Big Nonprofit Ideas for the Other 95%
I love our sponsors!
Do you want to find more prospects & raise more money? Pursuant is a full-service fundraising agency, leveraging data & technology.
It’s not your 7th grade spelling bee! We Bee Spelling produces charity fundraiser spelling bees with stand-up comedy, live music & dance. It’s all in the video!
Get Nonprofit Radio insider alerts!
Listen Live or Archive:
- On Fridays at 1pm Eastern: Talking Alternative Radio and tune in
- Listen to the February 3, 2017 archived podcast
My Guests:
Allison Weston, Chrissy Hyre: Grow Your Sustainer Revenue
You want more sustainers? We’ve got the formula: Multichannel. Upsell. Benchmark. Avoid attrition. The panel is Allison Weston & Chrissy Hyre, from Chapman Cubine Adams + Hussey, and Sabra Lugthart with The Trust for Public Land. This was recorded at the 2016 Nonprofit Technology Conference.
You don’t want to be the next headline. You don’t want a fight with a donor over whether you compromised their credit card number. We’ll keep you safe and in compliance. Also from 16NTC are Tracey Lorts and Joshua Allen, both with Greater Giving.
Top Trends. Sound Advice. Lively Conversation.
You’re on the air and on target as I delve into the big issues facing your nonprofit—and your career.
If you have big dreams but an average budget, tune in to Tony Martignetti Nonprofit Radio.
I interview the best in the business on every topic from board relations, fundraising, social media and compliance, to technology, accounting, volunteer management, finance, marketing and beyond. Always with you in mind.
Get Nonprofit Radio insider alerts!
Sponsored by:
Processed on: 2018-11-11T23:41:13.912Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2017…02…325_tony_martignetti_nonprofit_radio_20170203.mp3.878948250.json
Path to text: transcripts/2017/02/325_tony_martignetti_nonprofit_radio_20170203.txt
Hello and welcome to tony martignetti non-profit radio big non-profit ideas for the other ninety five percent. I’m your aptly named host oh, i’m glad you’re with me. I’d be thrown into vou care. Arai assis, if you wormed in with the idea that you missed today’s show, grow your sustainers revenue you want more sustainers we’ve got the formula multi-channel up, sell benchmark avoid attrition. The panel is alison weston and chrissy hyre from chapman, cubine adams and husi and sabra lugthart with the trust for public land, this was recorded at the twenty sixteen non-profit technology conference and protect your donor’s data. You don’t want to be the next headline. You don’t want to fight with a donor over whether you compromised their credit card number. We’ll keep you safe and in compliance. Also from sixteen ntc are tracy lorts and joshua alan, both with greater e-giving tony, take two seventeen and tc responsive by pursuant full service fund-raising data driven and technology enabled, you’ll raise more money pursuant dot com and by we be spelling supercool spelling bee fundraisers. Wee bey e spelling dot com here’s, our first panel on growing your sustainers revenue from the sixteen ntc, welcome to tony martignetti non-profit radio coverage of sixteen ntc non-profit technology conference with the convention center in san jose, california. My guests now our chrissy hyre alison weston and several lugthart chrissy is see you’re strategist at chapman, kyu buy-in, adams and pronounce all those hyre directly did even cubine you did? Yeah, i should have asked you before, but we’re rolling now. Alison weston is, uh, also with chapman, cubine adams and yep. Okay, what do you do there, though? Does have a title for you. I’m a digital account executive. Okay. Excellent. And say piela oneaccord is associate director of annual giving at the trust for public land. It was a very simple one. Thank you. We love everything documented here correctly. Thank you. Before we start with shot out swag arse crack item for this interview is from cornershop, cornershop, creative it’s ah it’s vegetables. We’ve got sure that’s an eggplant got tomato stress balls no pair stress ball also. But all the vegetables items are not stress balls. We have a banana pen. We had a chili pepper osili all from cornershop creative. So thank you very much. This goes into our swag. Pile ilsen would you help me budged? And those items put him up front. There we go. Oh, the implant. Okay, but all this way, swag pile. Thank you very much. Okay, ladies. Let’s, get serious about sustainers now, sabre, you have to depart a little early. So when sabelo leaves it’s not because my questions suck or anything like that because you have to go because we’re running a little behind. So let’s, start with you. Make sure you get. Yeah e-giving for some time. What is the problem that non-profits are not getting things quite right with sustaining don’t? Well, first, i’ll preface that i’m a client of cch that’s, right? I think we’ll give my organization has an example before i started working at the trust republic land way just didn’t have a sustainers program in place there nobody we didn’t have a dedicated staff member. Um, well, you know, sustainers air worth so much in revenue. So, you know, we did all of these things we work towards that teo grow our program and really recruit sustainers so i think, really the bottom line is is over time when you build your sustainers program, it just generates so much revenue for your organization so it’s worth focusing on okay, we’re we’re for some reason we’re not what we what we alison, what do we not quite getting right about building our sustainers base? I think a lot of regulations do get some things right. I wouldn’t marry you. What herself not getting quite right, i think you know, a big factor for continued, most like sustainers growth online is continue testing so there’s a lot of things to do with donation forms and, you know, i think once you find something that works, that doesn’t mean it’s going to continue to work. So i think one thing we talked about in our sessions, they was keep testing online and keep holding it on things in your donation form and making sure that, you know, you’re continuing to grow and try new things, okay, chrissy, if you want to add to our overviewing this point, i think, you know, maybe two things that i would add to what these ladies have said that, you know, having organizations make sure that they’re taking a multi channel approach to sustain a recruitment that they’re using all the same channels. That there, soliciting one time, gibson for sustainers recruitment and then really evaluating on the back end. Making sure that once they go to all of the trouble of making sure that folks have become monthly donors, that they’re staying monthly donors. And they’re staying engaged in the organization. Why do you think some organizations aren’t taking st multi-channel approach for sustainers that they are for other types of dahna with what’s happening disconnect? Well, i think that, you know, i think that people get a little bit overwhelmed sometimes by, you know, the number of thing are the kind of logistical set up that it takes to start a sustainers program, and so it seems, i think sometimes like, oh, the easy way to do this would be just to do it online let’s, just sell this through email let’s just do a light box, let’s just do it digital ads, you know? And that seems like kind of an easier kind of entry point into sustainers e-giving whereas you know something like telemarketing, for example, which is what i really focus on with my clients can feel a little bit scarier, a little bit more, a little bit bigger, maybe a little bit tougher to bite off, okay, yeah, i think also for a lot of non-profits data is just a challenge, even just getting everything set up in the back, and i know sabra, you had a lot of leg work to do before you got started so i would say, yeah, just getting your house in order before you can even get started and keeping it in order and keeping your data clean. It’s a big challenge, especially with this scene. E-giving okay, all right, so let’s, start with our multi-channel approach to sustain. E-giving now, of course, we’re talking