I’m guessing that one of the key requirements of your charity website is that it will allow you to take online donations from your supporters. There’s a bewildering choice of payment providers and options available. I can’t hope to cover all the combinations, but here’s an overview that might point you in the most appropriate direction.
DIY or Use a Third Party?
You’ll have more control over your donations system if you go down the DIY route, and you’ll be able to customise it to collect all the data that you need. In the long run it’s also a cheaper option. The other alternative is to send your supporters off to a third party provider like JustGiving. This is super-easy (provided you have an account with them) and you don’t need to worry about any of the security or data protection issues. Plus they’ll claim the Gift Aid for you. It is a bit more costly though, and one of the biggest drawbacks is that they won’t necessarily provide you with the contact details of all your donors.
Data security and protection.
First and foremost – let me cover some of the security issues you need to bear in mind when choosing a donations system. You have a duty and legal responsibility to store information about your donors in a secure manner that’s not accessible to anyone else. Plus the Data Protection laws dictate that you need to be able to show people what information you’re keeping about them, and delete it if they ask you to.
On top of that, capturing and storing people’s credit card information has a further layer of security requirements. Hackers and fraudsters make millions by exploiting vulnerabilities in e-commerce systems – and you can’t hide behind a ‘security through obscurity’ mindset of hoping that your site is too small for them to bother with. See the ‘Maintenance and Security‘ article for more advice on donation payment security.
Making your own donations system
If you don’t want to send your donors off to JustGiving or CAF then you’ll need to find your own Payment Processor. These are companies that handle the online transaction itself. The main choices are Paypal, Worldpay, Sage Pay and Google Checkout. Worldpay has a Paypal option built into it. You will have to jump through a lot of hoops in order to sign up for one of these – you’ll often need to provide all sorts of details of your bank accounts and your trustees. It can take a couple of months to get setup, so you should pick carefully as you’ll probably be stuck with it.
You’ve then got another choice about how to integrate the Payment Processor into your website. It all revolves around whether you want people to remain on your site throughout the entire transaction process – or if you want to send your donors to Worldpay, Paypal etc site to do the actual transaction and then come back to yours. The former option involves you asking for and storing (even temporarily) people’s credit/debit card numbers. Using the latter method, the Payment Processor company gathers the creit card data on their own secure site so you will never actually see it. In many respects though, that’s a good thing.
Hosting the transaction yourself
If you want to keep people entirely within your own site then you’ll need to to pay for a Secure Sockets Layer (SSL) certificate for it. This means that your donations form will have a secure https:// domain rather than a http:// one. And people will get the little padlock in the browser window. An SSL certificate costs about £200 per year – but that’s not the end of the story. The Payment Processors have strict Payment Card Industry (PCI) guidelines and compliance processes that you need to adhere to as you’re now responsible for all that lucrative and sensitive card information that your donors are entrusting wih you.
The costs to you of having your donor payment information compromised is potentially huge and, and in my opinion, it’s a stress that you could really do without. In reality, you’ll see that it’s only the really big sites like Oxfam, Barnardo’s etc that do host their own SSL secured payment pages – but they have big website teams and can pay for external security assistance.
That’s why most of the options I’m suggesting here are ‘redirect’ methods – whereby the visitor fills in their name and address (and Gift Aid status) on your site and is then redirected to the Payment Processor site to enter their card details, before being sent back to your site once their payment is complete. That way, you’re not seeing or storing any of the valuable credit card information – which you’d never likely need in the future anyway.
Redirecting to Paypal, Worldpay, Google etc.
The Worldpay and Paypal sites can be ‘skinned’ to look a bit yours – with the same logo etc but there are limits to how much you can mimic the look and feel of your site. This means that your donors aren’t getting an ideal ‘user experience’ and the conversion rate of your donation process is likely to be slightly lower than if you handle the whole thing on your site. However, these potential drawbacks are actually pretty small compared to the hassle and stress of hosting your own card payment pages.
