Flipcause Platform Security
Your peace of mind is important to us
From transaction to bank transfer, everything you do on Flipcause is secured end-to-end with industry-leading technology and professional human oversight and support for checks and balances.
Credit Card Security
Flipcause utilizes level 1 PCI compliant processing, providing best-in-class payment gateways. Credit card data is tokenized and encrypted, and never stored on Flipcause servers.
All websites receive bot traffic on a daily basis. All Flipcause forms use Google’s ReCaptcha technology to ensure the information is being entered by a human and not a bot. This protects your mailing list from spam and from fraudulent credit card charges being processed on your donation forms.
To protect against spammers and fraudulent activity, Flipcause validates all email addresses of users and supporters that enter our system in real-time. This helps preserve data integrity and accuracy for every transaction processed through your Flipcause account.
And as you would expect, all Flipcause pages and gateways are secured via SSL (Secure Socket Layer). This means all information (credit card numbers, passwords, emails) entered on a Flipcause site is encrypted and protected from interception.
Flipcause accounts are protected by our proprietary Automatic Fraud Threat Analyzer (AFTA). We built this specifically to detect and prevent the unique types of fraud targeted at nonprofits. You can learn more about protecting your nonprofit from fraud here. We use the following methods to protect your account from fraud:
- Automatic Fraud Threat Analyzer (AFTA)
- Web Application Firewall Request Filtering
- Gateway protection including Address Verification Service (AVS), CVV Validation, Risk Scoring, reCAPTCHA
- Human monitoring
Privacy & Data Security
Your data belongs to you and only you, and keeping it secure is our priority. Flipcause uses secure data centers through Amazon Web Service (AWS), which is the industry leader and standard for data security and hosting. AWS is accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Server Uptime & Security
AWS Virtual Private Cloud
Level 1 PCI Compliant
WAF and DDoS Protection
Network Level Vulnerability Scanning
24x7x365 Security Scanning and Threat Monitoring
Regular Penetration Testing
Multi-admin granular permission levels
Unusual sign-on notifications
Suspicious activity notifications
IP address and location-based restrictions for access
Flipcause Internal & Physical Security Practices
All Flipcause staff receive weekly security training that’s constantly updated to respond to the latest developments in cybersecurity and privacy. We enforce using multi-factor authentication and strong and encrypted password practices through our enterprise password manager. Flipcause employs strict and robust onboarding, offboarding, and permissions procedures for all our team members.
Our data centers maintain several layers of security, including facial recognition for controlled access, as well as keycard restrictions. Security cameras monitor all locations 24/7, and there are on-site staff members to protect against unauthorized entry. Additional security safeguards are in place to ensure only permitted technicians gain access.
Additional Controls You Can Add
While all organizations have shared needs when it comes to cybersecurity, no two organizations are exactly alike. Use Flipcause’s additional security controls to safeguard your account to help create a fraud prevention plan specific to your organization.
- Two-Factor Authentication
- Multi-admin with granular permission levels
- Unusual sign-on notifications
- IP address and location-based restrictions for access
Since our founding in 2011, Flipcause has not lost a dollar to fraud and had zero security breaches – we’ve effectively blocked all attempts.
"We selected Flipcause for the ease of use for recurring donations and creating new campaigns. The short payment cycle was another key factor. As a small NGO, we could not afford to wait 15-30 days for payouts. The support team is very responsive and easy to contact when we have an issue. They have strong security and have worked with us to facilitate international donations."
Evelind S., Treasurer
Highland Park, NJ
Customer since May 2015