PCI Compliance: Do you have a plan?
PCI Compliance seems to be getting a lot more attention lately. I hear about it at industry events. I see it in publications. And while I'm glad that there is discussion, I'm afraid that I'm not seeing a whole lot of action. When I speak to people in the not-for-profit market, it is a rare occasion that I come across an organisation that has a plan for achieving PCI Compliance. Does your organisation have a plan?
What is PCI Compliance? There are two key worldwide compliance requirements:
So that means that it is the responsibility of each organisation to comply with PCI DSS - you should review the standards provided by the security council and assess your PCI requirements. The Security Standards Council provides a Quick Reference Guide and a Self-Assesment that you can download from their website which could be starting point for your plan.
What is Blackbaud's Plan? In order to make The Raiser's Edge, NetSolutions, Blackbaud NetCommunity, and Blackbaud Enterprise CRM compliant with PCI DSS and PA DSS, we have developed the Blackbaud Payment Service (BBPS). BBPS integrates with the PA DSS compliant versions of our software and stores credit card and merchant account information in a secure environment. Credit card numbers will no longer be visible in our software and will be replaced with reference tokens. When you process credit card transactions, the reference token in your database will summon the stored credit card number from BBPS to be used in the transaction (so you will be able to process recurring transactions). The BBPS has successfully completed our PCI DSS audit.
For more information on PCI, check out our PCI Compliance Resources such as our PCI blog, PCI video and FAQs. I'd love to hear from you if you do have a plan.