about monthly monthly. Sustainers is that right? Is that we’re all so everyone’s on the same page, okay, monthly sustainers huh? Our multi-channel approach are we trying to convert existing donors to sustaining or we try to require new donors? Sustainers or both, you can do it all, you can have it all. So, you know, i think that’s sort of the lowest hanging fruit is converting the people who are already connected to your organisation as donors and two monthly givers. I think that a lot of organizations also find tremendous success with kind of warm prospects, online activists and that kind of audience and then certainly alison and sabelo could speak to this, but one of the things we find works really well, digitally is using sustainers e-giving is an acquisition tool. Yeah, so i mean, i think there’s, the biggest factor we’ve seen in converting to see here, has been doing a recent cso like christie said, making sure that you’re getting people that sustaining ask after they’ve made a one time gift anything there’s a lot of ways to do that online, trust me publicly, and they do, you know, a few different things. One of them is a rolling email out to you one time donors, ten days post donations so that’s a good way of you know, reaching out to people when they’re current. In recent donors, you’re tuned to non-profit radio. Tony martignetti also hosts a podcast for the chronicle of philanthropy. Fund-raising fundamentals is a quick ten minute burst of fund-raising insights, published once a month. Tony’s guests are expert in crowdfunding, mobile giving event fund-raising direct mail and donor cultivation. Really, all the fund-raising issues that make you wonder, am i doing this right? Is there a better way there is? Find the fund-raising fundamentals archive it. Tony martignetti dot com that’s marketmesuite n e t t i remember there’s, a g before the end, thousands of listeners have subscribed on itunes. You can also learn maura, the chronicle website, philanthropy dot com fund-raising fundamentals, the better way. Dahna oppcoll okay, let’s, let’s, drill down. But what does that email saying? Thanks them for their gift? Sabelo what does it say? Yes, so the again the emails sent out ten days after the after donor-centric thank you, basically, thank you very much for your recent gift that builds a case for support of why sustaining gifts are so important and it’s all wrapped around the mission of our organization at the end, it says, would you please consider becoming a monthly donor and that’s about what’s in the mail and a link to click to, of course, yes, all of the links to other clip now, when they get there, do they also get a written acknowledgement for their one time give if in our organization, if they give online, they get an automated and they get an automated email and sustainers get a different kind of automated email. So okay, we’re not going out there, and i’m still the one time donor. If they make an online gift to get a in ordinated email on our ana made it basically, thank you eat tax receipt online and then if they don’t, it makes a gift off line they get, you know, they get mail ok in that in that offline, direct mail are they also invited to become sustainers in direct mail? Yeah, so we do dio way doo doo like a b r e slip and direct mail asking has a sustainers ask, and we do do some segmentation and email like we recently sent out a tax receipt that asked people to become, you know, if they had recently given a one time gift, asked them to become a sustainers consider becoming a sustainers and i think that that’s actually really speaks to kind of some of the multi-channel approach that we’re talking about, which yet, you know, it’s, not even just which channels you’re inviting people to become a sustainers through, but branding the program across everything that you send a donor so thinking them with that, you know, and making that sustainers asking, just kind of keeping that in the forefront of their mind as they go through. Sort of their donor life cycle. Okay. Uh r r one time donors asked again before their other once on gift if they hyre turn down the first sustainers nasco they then asked, like i said before there before their other annual gift. Yeah, good question we solicit our month. Well, we are monthly donors on a limited mail solicitation track, so we only send the mailings three times a year. Um and yeah, so we will when it that time is appropriate. The year and campaign. We will ask them to make a one time contribution or we’ll ask them to upgrade their gifts. So we do. Sorry, i’m kate reverting back to monthly donor is not one time your gifts. Sorry, my question was, how often do you ask one time donors to become sustainers you ask them the first time after ten days after their first there one time gift, how often after that? Before their next one time. We don’t have a player friend. Yeah, we don’t have a plan for that right now. Okay? Alison and christine, do you think that is advisable? Or should you just continue to wait until they made their other? Their next one time? Well, one of the things that we find to be really successful is again, kind of, you know, you’re asking the multiple times, but maybe you’re not asking them in the same way, so you’re, you know, you’re thanking them for their gift and there’s this kind of soft asked for them to become a sustainers then you send them an email and explain the program to them and ask them to become a sustainers that way, then you call them and ask them to become a sustainers and then you follow up from that and say, thanks so much for listening. Is this something you would consider so it’s? Not it’s, kind of a cohesive strategy that asked them multiple times, but it’s not necessarily like these kind of random, you know, isolated asks it’s, sort of an overarching okay, okay, that make sense. Yeah, it sure does. And allison, to your point about the importance of data earlier now, obviously way. Have to have good data for all these channels. Christy just described we need a phone number. I need their e mail. We need accurate mailing address, right? The importance of good data. Before we could do anything. Yeah, no, that’s that’s. Definitely right. Okay, way also need to know piggybacking on that how they want to be communicated with. So suppose somebody doesn’t want to receive phone calls. Yeah, i mean that that definitely has to be taken into account. You don’t make the donor injury. You want to communicate with them in the channel that they prefer to be communicated with thin. But that doesn’t necessarily mean that someone who donates online is only ever going to donate online that’s. Why i keep talking about the multi-channel approach. So in fact, forty five percent of the stayner’s that we see recruited into programs are actually recruited as a sustainers by a different channel in the first channel, they gave a gift to the organization, and so we brought them in through mail. But then they became a sustainers through the phone or online, or they came in on line. And then we made the ms sustainers half convert. They’re giving channel. Exactly. Okay, use the right language that you did. It was very krauz. All right, so we still have a good amount of time together. Sabelo before you have to. Go now. Yeah. Okay. She was taken by your sorry have really thank you. Nothing duitz conversation. Okay, thank you for saying that. Even if not sabelo breaks down. So it was like that. All right, thank you. Say thanks for joining us. Okay, now we’re now we’re just left with the consultant. So now we’re in a big, big loss. I did play e-giving fund-raising. Well, it was not it was not serious. Where should we take this next? Right. We talked about how i’m gonna convert at a game. What else have we, uh, not talk about that? We should in this hole multi-channel topic. Campaign ideas. You have some campaign ideas? Yeah. I mean, i could talk a little bit out some different things that we’ve seen we’re calling, why don’t you? Okay, i hold out on non-profit radio. Sure. So i think one of the things we’ve seen work really well with a lot of clients in a lot of