Freeing Monthly Donor Hostages: Survey Results

May 31, 2018 Roger Craver

In Can Your Monthly Donors Be Held Hostage? we alerted readers that many organizations attempting to switch CRMs or payment processors—or both—are shocked and surprised when the vendor they want to leave refuses to transfer their monthly donors’ credit card or other payment data to the new vendor. Data hostage-taking!

We ran an Agitator Survey to get a more detailed picture of just what nonprofits are running into.

NOW…the results are in.

Quite frankly, I’m shocked by the number of nonprofits that are negatively affected and the number that have had to take “No!” for an answer. Among those who choose to fight the hostage-takers and their deceptive tactics or simply walk away suffered losses ranging from 50% of their monthly donors to those who kept most of their monthly donors –but only by going through the slow process of running two systems at the same time.

I was equally disturbed by how little some organizations understand about their data contracts and their rights. In fact, there seems to be no ‘best practice’ of who–if anyone– in a nonprofit should be in charge of understanding and monitoring these vendor agreements.

If you care about the retention of monthly your monthly donors you’ll want to read and share the results of this Survey.

Who Responded?

As of this morning 98 organizations have responded. 93 of those organization have an annual income from monthly giving programs ranging from more than $500,000 (14 %) to less than $10,000 (40%) with the remaining 46% posting annual sustainer income ranging from between $10,000 to $100,000 a year. 5 of the 98 respondents currently don’t have monthly giving programs, but are planning to start one in the next year.

Where are monthly donor records and credit card information are stored and maintained?

47%–As part of the Constituent Relationship Management (CRM) system [For example, Raisers Edge, Bloomerang, DonorPerfect, Little Green Light, Neon, ROI Solutions, Luminate, Team Approach or similar systems.]
42%–On a separate system maintained by a company that processes our credit cards for monthly giving. [For example, payment processors like Blackbaud Merchant Services, Fairway/Sage/Paya, Payment Solutions Inc., Pay Pal, Vantiv/Worldpay, Authorize.net, First Data, Aring Habits, EFT Corp or similar companies.]
11%–On its own system—separate from either the CRM or payment processing company.

So far, pretty straight forward. But here’s where the story gets interesting –and somewhat scary.

What are your rights? Who’s in charge?

When asked, “Does your organization contract with the CRM or Payment Processor specifically permit you to transfer/move your records to another system(s) at any time you choose to do so?” there’s a frightening/dangerous absence of knowledge.

Only 25% of the respondents knew specifically whether transfer was permitted. ( 14% ‘yes’; 11.2% ‘No’)
A whopping 36% were “Not Sure”.
A total of 18% had never read the agreements with either their CRM or payment processor.
7%reported “I don’t deal with the issue. And only 10% could identify the person/position in their organization responsible for understanding and dealing with this issue.

A couple of observations on this question. Because so many payment processing and CRM contracts are quite detailed and sometimes obtuse we suspect that many of the “No”s to the transfer question were probably based more on the specific absence of clear information. I’ve never seen an actual contract that says, “WE WILL (or WILL NOT) PERMIT THE MOVE/TRANSFER OF RECORDS TO AN OTHER SYSTEM.”

In short, I think it’s safe to assume that most folks either haven’t carefully read the contracts or, more likely, are simply relying on the information they were given by others in the organization, if they ever asked the transfer question.

What was clear –disturbingly so- is that only 10% of the respondents could identify the person or position in their organization in charge of this issue. The answers in the Survey are seemingly random and range from “office manager” to “bookkeeper” to “database analyst.” Should these folks really be handling such fundamental legal and fundraising issues?

Finally, on the question of transparency, it’s clear neither the CRMs nor the payment processors are apparently shedding any helpful light on this issue. Only 2 of the respondents reported that their vendors clearly explained the transfer issue when the organization signed up for their services.

What to do?

So what do organizations experience when they try to move their credit card and monthly giving records to new CRMs or payment processors? How much resistance and what form does it take?

Here’s the disturbing summary of what organizations encountered and how they finally ‘solved’ the problem with an old vendor reluctant to transfer data to a new vendor:

52% of the respondents have never attempted to move their data.
5% weren’t sure if their organization had ever tried
BUT…. 31.2% had tried andmet with resistance from the old vendor.

So…what happens when an organization runs into resistance? How did they solve the problem?

4% of the respondents never solved the problem.
5% solved it by “persistently badgering the vendor”.
1% hired lawyers to solve it.
9% solved it only by changing vendors and then individually contacting each donor to ask for their credit card or EFT information and then placing them on a new system.

