If you don’t have an extremely solid understanding of what PCI Compliance is, and you take credit cards in any way, then I beg you to read this article in its entirety. It’ll be the best 5 minutes of your week. Now that I’ve set the expectations high, let’s get on with it...
What the serious heck is PCI Compliance and PCI DSS?PCI compliance is a phrase fairly unknown to most people, but a phrase that can send chills down the back of those familiar with e-commerce. Why? Because it can be super-scary, and I’m here to make you feel a bit better about it.PCI Compliance, or Payment Card Industry Compliance is born out of something called PCI DSS (Data Security Standards). There’s a lengthy history of PCI DSS, but I’ve summed it up for our wonderful readers with a very simple dialogue, as follows:Internet: “It’s 2006, and OMG, so many people are using credit cards to make online purchases with me!”Bad people in the world: “Wow, it’s 2006 and so many people are using their credit cards online. I can totally steal the credit card information super easily and make fraudulent purchases at places you’d never shop.”Smart techy people: “We need to form a governing body, and set some rules set in place to stop the bad people from doing bad things to people with poor taste in where they shop. Ok, let’s start PCI DSS, and it’ll be a list of things that companies must do to protect consumers from said bad people.”And then, my friends: PCI DSS was born.Should you care about PCI Compliance and PCC DSS?Yes. If you’re a business owner taking payment, then this article is meant for you. If you’re a consumer, then you should also know if a company is PCI Compliant.Why business owners should really, really care?If your transactions are hitting your server in any way, you’re liable. If there’s a breach, you can be fined from $5,000 to $500,000 per month. What Can You Do about PCI Compliance and PCC DSS?There are a few options. If you’re looking to read through hundreds of pages PCI DSS guidelines, then have at it. However, since the interwebs are filled with such glorious e-commerce platforms, they can take the heavy lifting and let you do what you're good at: selling goods and services. Many e-commerce platforms have likely invested millions to make their platforms as secure as possible. Let’s go over some basic terminology to ensure we’re cruising down the same boat.E-commerce package: This is what sells your products. This may or may not be part of your main website.Merchant's web server: Where your e-commerce is hosted. If using a package such as Shopify or the likes, this is most likely also your web server.
Payment Gateway: This is what connects the e-commerce package to the banks. Think of the payment gateway as the super gossipy kid in class that's passing notes back and forth to everyone. Settlement Bank: This is where your funds get settled (aka your bank).So someone buys a Grumpy Cat t-shirt off your site (E-commerce package), it goes through the payment gateway, your payment gateway chats with the e-commerce platform (which may or may not be part of your site) and eventually - into your bank account. Within that process, it could also hit the merchant web server. In that case, you'd be totally open for PCI DSS scrutiny. We good? Cool. Let’s go on...So instead of using an e-commerce platform *and* a payment gateway that hits your own servers, you can use a fully hosted solution (which lives on their servers - their liability). Anytime you’re evaluating anything that accepts payments, be sure you ask about this aspect in writing.“Are you 100% fully PCI Compliant?”Surprisingly, many vendors will start to dance and avoid the question. If they do this - run, don’t walk - run away. We’ve had conversations with extremely well-known form services that “leave it up to the customer to handle PCI compliance.” Some e-commerce platforms are fully compliant, and take pride (as they should) in it. For example, Shopify boasts full compliancy, however it’s also important to ensure any payment gateways they work with also claim the same. This is imperative. On the other hand, BigCommerce seems to be a bit more vague with their statement: “BigCommerce takes care of the vast majority of the steps toward PCI compliance for any customer on our platform.” (via https://www.bigcommerce.com/blog/pci-compliance/). *As a disclaimer - we don't get any kickbacks or anything from Shopify: we just really like them.If you take a look at the two links above, you’ll see a really noticeable difference: Shopify is quite straightforward about it. “Yes, Shopify is certified Level 1 PCI DSS compliant. This compliance extends to all online stores powered by Shopify,” says their site. This, compared to BigCommerce, is very different. BigCommerce’s explanation seems to go on and on, and dancing around the fact a bit.These are the red flags to look for. BigCommerce may be PCI DSS compliant, but it’s a bit difficult to tell.In general, when the payment is hosted elsewhere (say PayPal), it’s safer to know they’re compliant. However, with PayPal’s “on page” payment solution (e.g. Payflow), where the transaction is made on your site (e.g. www.myshop.com/payment) vs. (www.paypal.com), PCI compliance once again becomes a major issue.The same red flags go for anything that receives payment; online forms, event registrations, you name it. These are questions you should be asking yourself, your IT team, your app vendors (e.g. Shopify, Wufoo, etc). The best takeaways I hope you receive from this article are:- Ensure you know what PCI Compliance/ PCI DSS is.- Understand the right questions to ask.- Understand the red flags.- If red flag - then run!If you have any questions on e-commerce, we have a lovely team that’s happy to help. Just give us a shout here.You’ve worked hard building your brand, but does your brand accurately reflect who you are and what you do? Personally - I use the cocktail party litmus test. When someone asks where I work, do I cringe when saying the name? For quite awhile, the answer was a resounding “yes.”
We’re freshly rebranded - with the process top of mind.
I started SocialRaise back in 2008 as a social fundraising platform, so the name made sense. However, throughout the years we’ve taken an agency approach solving problems for clients by concentrating on digital marketing, technology development, CRM and BI.
In 2008, the name worked - in 2017, not so much. We just relaunched the company as Monday Loves You (more on that below).
What about you? When is it time for your company to rebrand?
Constituent Relationship Management (CRM) is a fancy, tech-ridden phrase that means something quite simple. It helps you organize your people and run a more-efficient organization.