different areas has been sustainers up so light box. So that means basically, on your one time get form, somebody makes the onetime gift and before their gift actually process is a light box pops up. And says, hey, things for your let’s define like box everybody doesn’t know whether it’s opaque shoretz i’m not okay. You know, when you go on a site and kind of the site gray’s out and then something pops up to the forefront that’s basically what? George in jail on non-profit radio yeah, try to help you out of it. Sorry, so you can still see through? You can still see through it. So pictures yeah, so picture this you’ve made, you’ve made a gift, then you know you’re you hit process, and then the screen kind of gray’s out in a box pops up and it says, you know, has a nice image and it says, you know, thanks for your gifts before we process your one time gift, would you like to turn this into a monthly gift and you can click no or you can click x and x out of it, and you’re one time gift will still process. But if you could yes, then it will convert to you become a sustainers so you’re catching people right at the moment when they’re making a gift and you just get people to convert and we’ve seen that works really well for bringing a new sustainers, but also doesn’t depress one time. Revenue does not. Okay, okay, what do we know about what? What amounts to ask them to? Would you like to make this gift to sustaining you? Well know, the mountains is different. So in the back end of the light box itself, there’s kind of an ask string tree, so basically gives a range. So if you make a gift between, say, five and fifteen dollars, and you ask for a five dollars monthly gift or, you know, if you kind of move up and you make a thirty two fifty dollars, gift your ass for a little bit hyre maybe, you know, fifteen or twelve dollars monthly gift so it’s kind of tiered. So you’re making sure that you’re asking for the right amount from people what we call that strategy. That’s the sustainer, upsell, lightbox okay, sustainers yeah, i terminology, yeah, as long as you define it joining way don’t like talking about it. Criminology sustainers upset like box, of course, who doesn’t know what that is like? Everybody who listens to cop radio does now that you know, you just treyz down. So i don’t think so. Sustainers upsell white-collar christine woman a woman who sat in your seat before this interview was so that was misty magog a chrissy hyre christy, what other campaign strategy can you share? Well, campaign strategies? Um, you know, i think that as alison alluded to one of the most important things that we see for organizations to remember, no matter what channel they’re trying to recruit, sustainers through is really the recency of the gift. So i think that a lot of times organizations have a little bit of a fear that if they asked too close lead to this is to the person’s original gift that it’s going to seem ungrateful to be like. Well, now, could you do ten dollars a month? Like ten days? Seems to be okay. Ten days a spine. In fact, the most successful phone programs we do call people within thirty days, which that’s really close? I mean, they just gave a gift. But you really want their commitment and their passion for the organization to be top of mind. And any time in the thirty days, not the next day. Not the next day. No, typically. The window starts kind of two weeks after their gift for two weeks to thirty days, you’re safe in asking for sustainers gift after someone made a one time yep, absolutely and of course, you know you want you want to thank them, you want to appreciate them for the amazing donorsearch es are but that’s, you know, that’s totally acceptable. And i think the other thing that we talked a lot about today and that we could go into a little bit more now is sort of what to do with sustainers once you bring them on, and so i think that you know, sustainers support is great because it’s the stable monthly revenue, but it’s not a set it and forget it kind of strategy and so there’s a lot of work that has to be done once you actually bring these folks to the table to become monthly donors, to make sure that they stay engaged and passionate and interested and that they continue to give and you don’t lose them because their credit card expired or they just sort of became disa passion with your organization. Okay, very important too. Yes, yes, we don’t, we don’t. Want to lose? You don’t want to lose our donors. What do we know about out? After someone becomes a sustainers do they then keep up their their annual giving, too? So this is something that a lot of organizations kind of go back and forth with. Do you continue to ask sustainers for one time gifts? Do you try to just upgrade their sustainers gift, like what is the perfect mix of howto results in them? And so one of the things that we found is that, you know, thes air your most committed, passionate donors, and so it is completely acceptable to ask them for a one time gift. A lot of folks use a strategy called the thirteenth gift, where in december they’ll ask sustainers to give sort of the thirteenth gift of the year. If you have, like, a key matching gift campaign or something really urgent happening within the organization sustainers air great group of people to reach out to on dh, then organizations have seen success upgrading sustainers is close to their original sustaining gift is three months after they give it. So you know, there’s there’s really no hard and fast rule it’s kind of about testing and finding what works best for the organization. Okay, even okay, things. That that sound unusual to me, even just within three months of their first sustainers gift it’s okay, in some cases to ask the upgrade that absolutely so we worked with a really large non-profit that has an extraordinarily large sustainers program and what they they tested six months versus three months in terms of a sustainers upgrade and found no difference. At three months that is many people upgraded the donor’s weren’t displeased to be getting called again so quickly that folks felt really engaged and excited. They kind of under you just always have to explain what their support is doing. Why is that additional three dollars, a month so important? Allison, could you help us with went to be thanking our sustaining donors? I think is pretty well recognized don’t think them every month, but do we thank them every year? What’s appropriate? Yeah, i think i think they definitely need to think them, but not overthink them, but i think something else that you can do more often is kind of keep those engagement touches going, so send engaging emails that aren’t just asking people for money, sending them something that’s going to keep them tied. To the mission of the organization and kind of keep the organization top of mind without asking them for money every single time they’re opening an e mail from you. Eso whether that’s a quiz about your organization reading article, you know something, something fun like that to keep them engaged, it informed, i think, is really important and sustainers going, of course, be lumpkins that along with everyone else on your email list on your contact list, but i think you know it’s nice at the end of the year at the beginning of the year to send out a nice impact email or an impact, you know, whatever you’re doing to show, um, you know how much their support meant to you over the year and all the stuff that you were able to do because of all the, you know, consistent support that sustainers gave you okay? So generally recognized that end of the year is is the best time or if there’s, another key bowman in your organization? I don’t think it’s a problem to thank donors, but i think you can do really consistent engagement emails, teo, to keep folks, you know, tied to your organization okay, way too little a budgeting conversation. Okay. Dahna what? What are expense items that we need to factor into creating a sustaining sustainers? Provoc well, i think that in some regards and allison definitely jump in. I think that when you think about sustainers recruitment, you