Credit Card Details – Why charities should never hold onto them

a woman using her credit card online

Charities play a crucial role in supporting important causes and driving positive change in our communities and the world at large. Central to their operations is the trust of donors, who generously contribute their time and resources to further these causes. However, there is one area where charities should tread carefully – the handling of donor credit card details.

The following are key considerations when handling donor credit cards.

Security Risks

Storing donor credit card details exposes both donors and the charity to security risks. As we have seen in the news over the past several months, no organisation is completely immune to data breaches, and holding sensitive financial information increases the likelihood of a security incident. In the event of a breach, donor trust can be irrevocably damaged, and the charity may face severe legal and financial repercussions.

Credit card details on any response device should either be cut off and shredded or should be blacked out so it is not readable after the one-time entry into the CRM.

Data Privacy and Regulations

Data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union and various laws in the United States and around the world, require organisations to handle personal data, including financial information, with the utmost care. Additionally, all businesses that offer credit cards as a payment option must adhere to PCI Security Standards Council (PCI SSC) Standards. Storing donor credit card details can place charities in violation of these regulations, leading to fines and legal consequences.

Erosion of Donor Trust

Donor trust is the cornerstone of any charity’s success. When donors provide their credit card details, they expect that this sensitive information will be handled with care and discretion. The moment a charity decides to store this information, it risks eroding that trust. Donors may wonder why their details are being kept and whether their data is truly secure.

Financial Liability

In addition to the legal consequences, charities can face financial liability when holding onto donor credit card details. This may include costs associated with data breaches, such as forensic investigations, notification of affected donors, and potential legal fees. These unexpected costs can divert funds away from the charity’s core mission.

Alternatives Exist

Charities have access to secure, reputable payment processing systems that can handle credit card transactions without the need to store donors’ credit card information. These systems provide convenience for donors and ensure that the charity remains compliant with data protection laws. There’s simply no need to hold onto donor credit card details when secure alternatives are available.

Vendor Audit

You should audit every vendor you utilise to ensure they do not store any credit card details for any of your donors.

Transparency and Accountability

One of the key principles of ethical fundraising is transparency. By not storing donor credit card details, charities can demonstrate their commitment to accountability and their respect for donor privacy. This enhances the charity’s reputation, fosters stronger donor relationships, and increases donor trust.

Reason to Hold Credit Card Details

There is no reason for a charity to maintain a donor’s credit card in paper or electronic records once the credit card is transacted. Charity staff often say to me “What if we made a mistake? We must be able to go back to look at the batch to correct the mistake.” If you make a mistake, you must call the donor to reacquire the credit card. Also, if you make a mistake, you will know immediately when you enter the credit card in the CRM.

Donor Control

Donors should have control over their financial information. By not storing credit card details, charities empower donors to decide when and how they want to contribute, without feeling that their information is being retained without their consent.


Charities exist to make a positive impact on the world, and they depend on the trust and support of donors to achieve their missions. Holding onto donor credit card details, however, jeopardizes this trust, exposes organisations to legal risks, and undermines the principles of transparency and data privacy. In the digital age, there are secure and reliable payment processing systems that can handle donations without the need for credit card storage. It is not only in the best interest of donors but also essential for the long-term sustainability and success of charities that they do not hold onto donor credit card details. Protecting donor trust should always be the top priority for charitable organizations.