Skip to main content.
A member of theCatholic Community of Manchester

Navigation: Home | Calendar | Contacts | Labyrinth | FAQ | Sitemap | Events | Donate | Links

ONLINE GIVING SECURITY INFORMATION

  1. A "VeriSign" logo at the bottom of the web page indicates that the site uses 128-bit secure browser connection to process your transactions and protect your information. By using Secure Sockets Layer (SSL) - you will be assured that all of your information you enter is encrypted. The logo will be similar to what you see here:

  2. Credit Card and bank account information is stored on separate servers (Sage "Vault") that conform to Payment Card Industry (PCI) standards. The PCI standard, upheld by Visa, MasterCard, American Express and Discover, is a mandatory global standard to ensure the protection of cardholder data. You can get more information on PCI Standards by visiting the PCI Security Standards Council website.

  3. The Online Giving servers are protected by firewalls limiting the number of open ports. Server software is kept up-to-date with the latest security patches. Electronic monitoring tools send alerts on a 24x7 basis in case of non-responsiveness, high load conditions or other indications of penetration attacks.

  4. We use redundant server architecture. These servers are equipped with hot-swappable redundant arrays of disk drives (RAID), multiple power supplies and multiple CPUs. Each server is accompanied with a stand-by server of the same configuration that can replace the server in case of a critical failure that the server level redundancy cannot recover from. The data center has backup power from generators and multiple Internet connections from different providers so that it is isolated from power failures and Internet connectivity interruption by a single vendor.

  5. Production databases run a full backup once every night that is then transferred to a separate server in the same data center. Incremental backups are then run every 15 minutes. All the information such as credit card numbers and bank account information are forwarded to, and stored in Sage Vault.

  6. Sage Vault performs two functions; secure processing of transactions behind our gateway firewall and encrypted data storage and maintenance. The vault assists merchants (church in your case) in being PCI compliant by providing a non-resident encrypted storage solution. The vault employs a Globally Unique Identifier (GUID) also known as an alias, which is stored on the merchant's server or host software to represent the encrypted data securely stored behind our firewall. Transactions are processed using the GUID, their Sage Merchant_ID and Sage M_Key.

  7. The patent pending technology used to create the vault offers a proven solution. Based on Sage Gateway XML Web services, the Sage Vault is an extension of services already in use by many merchant and application software providers. The combination of merchant services and gateway processing means truly integrated services with a single point of support contact. The vault has proven to be very beneficial to nonprofit software providers and value added resellers integrated with a payment gateway. Benefits:
    • a. Securely stores credit card data without storing encrypted data on your servers
    • b. Simplifies steps to PCI compliance
    • c. Incorporates credit card processing within your current business processes
    • d. Significantly lowers risk of data exposure
    • e. Protects confidential data from internal and external security breaches
    • f. Saves time and money by streamlining data security and reducing exposure to breach costs
    • g. Allows users to process transactions from within the host software

  8. In today's environment, security has become a primary consideration for every type of business that accepts credit and debit cards. In an effort to reduce fraud and the related costs associated with data breaches, Sage is committed to implementing processes that help ensure that cardholder data remains secure. We have endeavored to assist our customers in meeting obligations toward full data integrity and security compliance with the Payment Card Industry Data Security Standards (PCI DSS).

  9. Sage is required to report any non-compliant merchants on our portfolio to Visa & MasterCard on a quarterly basis; therefore Sage has teamed with Trustwave, an approved scanning vendor, to assist our customers with their required compliance efforts. All merchants are required to comply on an annual basis with PCI DSS and all payments applications must be PA DSS (Payment Application Data Security Standard) certified and validated. PCI compliance is mandated by the card associations, and the standard is overseen by an independent council of the five major brands. For more information, please visit www.pcisecuritystandards.org.