almost have to think about it in the same way you think about acquisition, and so, you know, you’re going to invest in acquisition, but it’s a long term kind of long game strategy and sustainers recruitment is the same way, so you know that obviously one of the biggest cost is making sure you have the back and systems to process the spokes monthly, that you’re not gonna lose track of that. And, you know, all of that is part of the organizational budget i would assume and then additionally, you know, making sure that you are kind of realizing that if you’re starting a program from scratch, this is like the long game, this isn’t something that’s going to pay off in three months. This is something that you’re looking at in some cases, if you really want to build a large program, the big net is going to happen. After a year, maybe two years, maybe three years, depending on how big you want to go. Okay, so you gotta be in it for a longer term, right? Any other budget type factors? Allison, you want to jump in? No, i think you pretty much well covered it, but i think, you know, if you’re sending out e mails, you obviously have to have a sierra. So i think a lot of the stuff you know, most organizations already have but it’s a matter of using it for recruiting sustainers but definitely i think the biggest hurdle for a latto organizations is getting that peanut processing set up. Okay, got a meat processing that you trust? Are there payment processors that you like? You want to give a shout out to particularly well. Okay, what about strength? Yeah. So, you know, i think that this isn’t so much about the actual monthly processing, but, you know, there’s there are a lot of great tools out there right now, like stripe or a man tive that help recapture credit card information before it lapses, which really helps organizations that are trying to build sustainers program stem. That sustainers attrition on. Dit could be a really huge factor and turning around sustainers avenue. Okay, now, what was the second advantage vantive used to be? Lytle now, it’s canton. Okay, so we know that when credit cards laps, we’re likely to lose sustainers donors so just kind of some quick stats i can share with you, so i work with pretty large sized political action committee, and they’re very committed growing their sustainers program, they spend a lot of money investing in this new sustainers growth and so this year or in twenty fifteen, rather we saw this pattern where we were exceeding our budget projections for new sustainers revenue every single month and our sustainers number was decreasing every single month, so just, like, made no sense, right defied logic, so we dug in to see, you know, what’s going on? Why are all these people falling off the file? Because the problems really attrition and of those folks who are falling off, eighty percent of them were falling off because of bad credit card numbers. So this was sort of during that time where we all got this new chip cards or their expiration dates were expiring, theyjust were getting new cards and we weren’t able to contact them quickly enough to get that new credit card back on file. So with this process all of a sudden, you know, we implement this in december, and we go from losing thousands of dollars every month to seeing, like, twenty three percent growth since december through february. Okay, so what are we doing in advance of the credit card lapse? So a little bit technical and that’s? Not really my bailiwick, i will tell you, but so basically, what thes companies do is they contract with banks so that they have a relationship with the bank to update your credit card before it ever even expires. So, for example, if you have a netflix account, you probably notice that your credit card never actually expires. No matter what. You know how many cards your bank is sending you in the mail and that’s because they’re contracting with them directly to get that information so that you, the consumer, don’t have to go in and update all of that. Oh, i see. Ok, so it’s all happening transparent to you. It happens automatically, right? You never have to decide. I’ve given enough. To this organization, exactly it’s a customer service convenience that actually saves organizations a lot of money. Yes, it’s also non-profit exactly. All right. All right. We still have a couple of minutes left. Zoho some benchmark benchmark’s is for sustainers growth. Allison, help us with that. Yeah. I mean, i think it depends where different organizations are in their sustaining journey about growing their program. So i think, you know, when folks are thinking about starting or growing at sustainers program, you have to kind of set your own benchmarks that i can throw it a couple stats. I think you know, some things to consider. You know, overall good, healthy benchmark would be about having ten percent of your revenue comes from sustaining, giving. So, you know, that varies from organization organization, but i think that’s kind of ah, national benchmark it like a good back of the napkin calculation on that. I also think some other things to consider are just, you know, benchmarking and kind of setting some goals for how much revenue goals you want to have come from a scene e-giving and also thinking through, you know, looking at how much you want to spend to acquire these donors and then what’s the return on investment. How long are these sustainers staying on the file? Are they lapsing off? Is there a certain channel that’s? Not really working very well. Maybe honing in on, you know, tweaking your strategy a little bit. So i think there’s different things and it’s it’s going to be different for every organization you know, not everyone is the same place in there seeing e-giving program. But those air something’s toe consider. Okay. Okay, christy, i want to leave us with i think that ultimately what i would say is that while building a sustainers program is an investment, it ultimately is so worth it. It is probably the number one thing that organizations khun due to help grow their files. Folks who become a credit card sustainers will stay on your vile for thirty seven months or longer. They’re your best prospects for plan giving. They’re your best prospects for mid level upgrading. And they are ultimately kind of the core of your fund-raising once you develop that audience is ideal, concise, beautiful. Thank you, ladies. Thank you. Ok, they are christy hyre and she’s, a senior strategist. At chapman cubine adams and she was right. Okay on. Alison is also there doing marcus ellis, a digital account exec. You can’t exactly fucking watch, ladies. Thank you. Martignetti. Non-profit radio coverage of sixteen non-profit technology conference san jose, california. Thank you so much for being with us. Protect your donor’s data is coming up first. Pursuant. Have you checked out their white paper overcoming the major donor dilemma? It’ll help you. The research is free. It’s valuable it is. I can make it any simpler. This stuff is helpful. This one, the overcoming the major dahna dilemma covers identification, engagement and cultivation of new major donors. So you’re finding them, you’re getting them active and then you’re cultivating for the solicitation. Overcoming the major donor dilemma it’s at pursuing dot com you click resource is and then content papers. We’ll be spelling spelling bees for fund-raising have you checked out their latest video, it’s from a night that raised money for help for children raised over one hundred ten thousand dollars, the organisation needed help. It turned to re be spelling. You can see it all documented. They’re documentarians it’s all there on the video at we b e spelling dot com now for tony’s take two, the twenty seventeen non-profit technology conference so we got two interviews today from twenty sixteen. I urge you, i can’t be seat you because that belongs elsewhere, but i urge you, i implore you to check out the twenty seventeen non-profit technology conference it’s march twenty third, twenty fourth, twenty fifth in washington d c there’s always there’s like one hundred or more there’s