You don’t have to be a monthly giving genius to know that when you have to contact each donor individually and ask them anew for their payment information and commitment that you’re gonna lose a boatload of donors. Unless…. you make an extraordinary effort.

Here’s the workaround used by one very committed respondent: “Changed vendors, maintained the old vendor to process the old payments and over the course of two years transferred over the donors as their cards expired or as we asked them to increase gifts. Had a higher cost but felt it was worth and lost very few donors this way.

Excuses. Excuses. And More Excuses.

Frankly, the hostage -taking process on the part of some vendors is a lot worse than I thought. I realize that any business is reluctant to lose a client; particularly the easy revenue that comes from payment processing. But still…

While I sure don’t object to vendors being well paid, I sure as hell object when they resort to lies and deceit to protect their pot of gold for as long as they can drag out the process. Shame on them.

Here’s a verbatim sampling of excuses, nonsense and tech-speak bullshit that respondents encountered from some vendors when they requested their monthly giving data be transferred. I’ve taken the liberty of noting why the vendor’s answer is pure nonsense.

“They claimed “Privacy” and wouldn’t elaborate but that their policy and promise to the people whose credit card information they had prevented them from discussing with us.”[ False.The data belongs to the nonprofit. Nothing prevents the vendor from discussing data issues.]

“For security reasons and to comply with PCI standards, their system is not designed to give raw credit card details” [First, you should not be dealing with any vendor that is not PCI compliant. Assuming they are compliant, all they have to do is transfer the data to another PCI compliant vendor. They’re lying.]

They will make the transfer if we indemnify them and pay for the data processing time to transfer the records. Estimated cost: $500,000 [ This is what’s known as “extortion” Shocking, to say the least , and not part of any standard industry practice outside of organized crime.]

“For reasons of PCI compliance they could not release the credit card information to us or our new vendor.” [PCI compliant data should not be released to the nonprofit, but can and should be transferred an another PCI compliant vendor.

“When we switched from[name withheld—(for now])to another online provider, they gave us a ton of run-around and made the process extremely difficult. It took hours of staff time and resources to migrate the data”. [ This is a pathetic practice that losing CRM vendors employ to punish clients who leave, while dragging out to process to bring in additional revenue. ]

And I could go on and on. What is clear from the responses is that there are indeed some bad actors out there . Their practices of deceit, delay and denial suck. They deserve to be exposed. We are in the process of compiling information, interviewing CRMs and payment processors and will publish a Guide to Data Hostage-Taking when our research is complete. Hopefully, with that information readers will be able to tell the good/responsive from the unresponsive/bad and deceptive vendors.

If you have any experiences you’d like to share confidentially please email me personally (Roger@theagitator.net) and I’ll be back in touch.

Meanwhile, don’t let the vendor you plan to leave hide behind tech-speak gibberish like “PCI-DSS regulations”…”data privacy”…or other inaccurate or confusing excuses.

Your donor data, belongs to you. The only legitimate concern of the old vendor should be that the place to which they’re moving your data is also a PCI-compliant vendor.

Roger

P.S. For Agtiator readers whose organizations’ data fall under the European Union’s General Data Protection Regulation ( GDRP ) have have the absolute right to control its own donor data. But remember, as Ilja De Coster, Fundraising Data Strategist at DonorVoice note, the GDPR is only a tool for protection. And that protection only counts when the nonprofit claims its rights.

Feedback

15 responses to “Freeing Monthly Donor Hostages: Survey Results”

Jay Love says:

May 31, 2018 at 9:02 am

Roger, thanks for shedding light on this subject! What is going on in the murky back rooms of some payment processing firms is dreadful.

Don’t forget about the past situations where payment funds were mixed with other funds before being paid out. Thankfully, PCI compliance has addressed those.

It will change, just like phone numbers that used to be kept hostage by certain phone companies…

Keep digging partner!
Clint O'Brien says:

May 31, 2018 at 9:28 am

Roger, you are truly living up to the name of your blog — The Agitator. Kudos to you for agitating about this outrageous practice. We have had more than a few our new Engaging Networks clients — fresh from choosing us as their next online fundraising platform — encounter resistance and obfuscation when they asked their payment gateway to help them migrate their recurring donor data over to one of the 13 payment gateways that Engaging Networks supports. Admittedly the process can be complicated, but it is made more arduous (and it’s a nasty surprise) when the payment gateway refuses to assist the nonprofit. The advice in your piece seems pretty good, especially the suggestion that nonprofits should insist on clear language, up front in their contract with the payment gateway, explicitly confirming that the nonprofit (not the gateway) owns the donor payment data, and the gateway must assist (at a reasonable cost “not to exceed $X”) the organization to migrate their recurring donor tokens whenever the organization wishes to depart. As for “complying with PCI rules,” that is required, but not so difficult, and certainly not a reasonable excuse for a payment processor to refuse to help a departing customer to depart. Keep up the good work!
Vernell Grissom says:

