last updated 1/12/2021
A church administrator can enter gifts or online registration event payments on the behalf of a congregant using a paper authorization form. Congregants may call your church office or stop by in person to change their giving information, add a new gift, or make an online payment for a registration event -- but there are some things you should know.
Entering credit or debit card data on behalf of a congregant, will increase the scope of your church’s PCI responsibility.
- A form must be completed any time an online payment is added or edited.
- Any time you add or update contributions or online event payments, a confirmation email is automatically sent to the congregant.
- Authorizations taken by phone may only be for one-time gifts or payments.
It’s best to not write down any of the card numbers, but NEVER write down or store the 3- or 4-digit security code found on a credit or debit card.
If you have questions, contact Vanco’s Compliance and Risk Management Department at 1-800-675-7430 or pcisupport@pci.vancopayments.com.
Download authorization form
Follow the best practices outlined below when obtaining written authorization for transactions.
Telephone Orders
If using a credit / debit card
- The administrator should enter the credit card information directly into the system and complete the authorization form without recording the card data.
- In the signature field, enter "TO" to indicate Telephone Order.
- Be sure to record the date and the initials of the person who took the Telephone Order.
- Completed forms must be retained in a locked cabinet and kept on file for at least 3 years.
If using ACH, enter the congregant’s bank account information they provide and be sure to keep the authorization forms on file for 2 years.
In Person Orders
For credit / debit card or ACH
- The congregant must complete the authorization form.
- After entering the gift, the administrator must make all but the last four digits of the account number unreadable.
- Completed forms must be retained in a locked cabinet and kept for at least 3 years for credit / debit cards and 2 years for ACH transactions.
Additional Information
Authorizations may be retained as either paper forms or scanned images.
If you retain paper forms:
- Limit access to those individuals who require access in order to perform their job duties.
- Store them in a locked cabinet or safe.
- Mark them as confidential.
- Maintain an inventory log of forms on file.
- Use cross-cut shredding when destroying documents.
If you retain scanned images:
- Store them in encrypted, password-protected files.
- Limit access to those individuals who require access in order to perform their job duties.
- Never store credit/debit card or banking information unless it is encrypted and password protected.
- Ensure that your computers have up-to-date virus protection programs.
- Ensure that your organization’s website has a minimum of 128-bit SSL encryption.
- Never write down or share your MyVanco User ID and/or password.
- Review all Vanco reports and compare them to your bank statement to ensure transactions are being processed and deposited as expected.