more than one hundred smart speakers, smart seminar leaders they’re all talking about how to use technology smarter, more efficiently, brighter all just better to help you do your work and is not only for technically oriented people mean, i go and i interviewed people and i can hold my own in the conversation so you can too on you don’t even have to converse with them. I mean, if you don’t talk to somebody and then just don’t talk, just listen but it’s not on ly for geeks, which is no longer a pejorative now than it was when i was growing up. But now it’s ah, people boast about being geeks but it’s not only for them, so if you’re using technology and ah, you’re odds are you’re listening on a smartphone, so guess what xero embedded in your life using it to do your work accomplish your mission. Then i would check out twenty seventeen and tc get latto all the info at and ten and tn dot or ge and that is tony steak too. Here’s, our second panel on protecting your donor’s data. Welcome to tony martignetti non-profit radio coverage of sixteen ntc this is also part of ntc conversations. We are at the san jose convention center kicking off our day to coverage. My guests are tracy lorts and joshua. Alan tracy is community marketing manager for greater e-giving on dh joshua is not listed in the program. How come? Last minute addition in addition, okay, joshua, tell us your title and your organization. So students engineer with greater e-giving what kind of engineer? Solutions solutions engineer with greater e-giving okay, they’re seminar topic is super boring. Crazy important p c i and protecting protecting your donor’s data. What? Thank you, joshua. Welcome. Thank you. All right, we have to acquaint listeners with what? P c i is i’m going to assume that a lot of people don’t know a post. We have jargon jail on tony martignetti non-profit radio, so we want to start off with you in prison in george in jail. That was tracy, since you’re most concerned about prison justin, maybe you’ve done time, so i don’t know, but you’re not not it’s. Not about jargon. Jail. All right, tracy, what is p c i? So p c i is an acronym that stands for the payment card industry. So it’s, a set of standards that’s put forth by all major card brains around the world to ensure a set of security standards are implemented by everyone involved in the card processing services. Okay, security standards, if you’re involving card processing, is it also dependent on what kind of data you save and whether you save data? Yeah, s o p c i has a set of data security standards called tell them the twelve pc ideas s going to get more darken. And thats the data security standard. Okay, so it’s a set of twelve requirements that are kind of a minimum standard for anyone involved in card processing that you have to meet those standards in order to be compliant with pcs. Okay, joshua, you’re doing this session so safe to assume that a lot of non-profits i don’t know what pc is my assumption, correct? They may not know what it is or they know what it is, and i’m not sure how to start so that that’s what our purpose far session is to is to get people acquainted with with what they what they should start learning to know and then and protect themselves and their donors. Data. Okay, okay, what is it? What is the best way to get started with learning pc? I mean, is it just a matter of twelve gss is or is there a better way to make entry into this for people aren’t familiar? Yeah, you need to know more if they are a little familiar. Yeah. There’s a four different levels of pc i compliance and it’s, based off of the number of transactions that you’re doing on a yearly basis. S oh, that would be the number of people that would be impacted if your organization were to have a breach so larger businesses processing, you know, billions of transactions annually have more stringent requirements than someone on ly processing in the thousand thousand transactions per year range. I’m so most, you know, most large large companies air having to do really, really strict requirements for p s p c i but if you’re a smaller processor, you really just have to complete what’s called the self assessment questionnaire that’s put forth by the p c i council and you have to do it on an annual basis and it’s basically as self verification that you are complying with all the requirements of pcs. Okay, let’s, just take one step back. Joshua if people maybe you’re in a smaller organization on, they don’t really want to take this on which we’re going to be talking about for the next twenty minutes. They could just accept gifts by check. Yeah, that’s always a possibility. Absolutely they could. But as we’re as we’re going into the digital age it’s very important that organizations open themselves up to the other fund-raising streams, including credit card payments and okay, i just want to put it out there. Yeah, just briefly, you could. This really scares you. And it was really small shop. You could just not accept credit card donation, right? But you’re missing out on the town. Of donations. Okay, this is it. It’s. Really? Not a big scary idea. You know that twelve requirements are really simple. Concepts like having a firewall in place. That’s one of the twelve. So they’re things that should be a part of your security process and your security policies is a non-profit to begin with. So they’re things that you should already be doing. It’s really? Just about ensuring that all of the checks and balances are in place. Ok. Ok. What are what are the four different categories? There’s twelve? No, twelve other. There are four categories based on the tear, your revenue, your number of processes for per year. Yes. Okay. You just lay out what? Those forty years. You could just tears called him. Tier one tier don’t know the terminology. I gotta be on the terminology. Okay? Right here. One through four. There’s. Some specific data. So i think she’s. Yeah. So okay, a tier one eye merchants going to be processing over six million transactions annually. That’s, that’s. A lot of, um a tier two. Going to be processing one million to six million. Tier three is twenty thousand to a million and then tear. Forest. Twenty thousand or less. Okay, so we would expect most to be three or four correct, vast majority for yes, okay, but we’re looking in the three and forty years, yes, level for most for most. Non-profits. Okay, all right, we’re just going to go through the, uh, that twelve. Yeah, we can ok. Have all these twelve applied to the tiers three and four, they d’oh okay, no matter what, okay, okay. It’s, just that simple. Should we just took him off? We can. Twelve. Yeah, okay, is there anything else we need to any other ground work we need to set for people who don’t know this stuff like me and anything else i should know before we go through the twelve? Well, i think it may be important that even though you do these twelve steps, it does not automatically prevent you from being breeched or unable to continue with these steps, right? But this is the industry standard is the industry standard. So even if you are breached, you can at least say we’re meeting the industry standards. But we still got, you know, we still got our data stolen or reached, right? It’s it’s not the it’s, not the end. All prevention from right, there’s. Almost nothing. I mean, if you have a bad guy in your or bad woman in your office nothing’s going to prevent that or right out of your office or out of it, so okay, all right, well, we can’t prevent one hundred per cent. We could be industry compliant, and we’ll get into some trouble. If we’re not industry complaint, maybe we should just have a little a little more motivation. What happens if you decide? You don’t want to do the pc adhere to the pc high standards? Are there civil or criminal? Sametz people there can be yes, definitely if you if you have a breach and you’re not complain with p c i or even if you are and you still have a breech, there are some potential ramifications. There’s actually quite a if you um most notably there’s some fees associate it that that your non-profit can receive on and there