Welcome to the PCI-DSS Forums, your place to discuss the new Payment Card Industry Data Security Standards with the rest of your online community.  You can also check out our PCI Compliance Blog!

I am currently looking at changing our online donation process because our current system can no longer be used (we had all the info stored on a secure site which notified us when a donation came in - we would log in - print out the 'order' and delete the info from the secure site - but since all that info cannot be stored anymore we are looking.)

 These are the questions I am asking all of the vendors in case anyone is interested.

Do you use captcha technology? This would stop the ‘spam’ loading of stolen cards (which has happened to us in the past)
http://en.wikipedia.org/wiki/Captcha 
  
Do you use CVV2 & AVS technology only? – we stopped taking online trans before because the processor we had before used both of these and we still spent way more in fraud charge fees then we received as donations because spammers had billing addresses and CID’s/CVV2’s
 
Do you use geolocation by IP address?
 
Do you use fraudLabs technology to deny anonymous proxy server transactions?
 
Do you verify that the address is not a ‘ship-forward’ address?
 
Do you run a phone number area code against zip code check?
 
Do you deny free or anonymous email site transactions? (like hotmail & yahoo – FraudLabs technology)
 
What is the chargeback fee structure when a card is found to be fraudulent? (For instance, we would get a $10.00 on line donation but then get hit with a $25 fraud fee that we were responsible for which is a huge loss for a not for profit – this was thru verisign a few years ago) 
 
I have also created a spreadsheet that compares 4 solutions so far (still in progress - waiting for quotes, etc. on some vendors) if anyone is interested.