Steps to Avoid Calling Bullshit: #3
Remember the smell of your first new car? The excitement over your first house or apartment? And what about the anticipation over your first smart phone?
In the rush of enthusiasm over those new acquisitions I doubt if many of us were thinking, “what problems will I encounter when I want to sell or change this?”
Sadly, based on our Confidential Survey, too few nonprofits have taken a long-term view to think about –and guard against – problems that may occur when you decide to switch from that once “shiny new” CRM and Payment Processor to and “even newer, even more shiny” CRM and Payment Processor.
Instead, many organizations eventually find themselves unable to move essential data –like credit card information – on their own donors. The result? Frustration. Anger. Lost donors and revenue. (We spell it out in detail in post #1 in this series. You’ll find it here.)
Here are two simple rules and checklists that will help you avoid losing both your temper and your monthly donors.
RULE #1: Make Sure You Own Your Own Data and Can Move It.
Before you sign a new or renewal agreement with a CRM or payment processor make sure the contract –or the Service Level Agreement (SLA) appended to the contract—acknowledges that your organization owns the data, that you can transfer it, and the terms (cost, time) for that transfer.
A surprising number of nonprofits do not plan ahead and may be headed for problems. Note the significant number of who indicated they had done this upfront work:
Q1: Does your organization’s contract with the CRM or Payment Processor specifically permit you to transfer/move your records to another PCI compliant payment processor at any time you choose to do so? Here are the results:
Yes | 21.88% |
–
No |
29.03% |
–
I have never read the agreement with my CRM |
12.90% |
–
I have never read the agreement with my payment processor |
3.23% |
–
My CRM company clearly explained how this worked when we signed up as a client |
3.23% |
–
My payment processor clearly explained how we could transfer data if we ever changed processors. |
0.00% |
–
I don’t deal with this issue. |
12.90% |
–
Not Sure |
9.68% |
NOW…take a look at the number of organizations who run into problems because they didn’t follow Rule #1. |
NOW…take a look at the number of organizations who run into problems because they didn’t follow Rule #1.
Q2: Have you ever tried to move your donors’ credit card information for monthly givers and were met with resistance from either your old CRM or old payments processor?
Yes | 46.67% |
–
No |
43.33% |
–
Not Sure |
10.00% |
That’s right! Nearly 50% of the folks who tried to transfer their monthly givers’ credit card information ran into barriers erected by their CRMs or credit card processors.
Never Too Late
It’s not too late to get on top of this information (or assign someone to do it.) What you can discover and deal with now will save you hours of anguish and tons of lost donors and money when the time comes to transfer.
Here are basic checklists for reviewing your rights with your CRM and Payment Processor:
For the CRM
- Is your CRM contract or Service Level Agreement (SLA) clear that your organization owns its data?
- Does your CRM contract make clear that you can transfer your data when you wish and under what conditions? For example, how much notice do you have to give…how much time is the CRM permitted to take to effect the transfer…how much are they permitted to charge to prepare and transfer the data… and any other conditions you may contemplate.
You likely have a contract and the CRM may be reluctant to amend it. Ask them to do an addendum, or if you’re close to renewal of the agreement insist that the new agreement or SLA contains the provisions you need.
- CRMs sometimes bundle their services with the services of a Payment Processor.If so, will the CRM serve as your agent to assist you with any transfer problems involving credit card information and the Payment Processor? At what cost? And on what schedule? Some CRMs do this. Some don’t. Check your contract, and if they don’t, ask them to put it in or do an addendum to the contract. If they drag their feet, moan and groan, or give you fuzzy excuses you may be getting early warning signs of trouble down the road.
For the Payment Processor
As you probably understand from yesterday’s post, Payment Processing is a land of Gobbledygook made even more unintelligible by excessive use of abstruse technical terms, often delivered with a topping of nonsense.
There are clear industry rules for handling the transfer of donors’ credit card and other payment information that meets the standards called PCI Compliance.
You don’t have to be an expert to protect yourself in Payment Processing Land. There are only two things you need to know: 1) Credit card and other payment information can only be transferred from one “PCI Compliant” Payment Processor to another “PCI Payment Processor, and 2) it doesn’t take much time, nor should cost it cost you much.
