Last Modified: October 24, 2023
What is this?
Many people are surprised to learn that in payment processing world, there is something called a token transfer, and that they are extremely common. All payment processors have data teams that do these migrations every day. These are done when a "Merchant" (a business or organization processing recurring payments) decides to move to a new provider.
How to request your data:
From: "Business Owner"
To: Whoever your customer success or account manager is at your company
Subject: Request for Credit Card Data Export
Body:
Hello,
I am writing to request an export of my credit card data to import them into Stripe, a PCI DSS Level 1 Service provider.
The type of credit card information I need includes the following:
● Customer Name
● Full credit card number
● Expiration date
● Email (if available)
● Billing address
Stripe will store and protect the credit card data in accordance with the PCI DSS standards. I have Stripe's PGP key and their PCI Attestation of Compliance (AOC) for your reference if you need.
Please use the secure fileshare link to upload the data file after it has been encrypted.
You may reach out to Stripe's data migration team at data-migrations@stripe.com if you have any technical questions regarding this request. They prefer the file in a JSON or CSV format.
Thank you for your time and attention to this matter.
Sincerely,
YOUR NAME
YOUR ORGANIZATION NAME
Step 1: Understand that your customer's payment data with you is your intellectual property.
Although some 'merchants' sign away this right, rarely do those clauses hold up in court or legal arbitration historically.
Step 2: Understand that it is commonplace to request your data from your processor.
In the Church and Nonprofit space, nearly 100% of the time the software provider is not your payment processor.
For example, Pushpay and RebelGive use Firstdata. Subsplash, Classy, FundraiseUp, PlanningCenter and Tithely use Stripe. MinistryBrands and QGiv use Vantiv Worldpay.
Those payment processors all have dedicated data migrations teams that are sending tokenized credit card data back and forth to each other based on merchants moving between providers.
Step 3: Request your data to be sent to a new processor.
Requesting the data is as simple as sending an email to the right contact at your processor. Some companies try to hide who that is as best as they can.
A new processor will ingest the tokenized card data.
Step 4: Match the card data (number, name, expiration date, email, billing name, billing zip) with your donors.
WeGive's team does this part for you. This takes 24-36 hours.
Timeline: 1 - 5 weeks.