could be legal action taken against you. Obviously, if there was something that came up, that was ah, a major issue for your organization. So you’re better off. Obviously, if you’re our complaint can’t find them, tracy can’t okay. Joshua said, fees it’s a lot of information. All right, give us an idea of a penalty regularly. Regulatory notification requirements that just be like letting people know that you had a data breach, which is not good. You’re bad organization. Weren’t you weren’t complaining? Definitely. Loss of reputation, loss of donors, potential financial liabilities like fees and fines. And in some situations, litigation could be taken against you. Okay. Okay. And and all those situations, you’re in a much better position if your pc i compliant. Definitely. Okay, alright. Still more motivation. All right, let’s, start with our, uh we got the twelve. These are the twelve gss requirements. Yes, right. And what is the ss again? Data security standard. That a security standard requirements? Yes. Okay, s the number one isn’t install and maintain a fire wall pretty commonly done across most organizations. But obviously important to keep in mind that it’s up to date and that you’re continually checking on its security and making sure that it’s working accurately. Um yes, but you don’t have a three year old firewall. No, no. That’s. Not gonna do you any good. Okay. Ah, number twos do not use vendor supply defaults for system passwords. Okay, let’s, dive into this a little more now. Passwords. Don’t you? What you want to amplify what we should be doing with our passwords. Don’t use password. Wei had panel yesterday. Password? One, two, three, four, five, six, seven, six and p word or so there was another one. Password with a zero for the o that’s. Really common. We actually cover the top twenty five most commonly used passwords in the last year in our presentation. Right? We’ll roll a few off these. They’re all bad people do not use the first one to say this is a list of what not to do with your password. Not what to do? Yes, exactly. Please don’t use these this’s good information for your daily life as well. S o so some of the top passwords are one, two, three. Four five six password one two three four five six seven eight corti more number strings football baseball welcome let me in, master monkey princess, my two favorite that made the list this year were as solo and star wars solo and star wars. Yes, alright, so they’re related. All right, bad passwords don’t use these, don’t you? You’re opening yourself up means the top twenty five passwords in the country. You’ve got to have something a lot more secure than one of the top twenty five, and you have to bet that that hackers that are out there no thes passwords are commonly is and all the other, you know, simple variations like using numbers to substitute for letters in the top things, you know, just don’t do it for god’s sake, how much plainer can we make it? And if you have passwords protecting your donor’s data, don’t use it across all of your your different systems that use that your your organization that is very important as well you’re saying have different passwords for the different software system? Absolutely all right, so don’t use the user default. I mean, don’t use a default password. What else was buried in that one, tracy there’s, little more. I thought, um, that was it. Don’t use vendor supplies, defaults, orb system, password. Now you’re decent password. Joshua wanted to read the next one protect card stored cardholder data. So this’s big now, yeah, that starts going into your files and being sure that the information that you do collect is relevant and important, too, maintaining accurate files, handup, but keeping them in a locked, stored area where they tried to help me out here. What was the research on this one? You want to cut back your risk of someone getting access to cardholder dahna? Obviously on dso, you wanna make sure that if you were using digital systems that use encryption, truncation are masking of card numbers, which means masking would be if you are, if you have a set of credit card numbers that your entire string except for, say, the last four digits, which is the most commonly used, wait up tio mask a card number, all of those air exes except for the last four Numbers so that would be 1 way to protect to the data that you’re storing. Let me ask a threshold question similar to my, you know, accepting check questions. What have you do? Credit card processing? What? You’re not storing credit card numbers, you’re still going to be able to benefit from no credit card transactions, right? But just don’t they have to store the numbers with the advantage there you don’t. So i would say that most on profits or using some sort of external service to actually process card data they, of course, as the merchant in that situation are having they do have access to card numbers for a short period of time when they’re transitioning it from there, their hands into their processors hands isn’t microseconds it’s, it’s seconds, but you never know what could happen, and you also never know, especially if it’s in a digital situation who could be watching what you’re doing that also includes the last four digits of a number or the expiration date as well. That all pertains that cardholder data. So even if you’re only storing the last four digits, yeah, you have to do this. We’re going to make sure it’s secure, okay, so in storing all sixteen and storing all only for no difference, you have to do all these things. All right, it’s. All right, so all right, so back to my simple minded question, maybe. Do you do you need to start, right? So i’m asking, do you need to store it? You’re saying you do have it in your possession for a short time, the microseconds or whatever that it goes to the processor that’s still considered you storing it right? And how did you get that data? To begin with that’s? The other questions to come encrypted. It has to come in in some fashion. So i mean, could it be a donation envelope that had that information written down on it? What do you do with it after you’ve processed it donation envelope? Can you shred it? What if you just shred it? That would be a great way to get rid of it, okay? Or burn it burning well, about having that’s always dramatic, but it actually works. We’ve talked about having burned piles in the office. You have a pc. I burn party. You could end of every week. Yeah, yeah, but you just want to make sure that it is completely, you know, it’s completely out of your hands, you’re no longer have access to it anymore, especially when it includes all of that. Really important cardholder data. Okay? And we’re talking about address name? Just a number. Correct. Not just the card number, but they’re mailing address their zip code. That’s the kind of stuff you do need to save because you wanted to mailings. Correct? Yeah. And and most of the time, you know, that kind of information is stored on under management system and those those systems are secure, so you obviously have to have access to them using a log in and password on dh. That information generally is going to be going to be secure as long as you’re using a really good password. Obviously, yes, way covered, that one. Don’t go back now way, have twelve to cover. I’m sure we’re gonna get it, but they all were with each other. That’s, your sister, all right. Like what you’re hearing a non-profit radio tony’s got more on youtube, you’ll find clips from stand up comedy tv spots and exclusive interviews catch guests like seth gordon. Craig newmark, the founder of craigslist marquis of eco enterprises, charles best from donors choose dot org’s aria finger, do something that worked neo-sage levine from new york universities heimans center on philantech tony tweets to he finds the best content from the most knowledgeable, interesting people in and around non-profits to share on his stream. If you have valuable info, he wants to re tweet you during the show. You can join the conversation on twitter using hashtag non-profit radio twitter is an easy way to reach tony