It allows scenarios such as:
If one person attends a bunch of events, but doesn't give any donations, then you know to ask for donations to him differently.If someone clicks several of your emails, but doesn't come to any of your events, maybe you'll want call her with a personal invitation.Your Executive Director can log into a CRM and see a personalized dashboard of all of this week's donations versus to the same time last year.You can break down the "silos" - development, programs/services and volunteers - and better understand how an individual or family truly relates to your organization.You may want to automate your volunteer recruitment and scheduling.Or possibly manage your members better.It ties your donors, volunteers, staff, board members and constituents under one roof.
CiviCRMCiviCRM certainly has a polarizing set of pros and cons. CiviCRM is an add-on CRM that's available to organizations running their site on either Drupal or Joomla content management systems. It's community is tight-knit and there's an active forum around troubleshooting and issues. It now has a global community in 20+ languages with 15,000 users.The Pros
I love that CiviCRM is seamlessly integrated with an organization's website (assuming if they are on either Joomla and Drupal, and more recently; Wordpress). Tight integration with a CRM can be terribly time-consuming and pricing. CiviCRM is installed within a few seconds and configuration can start taking place.There are no licensing fees, so you can add users for no additional costs.Easy to customize. Since CiviCRM's code is open-source (e.g. not proprietary to the software company), it's really straightforward to customize to fit exactly how you want it to perform.Smart community of people. We've been on the Civi forums, and its members are usually quick and eager to respond and help an organization out. It's quite refreshing.The functionality, while may take a day or two learning curve, is fairly straightforward once you get the gist of things.The Cons
There's a delicious plethora of open source CRM systems out in the wild. In this article, we take a look at a few, and give some pros, cons and things to think about for each. To begin a comparison, let's start with SugarCRM, VTiger and CRMery.
First, what is open source CRM?Open source means the code (all the stuff that makes software work) is openly available for users to modify and adapt. There are quite a few of caveats that go along with this, and you can read more about that here. But, for the sake of this article, it means the code is modifiable. While a vast majority of open source CRM systems are free, open source doesn't always necessarily mean free.
Let's first take a look at SugarCRMAh, SugarCRM. It used to be the creme de la creme of open source CRM. It had a community edition that was built from talented developers all over the world, and became a viable option to Salesforce. SugarCRM has an enterprise edition as well that was hosted by Sugar with some additional functionality, however the SugarCRM Community Edition was available as open source. You could download and install it on your own server (needed an Apache setup, with the wiggly-bits of Linux, MySQL and PHP), however the process was uber-straightforward. Not exactly plug n' play, but those with a decent techie-hat could do it in 20 minutes or so.What I love about SugarCRM: Number one is its flexibility. There are some CRMs that are built with some main use-cases in mind, but doesn't necessarily adapt for organizations that need a good amount of flexibility. SugarCRM's Studio Builder is really nifty. It has a drag n' drop interface to easily customize different screens, and amazing access control to provide access for some users, but constricting other users to a tailored view.The reporting dashboards are also a huge plus. Every user can have a different view that's specifically built for him or her.The development community for SugarCRM was also extremely large with several key components offered at no-cost.Oh, and SugarCRM Community Edition is... err... was free.Which brings me to:What I don't love about SugarCRM: SugarCRM, like a dagger to my tender, wounded heart, stopped supporting its own Community Edition and reinforced its dedication to the paid, enterprise edition. This makes me weep. Why? Thousands of super-smart developers gave their time, money and energy devoted to an open source CRM project. Somewhat out of the blue, Sugar announced that it was no longer going to be around.BUT... WAIT THERE'S MORE!Another develop company bridged SugarCRM's Community Edition and is continuing to develop on it under another open source CRM project called SuiteCRM with a download here. It's great to see this project continue!
Let's take a look at VTiger.VTiger is another open source CRM application that's built from some code used in SugarCRM (I should mention, that SugarCRM *has* really provided tons of benefit to the open source world). VTiger's interface is simple, but it doesn't represent the user interface that today's 2015 users are beginning to be accustomed to (flat design, etc) so there are some basic UI improvements that can be made.But anyways... let's move on. VTiger has really cool tools that make it easy for users to opt-in for certain marketing offers, and the information becomes populated into the CRM. Sure - this is a fairly common element of any CRM, but VTiger's experience makes it a breeze.VTiger's project management feature is also well-developed and easy to use. In many systems, the CRM project management feature tends to be a bit overlooked or an afterthought. With VTiger, I feel like it's part of the forefront of their thinking (which I truly appreciate).VTiger's development community doesn't seem to be as active as what Sugar's used to be, however I think if they can make some key user interface updates to make it more current, then this system would be really beneficial to those looking for a good CRM.
Now let's look at CRMery.Many people won't recognize CRMery (and for full disclosure, we have no connection with the company besides the fact that we kinda love it). CRMery is a component to be purchased and seamlessly connected in the Joomla CMS (content managment system) backend. The good thing is that it assumes the similar look and feel as the site itself since it's sharing the same design (the same global CSS files for the techie-nerds out there). So for user adoption, this is a huge win.The design trumps the other CRMs on this list. It's clean, it's functional, and it's evident that the user experience was placed smack in the middle of the CRM design and development.The learning curve is a breeze, and it's easy to customize fields for different forms or other calls-to-action.One of the biggest cons of CRMery is the new-ness of it all. From what I gather, it's developed and supported by a small shop (I've chatted with the lead developer, and he's awesome) so there's always a risk of implementing a CRM that may eventually not be developed or supported any longer. I really hope to see this CRM grow, as it has a ton of promise.So there's 3 different open source CRMs. We're looking to do a comparison on some others. Are there any CRMs that you would like to see us compare? Any thoughts about the systems reviewed above? Please let us know in the comments below.Have a CRM Question? Contact us and we'll help.