Skip to main content

Payment Processing For Nonprofits: Understanding the Basics

Ready to learn all about how to choose the right nonprofit payment processor?

Every nonprofit relies on donations, right? 

And most nonprofits don’t think much of what happens after someone donates. You see the funds in your bank account, so everything went well, but questions remain, such as how much does payment processing cost? What’s the difference between PCI compliance and certification? What do I do when I’m ready to shop for a payment processor? 

CharityEngine has provided an all-in-one CRM—including payment processingto nonprofits of all sizes for more than a decade. Every day, we get calls asking about payment processing, and we’re struck by how mysterious the process might seem to nonprofits. Because of this, we decided to pull back the curtain to provide insights many nonprofits will likely find valuable. In this article, we'll cover:

After reading this article, you’ll understand the steps in payment processing, your options for payment processors, and how you can save money by choosing the solution that works for your nonprofit. 

Nonprofit Payment Processing Glossary

There are a lot of terms you might be unfamiliar with that get tossed around when discussing payment processing. Before diving in too deeply, here’s a glossary of terms you can refer to throughout this article:

  • Merchant Account: A merchant account is an in-between account where funds are transferred from the donor’s account after they give, but before being deposited into your nonprofit’s account. This account is one of the key aspects of payment processing that allows organizations to accept donations. 
  • Aggregator: An aggregator is a type of payment processing service. This type of service processes payments through a single merchant account for all contributions. This means that all nonprofits who use the same aggregator also use the same merchant account. They provide ease-of-use, but not much customization, flexibility, or speed. PayPal is a very common example of an aggregator. 
  • Payment Processor: A dedicated payment processor is similar to an aggregator because it helps facilitate payment processing. However, a dedicated payment processor sets up a different merchant account for each of its customers. They typically provide faster processing and more flexibility for users. 
  • Payment Gateway: While the terms payment gateway and payment processor are frequently interchanged in conversation, they are different steps in the process. A payment processor collects and transmits payment information, while a payment gateway uses a series of encryptions to securely authorize the transaction before it moves forward. 
  • PCI Compliance: The Payment Card Industry created a series of standards for companies to uphold in order to process payments safely. PCI-compliant processing services adhere to these guidelines and internally check their processes with a self-assessment to avoid violations. 
  • PCI Certification: A step above compliance, PCI certification requires a rigorous process and a comprehensive audit by a qualified security assessor to ensure all of the proper security measures are taken while processing payments.
  • Virtual Private Network: A virtual private network (or VPN) uses encryptions to ensure internet security during payment processing. It’s used to keep payment data in the hands of the right people and to prevent fraudulent payments. 

Steps in Nonprofit Payment Processing 

It starts when a donor goes to your website, clicks the “donate now” button, and gives to your cause. The process looks something like this:

Nonprofit payment processors follow these steps to process your donations.

  1. The donor’s payment goes through a payment gateway that encrypts and authorizes the payment. 
  2. The payment is sent to a payment processor or aggregator.
  3. The payment processor will have set up different merchant accounts for each of its customers. Your nonprofit will have a designated account and this donation will go to your merchant account. Or, the aggregator uses one general merchant account, not separate ones for each client. It offers ease of use (think PayPal) but not a lot of speed, customization, or flexibility. 
  4. Finally, the donation is transferred to your nonprofit’s bank account. 

As you can see, you already have a choice: should I choose a payment processor or an aggregator? If both options get the money from my donor to my nonprofit, does it matter which I choose? 

We recommend that clients choose a dedicated payment processor. That’s simply because, if there is a data breach, you will want to be somewhat protected from it.  

To put it plainly, you don’t want to be swimming in a crowded ocean when an angry shark joins the crowd, because the lifeguard can only help one person at a time. If you’re the only one in the ocean, you’ll get help fast. When you’re talking about the security of donations, this customer service matters. We’ll dive more into the specific differences later.

What’s the Difference Between PCI Compliance and PCI Certification? 

And speaking of shark attacks, how can you make sure your payment information and donor data are safe? You don’t want donors to be reluctant to give because they’re worried about security.  

