How to Protect Your Online Donations

Recently, an administrator at a nonprofit pleaded guilty to embezzling over $250,000 from the organization by making unauthorized purchases and payments for her personal use. One of the ways that she was able to steal this much money was by diverting donations made through the nonprofit’s online donation platform to her personal bank account. There was a breakdown in internal controls that allowed the administrator to change where the donations were deposited. 

Unfortunately, many churches who provide online giving options to their attendees have this same weakness and are at risk.  Don’t let this happen at your church.

When discussing ways to protect donor contributions at churches, we often talk about the process to pass an offering plate, count the contributions and make the deposit. However, recent studies show that physical cash will become less and less common while online giving will grow. Most churches still have great controls over collecting and counting in-person offerings, but have weak controls over online giving. This has become a new risk area for churches. 

Online Giving Is On the Rise
As a result of the COVID pandemic, churches implemented online giving as a way to make it easy to receive contributions amid lockdowns and capacity restrictions. Before the pandemic, only 56.5% of churches offered online giving. But after the pandemic, over 74% of churches offer options for digital giving. Whether in the marketplace or in church, most people are now accustomed to using apps and QR codes for financial transactions--and this includes making donations.   

According to recent studies, only 40% of churchgoers still give by cash. Online giving is increasing and will become the standard method for receiving donations. Consider these statistics:

• 65% of donors have given to their church digitally. This increases to 89% for Gen Z and 71% for Millennials.
• 49% of all church giving transactions are made with a credit card.
• Recurring donations constitute 43% of all transactions.
• Churches that accept tithing online realized an increase in overall donations by 32%.

While traditional means of giving haven’t disappeared, it’s apparent that offering digital giving options will be essential for a new generation that doesn't use cash or checks.

The Importance of Internal Controls
Most churches have good processes and controls for collecting, counting, and depositing cash and checks received each week. However, protections over digital giving are lacking and could result in an abuse similar to the nonprofit mentioned earlier.

Additionally, in many churches only one person is involved in the bookkeeping role. When one person has access to the bank account and the online giving program, it heightens the risk of fraud. 

Here are seven controls every church should implement to maintain trust and protect what is becoming the greatest method of receiving contributions.

1. Segregation of Duties: Don’t allow one person to control all aspects of the online giving process. Two or more people should be involved in setting up the account and connecting the church’s bank account. 
2. Secure Payment Processors: Work with an online vendor that complies with industry standards like PCI-DSS and has a SOC 1 Type 2 report. This ensures they have strong internal controls.
3. Regular Reconciliation: Ensure the digital giving account is reconciled regularly. Have someone not involved in the bookkeeping review the reconciliation. This can help detect any discrepancies. 
4. Access Controls: Limit access to the online giving system to authorized personnel only. Use strong passwords and change them regularly. Use Multi-Factor Authentication (MFA) for an extra layer of security. Review and update access permissions on a regular basis. 
5. Notification of Changes: Require a notification from the online vendor if there are changes to the payment processor account or bank routing information. This notification should go to one or more people not involved in the bookkeeping. This can help identify unauthorized changes.
6. Education and Training: Train your church staff and volunteers about the risks of online fraud and the importance of following internal controls.
7. Monitoring and Auditing: Regularly monitor and audit the online giving system to identify and address any potential vulnerabilities. Consider having a board member or finance committee member review bank statements and online giving reports periodically.

By implementing these strategies, churches can help safeguard against fraud, even when one individual has significant control over financial processes. As the growth of online giving continues, it will be important for churches to strengthen controls over digital giving just like physical offerings.