Introduction

Aligned with the PCI DSS 4.0 requirements, nonprofits must enhance their cybersecurity measures, particularly by implementing Multi-Factor Authentication (MFA) across all systems handling credit card data. This shift addresses the increasing sophistication of cyberattacks and aims to bolster donor data protection. CharityEngine's Two-Factor Authentication (Multi-Factor Authentication) setup facilitates compliance with these new standards.

Benefits of Multi-Factor Authentication

Implementing Multi-Factor Authentication provides several security advantages:

1. Enhanced Security: Adds an extra layer beyond passwords, requiring a second authentication factor.

2. Protection Against Password Theft: Even if a password is compromised, unauthorized access is prevented without the second factor.

3. Mitigation of Unauthorized Access: Reduces the risk of unauthorized account access.

4. Reduced Risk of Data Breaches: Limits potential data breaches by adding an authentication layer.

5. Compliance: Meets regulatory standards like PCI DSS, GDPR, and HIPAA.

6. Remote Access Security: Ensures secure access for remote users.

Setting Up Two-Factor Authentication in CharityEngine

Configuring Organizational Settings

1. Access Authentication Settings:

   • Navigate to: Configuration App > Security > Authentication.

2. Configure Inactive User Lockout:

   • Set the number of inactive days before a user is locked out.

   • Recommendation: 30 days or less.

Setting Up User Contact Information for Multi-Factor Authentication

1. Access User Contact Record:

   • Go to: People App > Organization & People > Contact > locate user's contact record and manage

2. Add or Update Phone Number:

   • Enter the mobile number.

   • Set Type = Mobile, 'Receive SMS' = Yes and 'Preferred SMS' = Yes.

   • Click Save.

3. Note: If there is no mobile phone number on file, an email will be sent. The user will then have to enter the code that was sent for the multi-factor authentication
   

4. Add or Update Email Address:

   • Enter the email address.

   • Ensure 'Active' = Yes, 'Receive Email' = Yes, and 'Preferred' = Yes.

   • Click 'Save'.

   • 

Multi-Factor Authentication in Action

Multi-Factor authentication will trigger a text or an email every time a user logs into the account. If there is a mobile phone in the database for the account, once the user enters their username and password, a text will be sent to the user. Codes are sent immediately to the user.


                                                   

Note: A user will not be able to enter the code multiple times. If you have entered the code incorrectly, a new code will have to be sent and entered correctly for access to the system. Please ensure you are entering the code correctly, as too many tries will lock the account.

By configuring Multi-Factor Authentication in CharityEngine, nonprofits can meet the enhanced security requirements of PCI DSS 4.0, thereby safeguarding donor information and maintaining compliance.

FAQs & Additional Materials

Q: Does this follow PCI compliance guidance?
A. Yes, multi-factor verification aligns with PCI guidelines. Learn more about PCI DSS Version 4.0.1 changes in our Blog Post here: PCI 4.0: What Do Nonprofits Need to Know?

Q. What is the benefit to the Stay Logged In feature?
A. Upon entry of the user name in the login flow, a user will have an option to select the Stay Logged In check box. Users who have not enabled the "Stay Signed-In" feature will be automatically logged out after 20 minutes of inactivity. This measure helps protect the sensitive data you access. We extended the logout period based on valuable feedback from our users to provide a balance between security and convenience. Once activated, a user will receive a Welcome back! screen to quick sign back in using their credentials. Please be aware, users will still be required to complete MFA after 24 hours.

