PCI & SOC 2: The Gap Between “Compliant” and Secure

Failed to add items

Sorry, we are unable to add the item because your shopping basket is already at capacity.

Add to cart failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Follow podcast failed

Unfollow podcast failed

PCI & SOC 2: The Gap Between “Compliant” and Secure

Listen for free

View show details

LIMITED TIME OFFER | Get 2 Months for ₹5/month

About this listen

If your donation platform says "PCI compliant," do you know what that actually means? Most nonprofits don't — and the gap between a vendor that filled out a questionnaire about itself and one that paid $200,000 for independent auditors to tear its infrastructure apart is enormous.

In this episode, we break down the two security frameworks that matter most for donor protection — PCI DSS and SOC 2 — and why having one without the other leaves half your risk uncovered. We introduce the Proof Tiers framework to help boards evaluate vendor claims, and explain why Click & Pledge maintains PCI Level 1 service provider validation alongside SOC 2 Type II certification.

The gap most nonprofits miss:

PCI DSS protects the payment transaction — the card number at the moment of donation.
SOC 2 Type II protects everything else — names, emails, giving history, the entire donor relationship.

A vendor can be "PCI compliant" and have zero controls on who exports your entire donor file. Tune in to hear the questions every board should be asking — and why "are you compliant?" isn't one of them.

No reviews yet