate anonymously? Protocols: How often do you update security? What are your data deletion protocols? Do you encrypt stored data?
What donor privacy controls should auction software have?
Look for anonymous donation options, admin permission controls so only authorized staff view donor info, and easy data deletion for donor requests. Privacy laws give donors the right to request deletion of personal information including names, emails, and donation history.
Related articles
- What Are the Essential Security Features for Charity Auction Software?
Essential charity auction software security features: PCI compliance, HTTPS and database encryption, strong passwords, 2FA, off-platform payment processing, fraud monitoring, chargeback protection, and admin controls.
- How Auction Platforms Prevent Bidder Fraud
How auction platforms prevent bidder fraud—payment verification before bidding, identity screening, activity monitoring, secure processors, and automated invoice controls.
- Which Platforms Offer Donor Engagement Tools for Auctions?
Donor engagement tools help nonprofits personalize the donor journey, increase average gift size, and turn one-time bidders into recurring donors. Compare platforms and features.
- Donor Privacy in Online Auctions
How to protect donor privacy in online charity auctions. Comply with data privacy laws, use platform privacy controls, prevent donor list sharing, and track data exports. Build donor trust.
Still need help?
Can't find what you're looking for? Contact our support team or browse all answer hub articles.