Ripples of a Click — The Anatomy of a Donation

Welcome to the Click and Pledge Fundraising Command Center. Today's deep dive in the why series is well it's an urgent one because we see nonprofits every single day arguing over you know what color their donate button should be or

Or who technically owns the token.

Exactly. They get completely bogged down in these surface level details. And we need to tell you right now to stop arguing about button colors. You have to start asking the hard questions.

Right. The structural questions.

Yeah. Like where does the information actually travel? Where does that data sit? And most importantly, where does the money rest before it ever hits your organization's account?

Because if you don't know the answers to those questions, you don't actually control your infrastructure. As Click and Pledge experts, we want to walk you through the true anatomical journey of a transaction. We are following the bits and we are following the money.

I mean, let's trace that exact path. Right? Yeah. Because it's not just magic. When a donor is on your site and they click submit, what actually happens?

Well first the data goes from the browser, right? The donor's screen. Then it hits the application layer.

Which is the software vendor.

Exactly. The fundraising platform. From there it goes to the payment gateway, then to the processor, and finally it settles in the bank.

And I think it's crucial to point out that every single entity in that chain, they all take a cut.

Oh, absolutely.

There are processing costs associated with every single step of that journey. It is a highly mechanized pipeline.

It is. But the most dangerous part of that pipeline, and this is what we really need to hammer home today, is that application layer. Because the application layer controls the path.

Right. The software vendor dictates how everything flows.

Yes. And if your software vendor uses what is called an aggregation model, you have a massive, massive vulnerability.

Let's unpack that. Because I know the aggregation model is also called the payment facilitator model, and it's incredibly common.

Yeah, it's everywhere. Basically, in an aggregation model, the software vendor acts as the master merchant. So when your donor gives you money, that money doesn't go to you. It rests in the vendor's master account.

Wait, all of it?

All of it. From hundreds or thousands of different nonprofits. It's all pooled together into one giant holding tank.

So the vendor is essentially just holding your cash.

Yeah. Before it ever hits your nonprofit's bank account, it's resting with them. And I mean, they use this model because it allows for super fast onboarding. You click a few buttons and you're raising money in five minutes.

But the risk is just it's off the charts. It's like having a 100 roommates, and you all give your rent, money, and cash to one guy.

That's a great way to put it.

Like sure, it's easy on the first of the month, but what if that guy loses the cash? Or what if he just spends it?

Or what if he goes bankrupt? Which we have to talk about flip cause.

We absolutely do Because this isn't just a theoretical roommate analogy. This happened.

It did. And it is devastating. Listeners, if you want proof of why aggregation is dangerous, look at the Flip Cause bankruptcy.

It's honestly hard to even talk about without getting angry.

Yeah. Because Flip Cause was an aggregator. They held $29,000,000 of non profits money in their master account. 29,000,000.

And that was money donated to feed hungry people. Right. Yeah. To shelter animals, to run critical community programs.

Exactly. But because Flipcause held it in their Maestro account because of that aggregation model, they had control over it. And they used those nonprofit funds for their own corporate operations.

Unbelievable.

They used it for executive payouts. And when the company went bankrupt, that money just vanished. It was gone.

They literally robbed charities, and by extension, they robbed the communities relying on those charities.

And it was entirely legal within the structure of an aggregated bankruptcy because the nonprofits didn't hold the funds, the vendor did.

We are gonna put the links detailing this bankruptcy right in the show notes. Yeah. You need to search this yourself, read about it, and understand what is at stake.

It's mandatory reading for anyone running a nonprofit Because you have to contrast that nightmare with the alternative, and the alternative is having your own dedicated merchant account.

Which is exactly how we do it at Click and Pledge.

Precisely. We refuse to use an aggregation model. At Click and Pledge, the money never touches our layer. Period.

Never. We don't want to hold your money.

We don't. For example, Click and Pledge uses Stripe as our gateway. When a transaction happens, Stripe processes it and deposits the money directly into the nonprofit's bank account.

So the money just completely bypasses us?

Yes. We provide the software, we provide the secure forms, but we never hold your money. It flows straight to you. You own the pipeline.

Which means, if something catastrophic were to happen to a software vendor in a dedicated model, your funds are completely safe. Yeah. Cause they're already in your bank.

Exactly, you are completely insulated from that systemic risk.

So that secures the money, right? That solves the financial resting place. But let's shift gears, because we need to follow the bits now.

The data.

Right, the data. Because even if the money bypasses the application layer and goes straight to your bank, the application vendor is still holding the donor's identity. They hold the data at rest.

Names, addresses, email, donation history. It's a gold mine for hackers.

So we have to ask you, the listener, are you absolutely sure that data at rest is secure?

Because you can't just trust a vendor's word on this.

No, just trust us is not a valid cybersecurity strategy. What happens if that data is compromised?

It's a disaster and you know a lot of software platforms will try to deflect this. They'll say, don't worry, we use Stripe so everything is secure.

Right, the third party deflection.

Yes, But relying on someone else processing your money like Stripe or any other gateway, that does not ensure your data at the application layer is safe.

Because Stripe is only securing the credit card number. Right? They're encrypting the financial transmission.

Exactly. Stripe is doing their job perfectly, but they aren't protecting the software vendors' interim database where all that personal identifiable information lives.

So if a hacker gets into the software vendors' servers, they're not stealing credit cards. They're stealing complete human identities.

Yes. Which is why application vendors must have native security audits. You cannot pass that responsibility to a gateway.

So what exactly should a nonprofit demand to see?

You must demand native PCI compliance and a SOC two Type two audit. That's spelled SOC two Type two.

Pronounced SOC two Type two. And that is a brutal audit process, isn't it?

It is exhausting. It isn't just a checklist. An independent security firm actively monitors your company for months. They verify exactly how data is handled, who has access to it, and how it is encrypted at rest.

Because you have to trust independent auditors, not a marketing team.

Exactly. Just to frame the scale of what real security actually costs at Click and Pledge, we spend about $300,000 a year on independent security audits and third party monitoring.

$300,000? Yeah? Every single year.

Yes. Because that is what it takes to actually secure data at rest. You cannot fake it. If your vendor doesn't have an independent SOC two type two audit, your donor data is at risk. It is that simple.

It really is black and white. If they won't show you the audit, they don't have the security.

And, you know, before we wrap up this deep dive, I wanna leave the listener with a thought. We've talked a lot about organization risk today. Bankruptcies, frozen accounts, audits, but put yourself in the shoes of the donor for a second.

Okay.

You make a $50 donation to a cause you believe in, and then a few months later, your identity gets stolen because the nonprofit decided to use an aggregator with weak security.

Oh wow. Yeah.

Who do you blame? Are you going to go hunt down the terms of service to find out which software vendor failed?

Definitely not. I'm blaming the charity. I trusted the charity with my information and they handed it to an insecure vendor.

Exactly. The reputational damage falls entirely on the non profit. If you lose your donor's trust, you lose your mission. Period.

That is uncompromising, but it is absolutely the truth. Security isn't just an IT problem, it is the foundation of your entire organization.

It really is.

Well that is all the time we have for today's deep dive. We hope this gave you a whole new perspective on your infrastructure. If you are ready to get off the aggregator rails, secure your data, and own your pipeline, visit clickandpledge.com for a demo.

And don't forget to subscribe to the Fundraising Command Center for more insights.

Keep asking those hard questions everyone, we will see you next time.