- Is your contract or Service Level Agreement (SLA) with the Payment Processor clear that your organization owns its data, and that’s it’s subject to PCI compliance rules?
- Does your contract make clear that you can transfer your data when you wish and under what conditions? For example, how much notice do you have to give…how much time is the Payment Processor permitted to take to effect the transfer…how much are they permitted to charge to prepare and transfer the data… and any other conditions you may contemplate.
I’m sure you have a contract, but the Processor may be reluctant to amend it—and given the fine print way most of these agreements are written you may be reluctant to read it. Please do so (or ask the CFO to do it for you.) If the agreement isn’t clear, ask them to do an addendum making key point clear. Or, if you’re close to renewal of that agreement insist that the new agreement, and any SLA that goes with, it contains the provisions you want.
( The best time, of course, to raise all this in when you’re first dealing with a CRM/Processor and negotiating that first contract. If they’re no open and forthcoming on the issue of transferring data that should be the only sign you need to run for the exit.)
RULE #2: See Rule #1.
Why Bother?
I understand. The subject of “data” seems so boring, so mundane. That’s probably why this most fundamental element of all fundraising is so often overlooked in favor of things “creative”, “strategic”, “new”. But suddenly, when you discover that all the data behind those monthly givers on whom you spent so much “creative”, “strategic” and “new” investment is no longer available.
If your current CRM or Payment Processor makes it difficult or impossible to move those records, tokens and other payment information to a new CRM or Processor you’re faced with the ugly choices: hire a lawyer, waste time listening to nonsense excuses on why “this can’t be done”—or writing and calling each monthly donor to ask each one for his/her credit card information.
According to Agitator surveys and interviews with organizations caught in this trap they lose between 20% and 30% of their monthly donors.
So, please, find the time or assign someone to make sure your donors can’t be taken hostage.
Roger
P.S. And please don’t hesitate to share your experiences and questions.
[…] you own your donor data? Really??? Read Steps to Avoid Calling Bullshit: #3 (read the entire series). From The Agitator/Donor […]
Roger, your call to action is so timely and will hopefully spur much needed changes in our sector.
Bloomerang recently posted our position on this vital subject of the handling of donor data of all types. Rather than summarize here is our complete brief statement:
https://bloomerang.co/blog/dont-let-nonprofit-software-vendors-hide-behind-pci-compliance/
Don’t Let Nonprofit Software Vendors Hide Behind PCI Compliance
There’s been some excellent talk recently in the nonprofit community about how difficult it can be for some nonprofits to gain access to credit card information.
Many companies use the Payment Card Industry Data Security Standards (PCI-DSS) as a barrier to allowing organizations to make changes to how collected credit cards are processed. Considering it’s a best practice to migrate donors from one-time cash gifts to monthly giving programs, this can be a huge pain for anyone that is looking to make an improvement in any part of the processing chain.
Former public software companies I had worked for in this space charged the customer (and still do, I believe) to get a full export of data from their hosted system. From very early on, I knew we should be different, so we included a button right in our application to download all of your data – including credit card tokens. Bloomerang was founded from day one with Terms & Conditions that very clearly state YOU own your data.
Finally, this isn’t limited just to database vendors. Credit card processors/gateways/merchants can be just as greedy. Let’s say you start a monthly giving program and your processor decides to raise their processing rate. If you can’t transfer your cards from that vendor, you’re stuck with their increased pricing!
At Bloomerang, we even have you covered there. We went to extra lengths to use a third party vault so that our customers have the flexibility to redirect any or all of their recurring donations to a different payment processor if needed.
After all, they’re your donors – shouldn’t your credit card payment vendor be your choice?
Ross Hendrickson
Ross Hendrickson
Co-Founder and CEO at Bloomerang
Ross Hendrickson is a co-founder and the CEO of Bloomerang. Prior to co-founding Bloomerang, he served as Product Manager for Bostech Corporation and later Avectra. He graduated with a B.S. in Economics & Engineering Science from Vanderbilt University.
Jay,
Thanks so much for sharing this with Agitator readers. It’s a terrific example of the type of transparency that needed both where CRMs and Payment Processors are concerned.
Hopefully, readers will share this with others –including their own CRMs and Payment Processors. Only by praising the transparency of companies like Bloomerang and demanding it from others can we ultimately solve this problem.