Pushpay Security Overview for Pastors

One of your primary missions as a pastor is to foster an environment in which your congregation feels safe to grow in their faith and align their lives to the teachings of Jesus. If members of your congregation feel as if they can’t ask questions or explore complex topics, they’re unlikely to invest deeper into their faith. Therefore, it’s up to the church leaders to assure their congregation that their questions, struggles, and doubts are welcome and nothing to be ashamed of.

The same principle holds true for introducing online giving or a new giving partner to your congregation. Or, you may be skeptical of partnering with a new online giving system or church management software, and that’s a good thing because it means you’re taking your responsibilities as a leader seriously.

And, to be fair, it’s a scary world out there. The news is filled with stories about cybersecurity threats, hacking, phishing scams, and data breaches. Even as our reliance on cash declines, it’s understandable that some people may be hesitant to share their personal information and bank account numbers with a third-party software company.

As the shepherd of your flock, it’s your responsibility to protect your congregation from outside threats – and in our digital age, that calling applies to cybersecurity. With Pushpay, you can rest assured that we’re protecting your congregation’s personal information with robust security measures designed with confidentiality, reliability, and integrity in mind.

Pushpay Security Overview: How We Protect Your Data

Employee Training

Let’s start with the basics: Every one of our employees – from the CEO to members of our sales team – must complete a security awareness training course when they’re hired and every year after that. Also, throughout the year, our IT/Security Team provides additional training via company-wide sessions, team-specific seminars, and email updates.

A Dedicated Team

We also employ a dedicated team of privacy and information security professionals. Our Information Security and Engineering teams work closely together to exchange ideas and best practices to ensure our services remain secure. Before being rolled out to the public, security reviews are performed on changes and new features. No changes are released to production until they meet our security requirements.

It’s important for every one of our employees to be security-literate to shift that burden from our church partners.

PCI-DSS Compliant

PCI-DSS Compliant Level 1 Service Provider From an information security perspective, Pushpay itself is a fully PCI-DSS Compliant Level 1 Service Provider, in addition to working with PCI-certified partners. This means Pushpay meets the highest level of security standards for the payment card industry. The PCI-DSS is a security standard created by credit card companies (like Visa, Mastercard, etc.) based on their experiences fighting off numerous security threats while securing their customer’s data. As a PCI-compliant service provider, Pushpay’s software development standards, infrastructure, and organization are audited annually by a certified external party.

Third-Party Testing

We also conduct manual penetration testing, where we hire a third-party security firm to put our systems to the test. This means we bring in outside security experts to review and test our security infrastructure manually.

Monitoring Systems

Pushpay uses a variety of monitoring systems to provide a comprehensive view of our security infrastructure and network. If there’s an alert triggered, our Site Reliability Engineering team is available to respond at any day or hour of the week.

Advanced Fraud Detection

In addition to all of these security measures, we’ve implemented an advanced fraud detection system that uses machine-learning algorithms (very smart computer programs) designed to alert our fraud investigative team of any suspicious activity occurring within any of our platforms.

Why Caring About Cybersecurity Matters

As we mentioned in the introduction, cybercrimes pose real risks in our digital world. However, you can mitigate a lot of that risk by partnering with companies that prioritize information security and data protection.

Sometimes going with the cheapest or most affordable online giving partner means sacrificing the security of your congregation. And suppose you blow your trust with your community by partnering with a company that cuts costs by skimping out on security. In that case, they’re unlikely to trust digitally giving to your church again in the unfortunate event of a data breach or fraud event.

At Pushpay, you can rest easy knowing that you’ve partnered with a company that meets high online security standards and is proactively seeking out opportunities to improve our security infrastructures.

Securing your trust is of great importance to us because when you introduce Pushpay as an online giving partner or church management software solution to your congregation, we want you to have faith in our products. Because if you have faith in us, your congregation will as well. And we want you to reap the full benefits of our products and services.

If you want to share this article with your IT team, we do have a version of this article written with a little more technical detail for them to explore.