b'with worried supporters, and themoment alone is a reminder thattion, built on best practices that make quiet sting of seeing giving slowcybersecurity isnt just about technol- your organization a more elusive or stop. If youve ever had to call aogy; its about people.target and your data less valuable if longtime donor to explain that theirWhen you consider that onesomeone breaks in. information might have been com- in four donors say they wouldPCI compliance strengthens promised, you know that conversationstop giving to an organization thatsecurity by doing four key things: is difficult and can leave a mark.experiences a data breach, the true1.Reduces the amount of data availfinancial cost becomes almostable to steal. PCI requires you to The ripple effectimpossible to measure. of a breachIts important to remember that westore less card data and encrypt W hen your nonprofit isdont have to respond to this threatwhat you must keep. If a hacker breached, the falloutout of fear; fear is not the solution.breaks in, the information is comes fast and fromGods Word reminds us of His charac- unreadable or already deleted. every direction:ter, as well as His commitment to2.Locks the doors hackers use most watch over His people: So do notoften. Firewalls, strong passwords,Donors lose confidence and mayfear, for I am with you; do not beaccess controls, and multi-factor stop giving, even if they werentdismayed, for I am your God. I willauthentication are PCI basics. They directly affected.strengthen you and help you; I willshut down the easy entry pointsYou face costs for forensics, recov- uphold you with my righteous rightcybercriminals love to exploit. ery, legal services, and credithand (Isaiah 41:10).3.Spots trouble sooner. PCI requires monitoring.That said, we have a responsibilityregular network monitoring,You may owe penalties to yourto reflect His character by protectingkind of like a smoke alarm for payment processor or card brands.the ministries He has entrusted to ouryour digital house, so you can care. Following are several importantcatch suspicious activity before itWorst of all, your missions reputa- steps to take to guard your organiza- turns into a full-blown fire. tion may suffer, sometimes intion against data breaches: whispers long after the systems4.Clarifies responsibility. Everyone are fixed.PCI compliance: protectingwho touches payments, from your As an example of the financial andwhat matters mosttreasurer to your donation proces-reputational impact a breach can have,T he Payment Card Industrysor, knows exactly what they are a ministry in the early 2020s had its(PCI) Data Security Standardaccountable for. That prevents website hacked. The attack resulted inmay sound like complianceconfusion and closes security gaps. nearly $200,000 in direct financialjargon, but its really the playbookWhen PCI standards are followed, losses, an additional $15,000 in foren- ministries use to keep donor creditbreaches become harder, slower, and sic costs, and the need to notify 1,800card data safe. PCI sets the samefar less profitable for attackers. And donors while purchasing identity- standards used by banks, credit cardif a compliant organization is ever protection services for all of them.companies, and major retailers tocompromised, the stolen data isImagine being the one to tell sup- safeguard payment data. often useless because it is encrypted, porters youve prayed with for yearsThink of it as a digital securitytokenized, or never stored at all. that their data might be at risk. Thatfence around your donors informa- In our work with ministries, well \x02 NOVEMBER/DECEMBER 2025 WWW.CITYGATENETWORK.ORG 47'