May 31, 2018 at 10:49 am

I don’t think the subject of data transfer with payment processors came up when our organization decided to change systems but we did experience the hostage taking of our data which has resulted in substantial income loss regarding our Sustainer program. Finger pointing, blame and pure astonishment that this could happen. The result: having to reach out to the donors for their information. We are still dealing with reconstructing our program-substantial loss of income.
Michelle Shefter says:

May 31, 2018 at 10:58 am

Roger, I love love love that you are tackling this! When I started focusing on product functionality to optimize payment processing for sustainer giving 8 years ago, I truly didn’t believe I’d see a day when a nonprofit would be successful in getting their card data transferred. But, now we’ve got organizations doing it on a regular basis when they migrate to a new set of tools.

In addition to helping folks understand that it’s possible, I hope you’ll provide some guidance on things to do to help increase retention rate after a move!!
Jeff Regen says:

May 31, 2018 at 11:40 am

Roger, thanks so much for tackling this! The donor data hostage taking really is outrageous. At WETA, we *eventually* got our cc tokens out of our old eCRM and payment processor and into Engaging Networks and Vantiv. However, the process literally took a couple years and didn’t happen until we made legal threats. It was extremely painful.
Dan Ruth says:

May 31, 2018 at 12:35 pm

I have been through this issue with two different nonprofits, with similar frustration.

But unless I understand incorrectly, I think you shortchanged the PCI Compliance issue a little too much.

My understanding is that PCI Compliance really is core to this issue. For security & PCI complaince, many payment processors DON’T ACTUALLY STORE CREDIT CARD NUMBERS (or bank accounts). Instead, they store a long, “salted” hash that simply communicates an authorization for a charge.

This hash can’t be transferred (or stolen), because it breaks the authorization process. They literally don’t have the credit card numbers to transfer.

But like I said, I could be wrong about that.
Roger Craver says:

May 31, 2018 at 1:30 pm

Dan,

PCI compliance is a complex and sometimes ambiguous issue. What is NOT ambiguous is that the credit card companies (the actual ‘owners’ of the data) support the transfer of data between PCI Compliant processors. And generally, that’s the way the process works in most cases.

So far, in my reporting, the resistance and foot-dragging –masked in tech-speak gibberish invoking PCI–is usually aimed at protecting the incumbent vendor’s revenue stream.

When we prepare the “Guide” we’ll cover all this in more detail.

Roger
Dan Ruth says:

May 31, 2018 at 1:58 pm

Thanks for the clarification, Roger!
Dalton Fuqua says:

May 31, 2018 at 4:30 pm

Thank you for exposing the dark underbelly of these processing firms and alerting non-profits to this often unforeseen pitfall of conversion. The greatest tragedy is how the loss of revenue will impact the people who rely on the charities and advocacy groups that are being taken advantage of by these firms. Onward!
Nicole Roberts says:

June 1, 2018 at 12:46 pm

I heartily second and third the other thank yous! We only just recently went through this process, and it only involved about a fifth of our Sustainers (our online donors, not those stored in house – I was one of the respondents), and it made me dread the day when we want to leave our current internal CRM. This piece already makes me feel better about asserting our data rights and less reluctant to consider switching to a newer, better, cheaper CRM. Can’t wait for the guide! Also, I’m happy to name names. >:-(
Anne Ibach says:

June 4, 2018 at 3:32 pm

Roger; Thanks for the update. I answered the survey and it was incredibly timely as we’re going through this process right now and were told by our existing vendor that they couldn’t provide our data to our new processor because of PCI issues. We knew that was hooey. (Two PCI compliant vendors should be able to figure this out!!!)

We’re very persistent people and knew it was imperative that we make this work.

Since the survey, we’ve connected attorneys at our org and our current processor, and are working out a way to make this happen.

Things to know to make this process easier:

*Make sure your contract with your processor specifies what will happen in the event that you want your data.
*Also make sure the contract specifies the fees for such a transfer.
*Make sure your privacy policies account for how you handle this type of data.

