Home

Jump to heading

Guidance

Handling cashless donations

Jump to heading

This guide is not legal advice. It is advisory, non-exhaustive and is aimed at fundraising charities, their trustees and third-party fundraisers. It may also be of interest to ‘in-aid-of' fundraising volunteers and donors to understand more about good practice in charity fundraising.

You should use this guide alongside other sources of advice, good practice and your reasonable judgement to help you meet the requirements of the Code of Fundraising Practice (the code). 

Where we say ‘you’ or ‘your’ it means a charitable institution and/or its trustees, and/or a third-party fundraiser, as applicable.

Contact the Code Advice Service with any enquiries about the code and this guide.

Introduction

This guide will help you meet the code when you are processing cashless donations. You must follow all parts of the code that apply even if they are not referred to in this guide. 

For the purposes of this guide, a cashless donation means a donation of money made without using physical banknotes or coins. Cashless donations are commonly made by credit or debit card, Direct Debits, bank transfers or other types of electronic payment. They might be accepted during a variety of fundraising methods including face-to-face, online, and at staffed or unstaffed collections, for example.  

This guide does not cover gifts in-kindPayroll Giving, or Gift Aid.

A list of top tips is provided at the end to help you in your fundraising activity. You will also find it helpful to read some of our other guides alongside this one, including ‘Documenting your fundraising decisions’ and ‘Due diligence and fundraising’

Cashless donations 

See code rules 1.1.1, 2.1.1, 4.1.1

If you accept cashless donations, make sure you have the right systems in place to process them safely, securely and legally. Different payment systems, methods and devices may apply different requirements and standards. 

There are multiple ways of handling cashless payments using various devices, software and apps, payment gateways, and payment systems. Here are some examples:

  • Payment systems: Bacs, Direct Debit, Faster Payments Service, Open Banking.
  • Payment methods: Debit and credit cards, Continuous Payment Authority, digital wallets, Chip and PIN, cheques, standing orders.
  • Payment tools: E-commerce webpages, point of sale terminals, card readers.

Cashless payment methods can be used to make one-off or recurrent donations. They are supported by various payment systems and technology, including handheld devices, software and apps. 

Before deciding to accept cashless donations, you should:

  • Understand what any cashless method you are considering involves, including any training needs.
  • Assess and document in writing the risks to your institution of using cashless methods.
  • Know the costs, including purchase or rental of tools and fees charged (for example, per transaction or percentage deductions).
  • Evaluate the impact of using such methods on donor accessibility and donors in vulnerable circumstances.
  • Confirm that any payment service provider meets applicable industry standards.
  • Know how you will meet and maintain the legal and contractual requirements associated with the payment method.
  • Choose methods suitable for the number and value of donations you receive.
  • Understand the data you will process, how it may be used and make sure adequate data protection and information security measures are in place.

Make sure all relevant staff and ‘on-behalf-of' fundraising volunteers are adequately trained in your chosen cashless payment method(s) before they use them for your fundraising purposes.

All cashless donations intended for your institution must be received into your institution’s correct designated bank account

Convenient ways to donate

See code section 7.5

Cashless methods of donating are designed to enable easy and convenient ways for the donor to give, such as ‘tap to donate’ or ‘rounding up’ the bill of another retail transaction. They are typically unstaffed by a fundraiser. You might use these types of cashless convenience giving methods by working with others, such as a commercial participator or professional fundraiser. 

Always make sure donors have access to accurate and up-to-date information about the fundraising collection, in accordance with the code, before they donate by such convenience giving methods.

See more in our guides to ‘Documenting your fundraising decisions’‘Monitoring your fundraising partners’, and in our Guidance for charitable institutions working with commercial participators and Guidance for charitable institutions working with professional fundraisers.

Processing credit and debit card donations safely and securely

See code rules 3.5.1 and 4.1.1

Donations by credit and debit card can be made using Chip and PIN, contactless technology, or by card holders sharing their relevant details in person or remotely with you. When taking payments by credit or debit card, make sure that the donor agrees to the donation amount and that only that amount is entered into the payment tool or device.

When processing credit or debit card donations, make sure you and your payment service provider, and any intermediaries processing payments on your behalf, meet the Payment Card Industry Data Security Standards (PCI DSS). 

Meeting and maintaining the PCI DSS enables all payment information to be handled securely. The standards that apply to you will depend on your transaction activity. If you do not comply with the applicable PCI DSS standards, you could be in breach of contract with your payment service provider and your bank. 

PCI Security Standards Overview from the PCI Security Standards Council

Accepting contactless and higher value contactless payments from UK Finance

Strong Customer Authentication (SCA)

See code rule 3.5.1

Strong Customer Authentication (SCA) provides extra payment security to help reduce fraud. It is a legal requirement for certain transactions. SCA requirements are set out in the Payment Services Regulations 2017. Two-factor customer authentication (verification) is required by banks and payment service providers for online payments and bank transfers. Low risk payments may be exempt from SCA at the discretion of the donor’s bank. 

Strong Customer Authentication (SCA) from the Financial Conduct Authority

Strong customer authentication from the Chartered Institute of Fundraising

Accepting regular donations by Direct Debit

See code rules 2.1.1, 3.5.1, 5.2.4 and section 7

When a donor sets up a Direct Debit, they are agreeing with their bank that you can take a regular payment from their account. You cannot accept payments by Direct Debit unless a Bacs participating bank or building society authorises you to do so. 

When applying to use the Direct Debit scheme, your bank will inspect and vet you before allowing you to process any payments. If you process donations by Direct Debit, you must follow the Direct Debit Scheme Rules that apply to you. This makes sure that you are handling Direct Debits correctly and securely, helps reduce the risk of fraud, and enables donors to benefit from the Direct Debit Guarantee Scheme. Direct Debit payments can be processed in-house or by using an approved Direct Debit bureau.

If you intend to conduct public or house-to-house Direct Debit fundraising, you should take advice from the relevant local authority and/or the Chartered Institute of Fundraising.

Standing orders 

See code rule 5.2.4

Standing orders are set up by the donor. They instruct their bank to make a fixed donation payment to you at specified intervals. The donor will need your bank account number and sort code to complete a standing order mandate or equivalent. Make sure your relevant account details are shared with the donor clearly and accurately. You can alternatively provide the donor with a standing order mandate form for them to complete and return. 

What are standing orders, direct debits and continuous payment authorities? information for consumers from the Financial Ombudsman Service

Standing orders versus direct debits from the Charities Aid Foundation

Continuous Payment Authorities

See code rule 5.2.4

Continuous Payment Authorities (CPAs) are similar to Direct Debits but operate differently. They are sometimes known as ‘recurring card payments’. Unlike Direct Debits, the donor makes an agreement with your institution, rather than with their bank, to make a recurrent payment from their debit or credit card. You must get the donor’s consent, known as ‘standing authority’, to take CPA payments from their account.

CPAs can enable you to take variable amounts from a donor on a variable payment schedule. However, you must be open and honest with donors about the CPA payments you intend to take and get their consent before doing so. If a donor asks you, or any organisation processing transactions on your behalf, to stop their CPA, they must be stopped in accordance with the applicable terms and conditions. 

What are standing orders, direct debits and continuous payment authorities? from the Financial Ombudsman Service

Continuous payment authorities: it is your right to cancel from the Financial Conduct Authority

Street fundraising (regular giving) from the Chartered Institute of Fundraising

Regular giving to charity: direct debit vs recurring card payment from the Charities Aid Foundation

Text donations

See code section 7.5

Receiving charitable donations by text message, sometimes called ‘text to donate' or ‘text to give', may involve one of the following:

  • A donor texts a keyword or code to a designated short number triggering a reply text (which may or may not be received free of charge) containing a link to your online donations form.
  • A donor texts a keyword and donation amount to a designated short number. The donation and any additional charges will be added to their mobile phone bill or deducted from their pay as you go phone credit. Donations are passed on to you by the donor’s mobile phone network provider.

If you accept donations by text, make sure you provide clear and accessible information to donors, including about:

  • how your text giving works, including cancelling or pausing recurrent donations
  • eligibility criteria, including minimum age and consent requirements
  • if any additional or inclusive charges will, or may, apply and the amount or percentage, such as a standard network charge or administration fee
  • the information you will collect about the donor, including a link to your privacy policy, and how to opt-out of future marketing; and
  • all terms and conditions.

Accepting cryptocurrency donations

See code rules 1.1.1 and 2.1.1

Cryptocurrency is a type of cryptoasset and is not legal tender in the UK. It is currently treated in law as property, not currency. The law and regulation surrounding cryptoassets is currently evolving. Some charities are already accepting donations in this form. 

If you are considering accepting crypto donations, make sure you understand how to receive and store crypto, and how to convert it to legal tender. Before deciding to accept cryptocurrency donations, you should evaluate the risks and, if you need to, take specialist professional advice. 

Make sure your donations policy fully reflects whether or not you accept cryptocurrency donations. If you are offered anonymous crypto donations, handle them in accordance with your donations policy. Always conduct proportionate due diligence before accepting a donation in this form. See more in our guide to ‘Due diligence and fundraising’.

Cryptocurrencies: what are they, and should charities use them?Internal financial controls for charities and Investing charity money: guidance for trustees from the Charity Commission for England and Wales

Crypto basics from the Financial Conduct Authority

Cheques and cheque imaging

See code rule 3.4.1

Donations made by cheque can be deposited into your bank in person or by using a bulk cheque processing service. Some banks enable electronic cheque deposits into a business bank account using digital scanning technology and the Image Clearing System (ICS). Before deciding to deposit cheques using imaging technology make sure your bank or building society uses the ICS. Make sure you have processes in place to prevent theft or fraud, including when using cheque imaging, and that cheque donations are only ever deposited into the agreed designated account.

Image clearing system from Pay.uk 

Mandate and cheque fraud from Police.uk

Cheque fraud and Counterfeit cheque fraud from Action Fraud

Using QR codes

See code section 7.5

‘Quick Response’ (QR) codes can be used on your marketing materials, for example, on posters or other printed or digital materials, to enable donors to scan the code to access your donations webpage quickly and easily. Genuine charity QR codes left unattended in public places might be susceptible to fraud. They risk being maliciously replaced or overlaid with a sticker with a fraudulent code leading to a scam website. Before introducing QR codes, conduct a risk assessment and agree the actions you will take to reduce the risk of fraud, for example:

  • only use trusted ways of generating a QR code
  • always check in advance that your QR code leads to your intended webpage
  • do not leave QR codes permanently unattended by you or a third-party fundraiser; and
  • Embed the QR code with a recognisable and long URL, visible when hovered over by a scanning device to show the destination website.

QR Codes - what's the real risk? from the National Cyber Security Centre

Cracking the (QR) code from the Advertising Standards Authority 

Avoid and report internet scams and phishing from the UK Government

Convenience giving and unstaffed collections

See code sections 6 and 7.5

Convenience giving is when fundraising methods allow people to make quick, easy and normally small donations using digital technology. They may use some of the cashless methods referred to above. Convenience giving methods are often unstaffed by a fundraiser and can include, for example, ‘tap to donate’ or ‘rounding up’ the bill of another retail transaction. 

You may enable convenience giving directly or indirectly by working with others such as a commercial participator or professional fundraiser. Make sure donors have access to accurate and up-to-date information about the fundraising collection before they donate, in accordance with the code.

Data protection, cyber security and fraud prevention

See code rule 2.1.5, 2.1.6 and 3.5.1

Cashless donations may require storing personal data and banking information. You must process all donor personal data, banking and card payment information in accordance with data protection legislation and all applicable system and data security standards (see above). Make sure you have systems in place to protect against cyber attacks and security breaches, including hacking, phishing, malicious software, and distributed denial of service (DDoS) attacks.

GDPR briefing 1-6 from the Fundraising Regulator 

Protect your charity from fraud and cyber crime and Compliance toolkit: protecting charities from harm from The Charity Commission for England and Wales

A guide to data security from the Information Commissioners Office

Accessibility and inclusion

See code rule 1.2.6 and section 5

Be aware that some cashless donation methods may improve accessibility for some donors and decrease accessibility for others. Make sure you also consider the impact of cashless donations on donors who may be in vulnerable circumstances. Bear in mind that if you place a heavy reliance on digital technology, some potential donors may not have access and be excluded from the opportunity to donate.

Top tips for handling cashless donations

These top tips are not legal advice. They are advisory and non-exhaustive. 

You must follow all parts of the code that apply to you.

  1. Assess and document in writing the risks of using one or more cashless methods before implementing them.
     
  2. Make sure all cashless donations intended for your institution, however processed, are received into your institution’s correct designated bank account.
     
  3. If you intend to conduct public or house-to-house Direct Debit fundraising, you should take advice from the relevant local authority and/or the Chartered Institute of Fundraising.
     
  4. If you accept donations by text, make sure you provide clear and accessible information to donors.
     
  5. If you are considering accepting crypto donations, make sure you understand how to receive and store them, and how to convert them to legal tender.
     
  6. If you have a policy to accept crypto donations, always conduct proportionate due diligence before accepting a donation.
     
  7. Before deciding to deposit cheques using imaging technology, make sure your bank or building society uses the Image Clearing System. 
     
  8. Before introducing QR codes, conduct a risk assessment and agree the actions you will take to reduce the risk of fraud.
     
  9. Genuine charity QR codes left unattended in public places might be susceptible to fraud.
     
  10. Be aware that some cashless donation methods may improve accessibility for some donors and decrease accessibility for others.