EveryAction:
- We use the program EveryAction for our online forms and donation pages. They are a Level 1 Service Provider, and certified by the Payment Card Industry (PCI) as meeting the security standards required to process credit card information securely.
- EveryAction systems do not actually “see” the credit card data. Your credit card information is passed directly to our payment processor and stored in their secure vault for one time, as well as recurring donation charges.
- A Level 1 Service Provider means that the provider processes over 300,000 transactions per year. In order to be PCI compliant, Level 1 providers must complete what is called an Annual Report on Compliance, by a Qualified Security Assessor, as well as quarterly network scans completed by an Approved Scan Vendor.
Other protocols for donor safety and security at Earthjustice:
- Staff who handle credit card data or personally identifiable information are provided with training, protocols, and equipment to ensure the secure handling of information.
- Earthjustice staff are not able to see or access full credit card numbers through EveryAction, the platform that we use for managing monthly gifts
- While we avoid storing credit card data in Earthjustice systems through our use of a PCI compliant vendor (EveryAction), we nonetheless take additional precautionary measures as an organization, such as:
- All staff at Earthjustice receive mandatory, ongoing cybersecurity training to prevent phishing and other malicious attacks
- Earthjustice employs full-time IT staff who are responsible for monitoring and maintaining our cybersecurity, and ensuring data is secured appropriately across the organization
We hope this information can provide some clarity on the steps Earthjustice is taking to protect our generous supporters! Please let us know if you have any further questions/concerns.