he’s at tony martignetti narasimhan t i g e n e t t i remember there’s a g before the end he hosts a podcast for the chronicle of philanthropy fund-raising fundamentals is a short monthly show devoted to getting over your fund-raising hartals just like non-profit radio, toni talks to leading thinkers, experts and cool people with great ideas. As one fan said, tony picks their brains and i don’t have to leave my office fund-raising fundamentals was recently dubbed the most helpful non-profit podcast you have ever heard. You can also join the conversation on facebook, where you can ask questions before or after the show. The guests were there, too. Get insider show alerts by email, tony tells you who’s on each week and always includes link so that you can contact guest directly. To sign up, visit the facebook page for tony martignetti dot com. I’m jonah helper, author of date your donors. And you’re listening to tony martignetti non-profit radio. Big non-profit ideas for the other ninety five percent. Oppcoll Joshua read another 1 please. The next one encrypt transmission of cardholder data across your open public networks. So if you are a larger non-profit working, you know, with the main central office, you want to make sure that any of the cardholder data that you are sending is encrypted, you know, meaning you’re using. No, sorry. What of encryption protocols are in place? Couldn’t find the words are okay. All right, so you need to know. You need yes. You need some kind of expertise to know that you’re encryption. Protocol is correct. Yep. Okay. And that includes obviously working with your particular vendor that’s processing your cards for you that the system that they’re using is goingto also encrypt the data for you. Okay, that was a two way street that they’re encrypting also. All right, what else we got? Joshua let’s. Go ahead. You would protect all systems and gets malware and regularly update antivirus software program. So that mcafee system that it’s always bugging you in your in your bottom, right hand corner to update. You want to make sure that you’re continually keeping up to date with those. Oh, and updating to the latest software, especially with your your your donor management system software as well. So any bugs could be worked out routinely and kept up to date on this. Okay, okay, that was that was malware was an anti virus that is now wearing it tomorrow. You want to make sure they’re europe today and that that that system wide, teo. Obviously, a lot of you know, large organizations have hundreds of computers that are using that network. So you have to make sure that every single device that’s accessing your network is secure and updated on a regular basis. Okay. Okay, tracy want teo, don’t you give us a couple all right, number six, develop and maintain secure systems and applications. S o that’s just basically saying, you know, there are tons of vulnerabilities out there to your security system, and the landscape is constantly changing, so you need to make sure they hear up to date with, you know, vendor provided security patch is kind of like what josh was mentioning with your dahna management system that you’re keeping it up today if there’s any updates that come out with that on dh, that all systems have software patches and are just, you know, you’re managing and maintaining them on an annual basis. Okay, this sounds like another one. That is a pretty common sense. You should be doing this anyway. Yeah, irrespective of your this storage or not, of your credit of credit card data. In-kind yeah, big cognizant of who has access to that. Data in your in your office as well. Okay. Okay. Area right. And what machines it’s on? Yes. All right. All right. S o the number seven is restrict access to cardinal data by business. Need to know s o that just basically means that the people within your organization that have access to cardholder data is limited. And then it’s on ly the people that really need to know what that data is. Eso you just, you know, you want to have someone who’s, the authorized person to take care of of those transactions and that it isn’t open to just anyone, you know, accessing that information. And you really should just generally have a deny all setting for things like processing cards, denial, setting. What does that mean? It just means that that for the baseline, no one has access to it. But that there is, you know, one or there are one or two people that do so the default thie developed is no one touches him. And then we work up from there. Correct? Okay. Okay. Yeah, yeah. I mean, this should be in the hands of you’re donor-centric gift processing department. Wherever that is, someone on the development team, right? But, you know, like the director of development and the vice president for institutional advancement, do they need to know credit card numbers? Not necessarily not know. Yeah, probono depending on the size of your organization. That’s true, that could be the gift processors. Yeah, director development could be the gift processor. It’s alright, but yet fair. Okay, let’s. Give joshua shot hyre let’s. See, i identify and authenticate access to system components. So it’s really important. Tio this hyre goes back in and ties in some of the other, the last two. You wantto uniquely hold everybody accountable for their actions. So the people who do have access, who are processing the cards, you have a system set in place where they have the checks and balances needed to hyre go through the crucial data and systems that can be traced back to them. So a lot of the love, the systems that that are in place, you can you contract who actually process that credit card to access that person’s record because just record in their dinner, we should be able to track treyz back all all transactions and viewings and things like that all right? Yeah. Okay. Is that standard in in aa cms zsystems? Absolutely. Yes. You just have to make sure, obviously, that when you set it up for your organization that you make sure that each person has their own unique logging. So, like, for example, some limes, it’s like admin doc development that’s not really going to be effective and tracking before people could be twelve people. Exactly. Disaster. If it’s more than one. The chicken finger point yet. So all right. You right. You have to have unique log. Yeah. E-giving each person their own unique identification. Okay, report. All right, go ahead. Who’s. Next restrict physical access to cardholder data, which is ah, tracy is a really good example of this. When she used to work for a nonprofit, she is really embarrassing. Way won’t name the non-profit, but she probably could tell the story better, but i attended this organization’s fund-raising ah, year before i started working for them. And they tried to kind of daisy chain a system together to be able teo capture credit card information. A check in it failed them on of that night and their internet dropped and they couldn’t collect card holder information to process card payments for purchases. Made it the event. So they walked around with donation cards and just had people hand right in all of their credit card information on these donations. Pompel pretty common practice, you know, non usual, however, start working for the organization years down the road. I’m going through some old files and what i find all of the donation forms with everyone’s. Credit card information from that event, which was three years previous was laying in an old just laying in an old file disaster. God, numbers, addresses everything. Expiration date, everything. Security codes. Exactly what you don’t want to have happen. So i you know her. I can attest that. You know, this kind of information needs to be out there in the nonprofit world. And organizations really should be considering following the pc. I guidelines. You should be just doing it. Yes. Okay. What a fine. Oh, my god. I got a chill. I don’t think it’s the air conditioning today afternoon, the air conditioning came on. I would say maybe was the air conditioning. But today is it’s not blasting? Yeah, that’s. That’s