Gift Aid and Capturing People’s details
Whilst you don’t want the hassle of capturing and storing your donors’ credit card details, you definitely want to get hold of their other data. Not least their name, address, email address and whether they ticked the Gift Aix box or not. The Payment Processors don’t really care about all this stuff, so you need to collect it on your site – then send it to the redirected Paypal, Worldpay etc site. They’ll simply then send those same details back to you along with the information about whether the donation was successful and how much it was for. You will need to decide how they ‘send those details back’ and set this up yourself. This can be quite complicated and you’ll probably need a bit of help. The easiest option is to get them to send it in an email, but then you’ll have to copy and paste all the information into somewhere else. Alternatively you can link up your CRM system (like CiviCRM, Salesforce, Raiser’s Edge) to the donations one so that the Payment Processor will automatically create a new record in your CRM database with all the details. From there you can run all the reports, send automated e-newsletters and export the data to claim the Gift Aid.
A summary of the 3 main donations options:
1. Redirecting supporters to a 3rd party provider like JustGiving
How it works: You don’t have any kind of donations form on your website, just a button that links to the donation form on JustGiving’s site (like this one). You need an account with JustGiving, though you will probably have one anyway for your fundraisers.
It’s very easy to do if you have a JustGiving account already. 2 minute setup time. They’ll collect the Gift Aid on your behalf too. They will send you the data in the reports that you already download every week anyway (if you use it for your fundraisers)
The user-experience isn’t ideal, and the average donation is lower than if you use your own donations form. It’s far too easy for donors to (often accidentally) remain anonymous so you won’t ever see their name and email address. This makes your donor retention and upgrades virtually impossible.
2. Having a donations form on your site and redirecting to Paypal/Worldpay/Google Checkout to handle the actual transaction
How it works: You create your own donations form and it links to a similar-looking Payment Processor transaction form where the donor inputs their credit card number into, before they are returned back to your site.
A better user experience and you get the chance to capture exactly the information you want. You get to keep all of the data.
Setting up an account with a Payment Processor is a long-winded process, and it can be quite complicated to automatically get all the data in the format you want it in, especially if you want it to automatically hook into your CRM system.
3. Hosting the entire process yourself
How it works: The donor never leaves your site. You have a SSL certificate which means you can collect people’s names and credit card details on your site. It validates it all using the Payment Processor.
The best user-experience as the donor never leaves your site and you can finely control the entire process.
There are a LOT of security implications and requirements. You still need to get an account with the Payment Processor but you also need to meet their very strict guidelines about keeping your data 100% secure. This can be a big headache and quite time-consuming.
So far I’ve only discussed one-off donations. These are most likely what you’ll start off with but you’ll also want to to offer donors the chance to make monthly contributions too. Most of the Payment Processors will offer a regualr payment option – whereby they will take a designated amount off people’s credit/debit card every month. This is pretty easy to integrate alongside the single donations option mentioned above. The main drawback is that it’s linked to their card rather than their bank account. When that card expires, it won’t automatically transfer to the new card – the donor will have to go back and setup the contributions again. So donor retention is quite a big problem.
A better option from your point of view is Direct Debits as they are linked to a bank account and people very very rarely change their banks. JustGiving offers a Direct Debit option on its donation page for each charity so that’s a really easy option. There are the same issues about them not sending you all the names of your own donors though. You don’t get the chance to modify the Welcome Letter the donor gets, and strictly speaking, the Direct Debit is between them and JustGiving, not you. You need to stay on top of the weekly JustGiving reports in order to spot new donors as they won’t automatically notify you when someone signs up.
Finally – the most advanced option is to have your own Direct Debit system. There’s a couple of companies that specialise in electronic Direct Debits for charities. Rapidata is the most commonly used one. You will need to get your bank account setup to receive Direct Debits – which involves getting a Service User Number. You won’t have one by default and it will take 6-8 weeks and a lot of form-filling to get one. You redirect your supporters to a ‘skinned’ site where they fill in their bank details and then they get redirected back to your site.
The Rapidata reporting system isn’t particularly user-friendly and it can take some setting up to integrate it into your CRM system. It’s very hard to do it all manually and you need to record the results of every month’s donations/cancellations. Especially if you want to claim Gift Aid on some of the donations. If/when you get audited you’ll need to be able to show them the records for any particular donor and any partticular date that they choose at random. Just showing the date that they set up the Direct Debit agreement isn’t enough.
Recommendation: I think your best bet to begin with is to use JustGiving. Once you get to the size whereby you’re signing up 3 or 4 new regular donors per month then you should think about switching to something like Rapidata – especially if your CRM system is setup and working well.