The Payment Card Industry (PCI) sets standards to securely handle credit card data. It’s a watchdog of sorts, and most payment processors are either in compliance or certified. 

PCI Compliant

PCI-compliant payment processors have, as it sounds, complied with the most basic standards set by the industry. Compliance can be achieved in about a month. 

If your payment processor is PCI-compliant: 

  • It has taken a self-assessment to ensure it follows all of the guidelines. 
  • It installed a firewall between the wireless network and the cardholder data.
  • It has implemented a strong vulnerability management program. 
  • The security qualifications likely took less than a month to complete.

PCI Certified

PCI-certified payment processors are regularly audited by a third party to ensure the software and security measures are safe. This is a stringent certification and not one easily found with payment processors. It takes about six months to complete, and the processor remains under a microscope as long as they have the certification. 

PCI-certified organizations have more stringent standards that they need to comply with. If your payment processor is PCI-certified: 

  • A qualified security assessor (QSA) has inspected and approved of the software and the security measures taken to protect payment data. 
  • The QSA has looked into how the software solution was developed. 
  • The QSA checked the training process of the software developers. 
  • The security qualifications could have taken up to six months to complete. 

It’s likely no surprise that we would recommend a PCI-certified payment processor. Because the PCI-certification process is so rigorous and stringent about the guidelines that must be met, we recommend looking for a solution with this security classification. Here’s a side-by-side comparison:

Explore the differences between a payment processor that is PCI compliant and PCI certified.

Payment Processor vs. Aggregator: Which Should You Use?

Payment processors and aggregators both work as the intermediary to transfer data and funds from your donor’s bank account to your nonprofit’s bank account. 

The primary difference between these two nonprofit payment processing methods is the use of the merchant account. Therefore, the processes look somewhat different. Payment processors look something like this: 

Explore the process of a dedicated payment processor.

  • First, the donor provides their credit or debit card information on your nonprofit’s online giving page
  • Next, that data is sent through the payment processor’s gateway to the individual merchant account that the processor has set up for your nonprofit.
  • Then, the merchant account holds the donation amount while the payment processor verifies the payment information. 
  • Finally, the donation is transferred from the merchant account to your nonprofit’s bank account. 

Meanwhile, aggregators look something like this: 

Explore how an aggregator processes payments.

As you can see, all of the organizations that use the same aggregator also share the same merchant account. This is the main differentiator between a dedicated payment processor and an aggregator. Therefore, the process with an aggregator looks like this: 

  • First, the donor provides their credit or debit card information on your nonprofit’s online giving page. 
  • Next, that data is sent through a payment gateway to an aggregator-controlled merchant account. This account is shared by all of the aggregator’s clients. 
  • Then, the merchant account holds the donation amount while the aggregator verifies the payment information. 
  • Finally, the donation is transferred from the merchant account to your nonprofit’s bank account. 

Our preference? Dedicated payment processors. 

Dedicated payment processors offer more personalized services. For instance, if something were to go wrong and there was a data breach regarding your aggregator (scary, we know), the aggregator will have all of their clients to respond to, limiting the one-on-one attention your organization receives. 

However, if something were to happen to your account, you’re more likely to get personalized assistance from a dedicated payment processor because you have an individual account with them rather than a shared merchant account.

Plus, dedicated payment processors have fewer interruptions to their processing activities for your nonprofit’s donations, speeding up the process. This leads to a faster payout and less room for error.

Payment Processor Buyer’s Guide FAQ

When you’re ready to start researching potential payment processors for your nonprofit, it’s normal to have questions. Here are a few essentials you should be sure to know the answers to when assessing different payment processing solutions.

How Much Does Payment Processing Cost? 

There are a few fees involved in payment processing, and they can be different from system to system. It’s important to understand them so you can compare apples to apples. 

  • Processing fees are fees that a nonprofit pays for a company to process a transaction.  
  • Flat fees are charged monthly or annually and they are paid so you can work with the gateway, processor, or aggregator. 
  • Incidental fees are charged for incidents that occur, such as if a donor’s credit card is declined. 

