What do I need to know about security when embedding the form on my website?
Should I embed my form on a secure page?
Whether you decide to use a Donate Now button that directs to your custom donation page on CanadaHelps.org, or embed your donation form directly on your website, CanadaHelps protects your donors with the highest-level PCI-compliance, including ‘Transport Layer Security’ when using the donation form. From the perspective of your website visitors, and embedded donation form appears on your charity’s website, but in fact continues to reside on CanadaHelps.org. As a result, security level provided by CanadaHelps for the Donate Now button option and embedded form option is identical and never compromised.
If you are embedding a CanadaHelp’s donation form on your website we recommend that you do so on a secure page. Secure pages are easily identifiable by Internet users as they include HTTPS in the address field. Increasingly, Canadians check the URL for HTTPS before paying online. As a result, embedding the donation page on a secure page will ensure your more security-savvy donors have full confidence when donating on your site. There are many instructional resources available that explain how to create a secure website. For example, this overview from Google may be of assistance.
To help ensure all donors feel comfortable donating to your organization, if you embed your CanadaHelps donation form on a page on your Website which is not secure, CanadaHelps will automatically include a lock on the top right hand corner of the embedded donation form. A donor that clicks the lock will receive information confirming that the page is secure and be provided a link to the custom donation form on CanadaHelps.org should they wish to see the HTTPS URL itself.
Again, for clarity, even if you are embedding CanadaHelps donation form on the page on your website which is not secure as per the above, the CanadaHelp’s form itself IS SECURE and complies with the highest level of PCI requirements. That said, whether you embed your donation form on a secure page or not, guidelines for general protection and internet security recommend that you have appropriate safeguards in place to ensure that only trusted IT professionals and programmers can access and manage your website. Without such assurances, it is possible that a malicious programmer can insert code on your page to capture or re-direct information entered in your embedded donation form.