• Navigating Through CharityEngine with Left Bar Navigation
• Web Forms: Using the WYSIWYG Editor for Forms and Emails
• Overview: Acknowledgements
• Queries: What Can I Do with Queries - Locating Contacts Within X Miles
• Queries: What Can I Do with a Query: Donations Within X Days
• Queries: What Can I Do with Queries - Event Registration
• Email Blast: How to Configure a Sender Override
• Donations: Assigning a Transaction to A Sustainer, Membership, or Pledge Account
• Shopping Cart: Creating a Fulfillment Center
• Manually Entering Trusted IP Addresses
• Shopping Cart: How to Configure the Checkout Subtab
• Shopping Cart: How To Create a Shopping Cart to Sell a T-shirt
• Shopping Cart: Custom Fields and Variants for Products
• Shopping Cart: Configuring Product Inventory
• Shopping Cart: How To Create Products
• Opportunity - Moves Management: How to Automatically Create an Opportunity Using the Trigger Tool
• Web Forms: Character Limit on Text Fields
• Web Forms: How to Manage Out-of-the-Box Donation Block
• Event Registration: Assigning Multiple Payments to a Single Registration
• Queries: What Can I Do With Queries - Resend Initiatives to Contacts Who Have Not Opened Them
• Events: How to add Custom questions/Survey Questions to Event Forms
• People App: Creating a New Person Contact from an Organization Record
• Web Forms: Creating and Mapping Custom Field on a Form
• Web Forms: How to Add an Email Opt-In List
• Web Forms: How To Configure the Form Field Display
• Opportunities - Moves Management: How to Create a Simple Track for Opportunities
• Online: Constituent Portal Front End
• People App: Managing Contact Status Types and Priority
• People App: How to Easily Bulk Update Contacts (Groups, Solicitors, Activities, Opt Ins, etc.)
• Sending Email Campaigns from the Contact Listing Screen
• Web Forms: How to Add an E-Card to a Form
• Opportunity - Moves Management: Opportunities Standard Reports
• CharityEngine Best Practices for Employees and Volunteers Who Leave an Organization
• Opportunity - Moves Management: How to Link a Transaction to an Opportunity
• How to Use the Conditional Block
• Transactions App: Removing A Tribute from a Transaction
• Pledge: How to Create and Manage Pledges - A Comprehensive Guide
• Web Forms: How To Customize Out of the Box Sections and Fields
• Shipping and Handling Fee Configuration
• Contact Records: Creating Custom Field Groups and Custom Fields
• Configuration
• Web Forms: How to Create a List Sign Up Form (Contact Type Web Forms)
• API Configuration: How to Configure your WealthEngine API Key
• Data Governance: Updating Contact Records Through the Transaction or Contact Screen
• Configuration App: Regions in CharityEngine – Where to find them and how to use them
• Communication: How to Send Messages from Listing Screens
• Accounting & Finance: Leveraging General Ledger Codes vs. Funds
• Creating an Event with Free Tickets
• Configuration: User Role Permission Levels
• Contact App: How to Add (and Delete) a Solicitor to a Contact Record
• Transaction App: How to Add a Tribute to a Web Form
• How to Acknowledge Tributes and Manually Create Tribute Acknowledgements
• Contact Management: Contacts Who Are Online Now
• Tributes: How to Clean Up Tributes with Acknowledges
• Data Importing: How to Import Relationships
• Tributes: How to Clean Up Tributes without Acknowledges
• Workflow & Automation: Data Governance - Transaction Management (Duplicate Transactions)
• Contact Records: Addresses
• Web Forms: How to Assign Tags through Form Submission
• Web Forms: How to Hide Tickets on an Event Form
• How to Bypass Payment Information on a Free Event
• Developer: API - Public API Troubleshooting
• Automation & Workflow: A Basic Understanding of Triggers
• People App: Contact Emails
• Volunteers App: How to Set up and Leverage Volunteers App in CharityEngine
• Explore our CRM & Fundraising App Training Videos!
• People App: How to Add Badges to a Contact Record
• MobilePay Data Tracking & Reporting
• Allowing Organizations to Donate on Web Forms
• People App: How to Manually Validate Email Addresses
• Printing the Contact Summary Page
• Integration API for Developers
• Email Campaign: Email Blacklist Management
• Custom vs Shared Sending Domains
• People App: How to Identify and Use the Outlook & Constituent Ranking
• People App: Record Page Overview
• Data Import: How to Import Soft Credits
• Emails: Helpful Resources to Assist with Email Deliverability, Monitoring and Best Practices
• Configuration: Configuring Systemic Salutations
• Automation & Workflow: Manually Sending Year End Statements to Households
• Contact : Notes
• Contacts: My Preferences
• Browser Security Changes & Iframeing CharityEngine Donation Forms & Online Fundraising Apps
• Data Enrichment Job: How to Update Address with the Zip +4 and USPS Address Correction feature
• Contacts: Files
• Contacts - Editing Contact Record Panels
• Transaction App: Comprehensive Guide for Usage and Management of Tributes
• People App: Quick Actions
• Opportunities & Moves Management: Comprehensive Guide for Set Up, Configuration & Reporting
• Advocacy: How to create an audience for a communication initiative
• Dashboard: Navigating the Welcome Screen
• People App: How to Create and Manage Household Contact Records
• Data Governance: How to Manage Data Storage Limits
• Data Importing: How to Import Contact - Organization Data
• Data Importing: How to Import Contact - Household Data
• People App: Adding Contacts to Your Basket for Exporting
• People App: A Guide to the CharityEngine Projects Feature
• Events: Adding QR codes to Emails to Check-in & Management of Tickets
• People App: Relationships & Connections
• Web Forms: Preventing Fraudulent Activities with Security Settings & Features
• Queries: What Can I Do with Queries - Creating A Comm List including People, Households, Orgs
• People App: How to Create and Manage Organization Contact Records
• Reports & Analytics: How to Use the Constituent Density Report
• Auctions App: Creating, Managing, and Closing an Online Auction
• Online: User Center Ticket Management
• People App: How to Create and Manage People Contact Records
• Connect to Swiper for Apple Devices
• People App: How To Set Your User Preferences
• Campaigns App: Media Channel vs. Response Channel
• Outlook Connector
• People App: People, Households, & Organizations Search
• Web Forms: Creating a Donation Form (or other Web Form) - What’s Standard/Out of the Box?
• Online: Online Constituent Portal Configuration
• Automation & Workflow: An Introduction to Queries
• Email Deliverability Best Practices
• People: Creating & Adding Tags or Groups
• Events & Volunteers: Locations
• Email Campaigns & Web Forms: How to Add System/Global Tokens and Conditional Blocks
• Data Importing: Contacts & Use of Contact Matching
• Events & Volunteers: Sessions
• Events & Volunteers: Speakers
• People App: How to Create, Use and Manage Cases
• Data Governance: Best Practices for Backing Up Data
• Automation & Workflow: Merge History
• Opportunities - Moves Management: How to Set-up Solicitors and Defining Types of Solicitors
• Recycle Bin
• General: Global Search
• Configuration: Account Settings
• Contacts : Deleting Contacts in Bulk
• Contacts : Legacy vs. Compliance
• Opportunities - Moves Management: Locating and Managing Existing Opportunities
• API Query Mode
• Spam Removal: Provider Recommended Actions
• Configuration: Whitelisting IP Addresses
• Reordering Form Fields
• Peer-to-Peer: Configuring Tickets for P2P Hosted Events