Funraise Platform Security

As an organization, your data is one of your most valuable assets—we’re committed to helping you protect it. We prioritize the security of your data and payments through world-class infrastructure partners and independent certification processes. 

Funraise logo surrounded by interlocking rings and floating data, implying high security

PCI Compliance

Funraise is a PCI Compliant Service Provider and tokenizes all credit card information in a PCI Level 1 certified tokenization vault. Funraise is partnered with Sikich as our QSA and independent security assessor.

Data Security

Funraise is deployed to Heroku.com, a Salesforce.com company. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Additionally, all Funraise data is managed in a premium Postgres cluster with hot standby which benefits from geo-redundancy, point-in-time recovery, priority service restoration on disruptions, and automatic encryption-at-rest of all data written to disk.

Funraise employs modern ciphers and hashing algorithms for data encryption and password hashing. Communications to and from Funraise servers are encrypted by TLS 1.2+.

DDoS Mitigation

For DDoS Mitigation, Funraise is protected by AWS Shield, a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage Funraise Support to benefit from DDoS protection. 

AWS Shield defends against most common, frequently-occurring network and transport layer DDoS attacks and provides comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.

Additionally, Funraise employs a Content Delivery Network and Web Application Firewall for its front-end services to help mitigate higher protocol attacks. 

OWASP

Funraise coding guidelines are integrated with OWASP best practices. These practices are enforced through static code analysis and peer review of every change made to the Funraise codebase. Funraise also employs a dedicated QA team as well as independent security specialists that test our software for bugs and potential vulnerabilities.

Fraud

Funraise employs several internal and external protocols to mitigate the risk of online payment fraud. It should be noted that payment fraud is unrelated to the security of your data, but is within the realm of bad actors on the internet. You can learn more about payment fraud here. We utilize and enable the following interventions to mitigate fraud:

  • Anti-Fraud Machine Learning Models
  • WAF Request Filtering
  • reCAPTCHA
  • Gateway-level fraud features such as AVS, CVV Validation, and Risk Scoring
  • Human monitoring

Internal Security Policies

Funraise maintains internal security policies and guidelines and conducts annual security training with all employees. Employees are required to use multi-factor authentication for all critical systems and employ our enterprise password manager for generation and storage of secure passwords. All employees are trained to use GPG encryption tools for sensitive data. Funraise performs its own internal penetration tests in addition to PCI-mandated annual penetration audits.


Chat with us

Stay in the nonprofit loop.

Get weekly updates on tips, trends, and best practices to help power your nonprofit. #nonprofitz4lyfe

Oops! Something went wrong while submitting the form.