really is chilling it. Is what did you do? I immediately started all of it. Yes, absolutely. I think they had a burn party, fire bond fire departments to be on call. And what about now? Did you bring it to the attention of of management? They’re absolutely yes, yes, that changed their yes behavior. Yes, definitely. You know, a lot of things. A lot of things have changed since then. It was just, you know, it was an oversight on someone’s part along the way, and it just kind of got for gotten and in the shuffle. And, you know, it was just one of those things that happened, and you just have to it does have to, you know, really you don’t you want to minimize the risks of exposure to that kind of problem within your organization. Let’s, move on. Go ahead, joshua. You want to track and monitor all access to network resource is and that called cardholder data. So if it is, if you if you are storing the physical copies of the last four digits of the number with everything else blacked out or anything you want, teo have that restricted access in a locked filing cabinet with one person having the key and you want to know who has it as well? Okay, excellent locked access, one person, one person. Qi is pretty common sense. Pretty simple, but, uh, they’re easy to spell out and miss one of these. Yeah. Okay. Now what if that person ah, is sick for a day? You know, should narrow. Shouldn’t be some redundancy. Like we have multiple people who consign checks should there be a second key holder so that if a person is out for a day, we need to access that? Yeah. You know, we definitely encourage that you don’t want to give all of the keys to the kingdom toe one person. There shouldn’t be one individual person that’s accountable for all of that. That data and access to that data so definitely should be more than one person that that’s that’s managing. But they’re still has to be controlled, like, maybe have to sign in cracked, you know which, which is an honor system. Okay? Or or maybe now, don’t we use this to, um where this where this data is stored in this physical location, maybe there should be a camera focused on that spot. Just like we have cameras that focused on the desk where the cash gets counted. Right? Ok, so that would be a method of determining who’s been in there. Okay, go ahead. Um, did you just do ten? Ok, alright, eleven regularly test security systems and processes test. Okay, how do we do this? So, obviously you know what? You know when you wanna have a security policy in place, but if you don’t test it to make sure it’s goingto work it’s not going to work s so there could be a potential gap somewhere along the way that you missed on dh the only way they’re going to find out that it was mrs by testing. All right. So what are we testing? We’re pretending there was a brief if you have that camera set up, are you actually actively looking at the camera? Occasionally. Are you testing? Were you testing your checks and balances? Right? Orders the video get get re recorded over every twelve hours. Exactly north. Maybe. You know, maybe seventy two hours is okay. I don’t know how long it may be. Should be a week. I don’t know, but yeah, if it’s too. Short, the video is worthless. What else? What else? I mean, how do you how do you run these tests? What do you what? You’re testing s o i mean, you want to test all of your, you know, excuse me, all of your software components, those need to be tested on a regular basis on dh that i’m that your network is continuing to be secure, that you’re updating and changing passwords to be able to access your network on you know, this is a this is ah, one of the areas of the pc i that’s kind of it it’s definitely the most important because lots of people don’t conduct those scans. I’m but it’s frequently overlook. Okay, how many do we have left on? I was eleven or twelve. Alright, maintain a policy that addresses information security for all personnel. Gotta have a policy, right? Absolutely information. Security name just took off a couple of things and then we got to wrap up. That should be in your policy. Yeah. So you want to make sure that you have ah, usage policy for technology. So if you’re giving access to computers to your users, you want to make sure that, you know, you have things in place to ensure password security. So you want to have restrictions on what passwords can be? How many characters it has to be on let’s. Joshua would give the last word another tickle. Fight him on this number twelve. And this needs to be policy. Yeah. This needs to be incurred grunts with your privacy policy that that that you display with your donors as well like that, they know that you’re being good stewards of their data. Okay? Data as well as biographical and all the other demographic info that you have on them. Absolutely. Okay, we gotta wrap it up there. That’s ah, tracy lords, community marketing manager for greater giving. And joshua alan is an engineer. Solutions lucien’s engineer that’s also a greater e-giving. Okay, tracy. Joshua. Thank you very much. Thank you. Tony martignetti non-profit radio coverage of sixteen ntcdinosaur profit technology conference. Thank you for being with us next week. A new accounting rule that you need to know. Do not roll your eyes. We will make it interesting. I will. I guarantee it. This is going to be with the huge tomb who’s been on. The show before. If you missed any part of today’s show, i beseech you, find it on tony martignetti dot com, responsive by pursuing online tools for small and midsize non-profits data driven and technology enable pursuant dot com, and by we be spelling supercool spelling bee fundraisers. We b e spelling dot com. Our creative producer is claire meyerhoff. Sam liebowitz is the line producer. Gavin dollars are am and fm outreach director shows. Social media is by the excellent susan chavez, and this cool music is by scott stein. Be with me next week for non-profit radio. Big non-profit ideas for the other ninety five percent. Go out and be great. What’s not to love about non-profit radio tony gets the best guests check this out from seth godin this’s the first revolution since tv nineteen fifty and henry ford nineteen twenty it’s the revolution of our lifetime here’s a smart, simple idea from craigslist founder craig newmark insights orn presentation or anything? People don’t really need the fancy stuff they need something which is simple and fast. When’s the best time to post on facebook facebook’s andrew noise nose at traffic is at an all time hyre on nine a m or eight pm so that’s, when you should be posting your most meaningful post here’s aria finger ceo of do something dot or ge young people are not going to be involved in social change if it’s boring and they don’t see the impact of what they’re doing. So you got to make it fun applicable to these young people look so otherwise a fifteen and sixteen year old they have better things to do if they have xbox, they have tv, they have their cell phones. Me dar is the founder of idealist took two or three years for foundation staff to sort of dane toe add an email address card. It was like it was phone. This email thing is right and that’s why should i give it away? Charles best founded donors choose dot or ge. Somehow they’ve gotten in touch kind of off line as it were on dh and no two exchanges of brownies and visits and physical gift. Mark echo is the founder and ceo of eco enterprises. You may be wearing his hoodies and shirts. Tony talked to him. Yeah, you know, i just i’m a big believer that’s not what you make in life. It sze, you know, tell you make people feel this is public radio host majora carter. Innovation is in the power of understanding that you don’t just do it. You put money on a situation expected to hell. You put money in a situation and invested and expected to grow and savvy advice for success from eric sacristan. What separates those who achieve from those who do not is in direct proportion to one’s ability to ask others for help. The smartest experts and leading thinkers air on tony martignetti non-profit radio big non-profit ideas for the other ninety five.