Payment processing fees can add up, and they are variable from different providers. If you use an online donation tool, or a front-end button connected to forms that receive data, this is the first fee and it’s usually 1-2% of the donation. 

Unless you have a system that combines the donation tool and the payment processor, you’re looking at another fee for the payment processor, which can be 3-5% of the donation. 

To sum it up, you can pay up to 7% of each donation to different middlemen if you don’t shop around. 

Look for software that offers a donation tool and payment processing in the same software. The more parties involved, the higher the fees you’ll pay. 

How do I choose a payment processor? 

Let’s talk about deciding whether you want a payment processor, a CRM that integrates with a payment processor, or more of an all-in-one solution.  

You might want a payment processor, like PayPal, iATS, or Stripe, if: 

  • Your annual donation amounts are relatively low (less than $25,000)  
  • You are selling goods to raise funds, such as in an online shop 
  • You don’t have a large number of donors (fewer than 5,000) 

The key feature you want to evaluate with a payment processor is what types of payment they accept. Credit card, ACH, Apple Pay, Google Wallet, cryptocurrency? Do they handle recurring billing? 

You might want a CRM that integrates with those payment processors if you: 

  • Want to be able to collect donor data and insights 
  • Are collecting donations rather than selling goods  
  • Have annual donations that amount to about $200,000 

You might want an all-in-one CRM that combines payment processing and an online donation tool if you: 

  • Raise more than $250,000 in donations 
  • Want to aggregate and analyze donor data 
  • Want access to various integrated fundraising tools, such as email automation or peer-to-peer capabilities 

What are the best practices for selecting a payment processor? 

By now, you’ve taken stock of your needs and your budget, and you’ve determined whether you need a standalone payment processor, a CRM that integrates with a payment processor, or an all-in-one CRM that offers payment processing. 

So what are the key best practices you should remember? 

  • The fewer stops between your donor’s wallet and your nonprofit’s bank account, the lower the fees you’ll pay. 
  • Make sure your donation tool is integrated with your payment processor, that your payment processor is seamlessly integrated with your event software, and that all your systems play together nicely. 
  • If you choose a solution that requires a lot of integration with different providers, try to find one that has as few integrations as possible. 
  • A comprehensive, all-in-one solution will be the most economical option unless you’re a small nonprofit. 
  • With any solution, make sure you’re investing in a partner. Make sure they offer training and a help center number you can call at any time. 

In the spirit of full disclosure, CharityEngine offers a PCI-certified, SOC 2-certified payment processor as well as an all-in-one nonprofit CRM. We know the nonprofit landscape well, and we’re committed to educating charities about how they can find the most effective solutions that put the most money right back into their mission.

Now that you’ve learned a little about how payment processing works, which solution might be most appropriate, and things to keep in mind as you evaluate options, it’s time to shop! 

What do I do when I’m ready to shop for a payment processor? 

As with any software, you need to start with research. 

  • Google is your friend! Google “nonprofit payment processors.” 
  • Ask in industry forums or community chats for recommendations. 
  • Make sure any companies that make it to your shortlist appear on Visa’s list of registered service providers

Next, list the features most important to your nonprofit. Payment processing? Donor management? Advocacy? Blast text? Line these up in order and compare them to what a solution offers. If you only want payment processing, you don’t need an integrated CRM. If you want to slice and dice donor data, you need more than a payment processor. 

Finally, request a demo with a few providers. At that time, expect them to show you exactly what their solution will look like for your nonprofit. Don’t forget to ask each of them for a quote of their processing fees, their flat or gateway fees, and their incidental fees. You will be surprised by the variance in those fees, and every penny you pay a middleman is a penny not going toward your mission. 

If, after all of this information, you feel as though an all-in-one fundraising CRM might be a good option, you can book a demo with CharityEngine. We’d love to show you what we’ve got!  

 

 

ultimate-guide-nonprofit-crm-revised-small-2

The Ultimate Guide To Selecting A Nonprofit CRM

We've compiled this guide to objectively evaluate and help you select the right CRM for your organization.