The time has come to redo your website! This is an exciting time - there's a lot to think about, and one of the most important questions to ask is "how can we accept donations?"
While these are fantastic platforms that take care of a lot of the complexity around payment processing and reporting, they're really built as peer-to-peer fundraising platforms - so friends and family can sponsor each other, usually at an event. There's not much control you have over your brand, or the data that's collected from your supporters.
Taking donations directly on your website gives you more control over your brand, reduces your payment fees, and gives you full control over the data you collect from your supporters.
Let's dive into the nuts and bolts!
What's all this I hear about PCI compliance?
Let's start out with the boring (but important!) stuff. If you you store or directly touch credit card information, you need to be PCI compliant.
Becoming PCI compliant is extremely tough for any organisation - probably x5 harder than becoming GDPR compliant, and very costly - you need to bring in independent auditors, change internal processes, and more.
The good news - there's a way out. It's just the organisation that processes and stores the credit card information that needs to be PCI compliant. That's shouldn't be you.
The first rule of taking donations online is - you don't need to be PCI compliant.
Important side note: if you're currently storing credit card details on a database or on paper and you're not PCI compliant, you're breaking the law. Don't do this!
Introducing: payment gateways
PCI compliance is why everyone uses payment gateways. Payment gateway companies are exactly what they sound like: "gateways" to allow you to take payments online. They take care of all of the difficult stuff around PCI compliance.
All you need to do is follow their guidelines.
Different payment gateways allow you to take donations via different channels. Want to take direct debits and one-off card payments? That's two different payment gateways.
Want to accept payments via Apple Pay and Google Pay? They may or may not be supported by your existing payment gateway.
And PayPal? Yes, that's something else again.
The goal of this post is to demystify payment gateways.
If you're like most organisations, you probably want to take payments via all of the main channels:
- Credit & debit cards
- Direct debit
- Apple Pay & Google Pay (bonus points!)
The rule of thumb with payment gateways is - one channel = one payment gateway.
If you'd like to take donations via all of these channels, then your website developers will need to write code specifically to integrate your website with one gateway for each channel.
Side note: if your website doesn't support TLS (https:// at the start), you'll need to add this, regardless if which payment gateway you use.
Alternatively, if you're using a CRM database provider, they should offer all of this out of the box, like so:
Regardless of whether you're getting your website developer to write code to build a donation flow directly into your website, or you're using a CRM provider, you'll likely still need to set up accounts with each payment gateway.
So without further ado, let's take a look at each channel!
Note: there are a lot of different payment gateways. However, there's only a few that are very widely used as standard. We'll highlight them - and also shout out to any alternatives widely used in the charity sector.
1) Credit cards
Taking online card payments is definitely the most important channel to set up first. While there are a number of more traditional gateways available, the leader here is unquestionably Stripe.
Stripe is great for nonprofits of all sizes; some of the larger organisations they work with today are Oxfam, Comic Relief, and the British Heart Foundation.
Stripe additionally support Apple Pay and Google Pay, which are great for supporters who'd like to donate via mobile devices. (We'll touch on that later in the article)
With Stripe, you can take one-off payments and regular (e.g. monthly) payments.
Fees aren't everything, but Stripe charge a reasonable 1.4% + 20p on all European cards, which decreases to ~1.2% if you apply for their nonprofit discount.
Stripe's focus is on developers. They make it straightforward for your web developer (or CRM provider) to integrate with them.
Beyond Stripe, other modern payment providers that help you take donations via credit card are:
Important note: if you've already built your Stripe integration, make sure that it's SCA compatible (new EU regulation). While SCA has been delayed until ~2020 / 2021, it's still very much in force in the EU.
2) Direct debits
In the UK and ~15 other countries, direct debits are a standard and recognised way of collecting regular payments from consumers and companies. Direct debits currently account for 31% of all donations to UK charities.
Direct debits work via a mandate principle, where a supporter of yours can set up a direct debit mandate with you, and once fully set up, you can take money automatically from their account.
Once a supporter's mandate is set up, essentially you can take whatever money you like from them.
(Side note: this is why there's a "direct debit guarantee", to ensure that you're charging someone fairly.)
Technically speaking, you don't even need to a payment gateway to process direct debits - you can do them in-house. (Account numbers and sort codes are less sensitive data than credit card numbers.) However, I would strongly discourage this, as it's not an efficient process, and there's a lot of admin to do every time you want to charge someone.
Being more country-specific, direct debits are a lot more fragmented than the credit card space. However, there is one very clearly recognised leader: GoCardless.
Again, GoCardless is a developer-focused product, that allows you to set up direct debit mandates, and "subscriptions" to automatically charge a supporter regularly.
GoCardless' pricing is slightly lower than Stripe's, at 1% + 20p per transaction.
Note: while it's technically possible to use direct debits to charge a supporter for a single payment (donation or otherwise), they're designed for regular payments.
Direct debits should only be used for regular payments, like monthly donations.
Beyond GoCardless, another popular platform for handling direct debits used by many charities in the UK is RapidData.
PayPal is a bit of an anomaly, but they're an important gateway to add support for as well.
PayPal are essentially a payment gateway for processing credit cards, but with a recognised brand that consumers recognise and trust - which can help to provide your supporters assurance that their payment details are safe.
Their pricing is slightly more expensive than the other providers, at 1.4% + 20p, after their nonprofit discount is applied.
PayPal allow you to accept one-off donations, or regular donations. In fact, one of the advantages that PayPal has over regular credit cards payments is that PayPal accounts don't usually expire - but credit cards do.
PayPal's developer platform is less developer-friendly than Stripe, but it's worth supporting regardless.
4) Apple Pay & Google Pay (bonus)
Last but not least, we have Apple Pay and Google Pay.
For the moment, I'd recommend treating these as nice to haves - ones to add once everything else works. They're great for mobile payments, as donors can make a donation in just a few taps - but they're still quite new.
Apple and Google aren't payment gateways, they've partnered with other payment gateways (including Stripe).
Apple & Google Pay are really just another way to allow payments via credit card, but your supporters don't have to enter their card details.
Tip: Apple & Google Pay aren't yet available in all countries, but they are in the UK.
You can learn more about how Stripe works with Apple Pay here.
Your developer, or a third-party
As you can see, there's quite a bit involved in taking payments online! While the providers above make it easier today to accept payments than it ever has been, it's still hard.
Side note: we haven't touched on reporting at all in this post - that's one for the future!
Many fundraising database / CRM providers (like Beacon) provide hosted donation forms out of the box - so there's zero code to write, but you can still brand & embed the forms to fit your website.
There's usually a fee associated with this, but it does mean that you save on the website development cost, which is usually substantial.
One of decisions you'll need to make when deciding to take donations is whether to write the payment integrations yourself, or to outsource this to a third party provider.
Got a question? Feel free to leave a message in the comments box below, and be sure to subscribe to our blog for future articles!