With nearly $400k in Sustainer charge revenue per month (57% of our Sustainers are on EFT!!!), not getting our data was NOT an option.

Don’t take “no” for an answer!
Harvey McKinnon says:

June 6, 2018 at 2:28 pm

Thanks you Roger, I can’t tell you how mad this makes me. The vendors are cheating charities and their donors. While you might not be able to post a list of those that are the bad actors, (though I’d love that, your lawyers might not).
But, perhaps a list of vendors who make it easy would be helpful to your readers. Thanks again for this stellar work.
Roger Craver says:

June 6, 2018 at 3:28 pm

Harvey,

Believe me you’re not alone with your anger. Although, you more than most understand the enormous consequences.

Lots of caring folks like you have sent us info that’s both scary in its specific description of despicable practices

We’re drawing up lists, we will name names; more importantly we’ll make recommendations for dealing with the slime balls.

This will take time, but our legal team ain’t worried. Truth is a defense.

Patiently stay tuned.

Roger
Roger Craver says:

June 6, 2018 at 3:33 pm

Anne,

And thank you for illustrating the problem. And for your persistence in seeing this through.

I hope you will feel free to confidentially share addition details as we dig into this. You can contact me at roger@theagitator.net

Here’s to sunlight and exposure.

Roger
Anne Ibach says:

June 7, 2018 at 7:28 pm

Roger;

I’ll email you once we have a better idea of how this all ends up.

Anne

Ask A Behavioral Scientist

Behavioral Science Q & A

Q: Do you have any insight on whether integrating an individual giving appeal with other comms from the charity in both appearance and messaging can uplift results? Or does the actual appeal become ‘lost’ for lack of stand-out?

Integrating an individual giving appeal with other communications from a charity can have both positive and negative effects, and the outcome largely depends on how it’s executed. Advantages of Integration Brand Consistency: Maintaining a consistent appearance and messaging across all communications can reinforce the org’s brand identity and strengthen brand recognition and trust among your […]

Read Full Answer

Q: Is there any research on response rate impact in direct mail when referring to a sustainer gift as ongoing or recurring (catching all frequencies) v. monthly or annual?

I’m not aware of any in-market tests specifically comparing recurring vs. gift frequency language. I suspect the answer might not be the same with all gift frequencies, nor with all people. It sounds like a great opportunity for you to test and find out what works for your audience. Based on the literature, here’s a couple […]

Read Full Answer

Q: A major conservation nonprofit sends me lots of mail, many of which have on the envelope “time to renew” or “2nd notice.” I find this practice deceptive, especially as I haven’t given to said organization since 1997. It must be effective or they wouldn’t do it. But is it ethical?

Based on what we know from existing data, those renewal notices can actually be pretty effective in getting people to donate. They tap into our psychology – creating a sense of urgency, reminding us of past support, and using personalization to make the message hit home. They’re playing on our natural tendencies to feel obligated […]

Read Full Answer

Q: I find it irritating when some nonprofits accept my “gift” and then ask me to cover their credit card fees separately. It feels like a practice that does nothing to help win donors and runs the risk of turning others off. Is there any data on this either way?

Interesting question. I had a quick look at the testing done on this topic. On the positive side, in all cases, over half of donors decide to cover the fee. In some cases, it goes as high as 65%. Not a negligible percentage at all. Here’s another test from iRaiser showing consistent results (see point […]

Read Full Answer

Q: What are the three most important things to consider when designing a brilliant supporter journey?

There’s just one thing to consider when designing a supporter journey: the supporter. More specifically, you need to take into account: Who the supporter is i.e. their identity, which is the reason they support this cause, and their personality, which describes the way they “see” and process the world. These will determine the kind of […]

Read Full Answer

Q: Is there any evidence that changes to the tax laws in the USA changed end of year giving behaviors? Previously, ~30% of US taxpayers filed itemized tax returns allowing them to receive a deduction for charitable giving. Tax law changed in 2017 so that now only ~10% itemize. This should mean tax year-end giving should not matter to millions of people for whom it used to matter. Is there any data evidence to support this?

I’m not an expert in this but a quick search surfaced this article on the effect of tax reforms on 2019’s charitable giving. The researchers didn’t find a reduction. Actually, they observed an “increase in charitable contributions in 2019, even with the lower tax rates and the dramatically smaller number of taxpayers who itemize their […]

Read Full Answer

The Agitator Tool Box

Ideas, applications, tools, processes, and case studies of break-through solutions in fundraising, including: