function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
KT@CiscoKT@Cisco 

Strategy to capture payment information for different modes like Credit Card, Check, ACH, etc.

I am implementing Salesforce for a Non Profit org and want to implement screens for capturing payment information for the different types of donations.

 

Sample donation types include:

1. Credit Card.

2. Check

3. Cash

4. Money Order

5. ACH

6. PayPal, etc.

 

I am not sure what kind of object relationships would be appropriate so that I can minimize the number of custom objects in the system. I initially thought of creating a custom object called "Donation Type" that maped to each of these types but then I realized that each type will have different set of fields that need to be captured (Eg: Credit card will require CC#, Expiration Date, CV# whereas Check would require Check#, Date, Bank Name, etc).

 

Any pointers?

 

Also, I don't know the legal implications for storing all this sensitive information in SFDC. It would be nice iif someone who has already dealt with this scenario point me in the right direction.

 

Thanks in advance.

sfdcfoxsfdcfox

I've not done anything nearly as fancy as that, but here's some suggestions:

 

1) Record Types. You could use record types to help keep your pages neat, and give the bonus effect of being able to select the type upon record creation.

2) Reuse redundant fields. Flowing from record types means you can reuse picklists and so on with some clever naming tricks to minimize the number of fields you need to use (handy for reporting).

3) Encrypted Text Fields. Remember that payment options may need to contain sensitive data, and those fields need encryption. Ask support for that feature.

4) Study up on PCI compliance. The last thing you want is an audit only to find that your system breaks the rules. One really important tidbit is that CVV/CVV2 values must not be stored, ever, and card data has to be encrypted and accessible to very few, well protected accounts.

5) Outsource PCI compliance. Many merchant gateways can handle requests such as recurring donations in a way that is PCI compliant without having to store any payment information in your database at all. Just keep the reference number provided by their API in case you need to look up a transaction, generate a dispute, etc.

 

I've done quite a bit of the legwork on this once before, and if you'd like some assistance on this, please feel free to PM me.