Skip to main content

PCI compliance

The Payment Card Industry Security Standards Council (PCI SSC) developed regulations to ensure credit card processing security. NationBuilder’s integrated payment processing capabilities are powered by Stripe, which has the highest level of certification attainable in the payments industry: PCI Level 1 Service Provider.

NationBuilder does not store credit card numbers on our servers. All secure payment data resides within the Stripe interface.

If your nation is using a third-party payment processor, your donors’ credit card information is securely collected on an HTTPS-secured screen and immediately retransmitted to your payment processor. Your payment processor then authorizes and charge the credit card. While we may retain the last four digits of the card and the billing address, we do not store the full card number nor the CVV code.

NationBuilder uses PCI-compliant payment processors to process credit card transactions. Third-party payment processors available meet PCI data security standards, with the exception of Authorize.net which is not PCI compliant.

Currently, NationBuilder uses SHA-256 encryption and Verisign G5.

If you’re unclear on how this feature works, please ask a question. If you would like to see changes to this feature, please submit a suggestion.