PCI Compliance Blog
Get the latest PCI news

Brave New World: Introducing the Blackbaud Payment Service

Posted: Sep 03, 2008 by Douglas Clinton | with 8 comment(s)
Filed under: , ,

Blackbaud can help you comply with the Payment Card Industry Data Security Standard (PCI-DSS) by providing software solutions that meet the Payment Application Security Standards (PA-DSS). The goal of the PA-DSS is to help software vendors like Blackbaud develop secure payment applications that comply with the requirements of the PCI-DSS. In order to make our software PA-DSS compliant, Blackbaud has opted to remove credit card data from all applications.

In order to make The Raiser's Edge, NetSolutions, Blackbaud NetCommunity, and Blackbaud Enterprise CRM compliant with PCI-DSS and PA-DSS guidelines while still allowing you to process transactions, Blackbaud is pleased to announce The Blackbaud Payment Service (BBPS). BBPS will integrate with the PA DSS compliant versions of our software applications.

With BBPS, credit card numbers will no longer be visible in the software applications and storage of credit card information will be transitioned to the BBPS. Within each application, credit card numbers will be replaced with reference tokens. When you process credit card transactions, your software will connect to the BBPS service. The reference token in your database will summon the stored credit card number to be used in the transaction.

If you have an existing Merchant ID or get one before October 1, 2008, you may be able to postpone updating to a PA-DSS compliant version until October 1, 2009. You should contact your processor or acquiring bank ASAP to determine your compliance requirements and timelines - they may require immediate compliance.

If you choose not to use the BBPS, you should back up your credit card data before updating to the PA-DSS version of our software. You will need to contact a Qualified Security Assessor for advice on how to secure this credit card information in accordance with PCI DSS.

If you have any questions about BBPS, or anything else related to PCI-DSS and PA-DSS requirements, please leave a comment below.


Comments

Laurel Quaintance said:

What about recurring gifts paid by credit cards - will this delet them from RE?

If you aren't using credit card services from blackbaud in your software - but manually do credit cards outside the software, will an upgrade erase all of your credit card numbers?

# September 4, 2008 4:07 PM

Douglas Clinton said:

Hey Laurel - The update to The Raiser's Edge 7.86 won't delete the recurring gifts, but it will remove all of your credit card numbers. To become PA-DSS compliant, we have to completely remove credit card numbers from the software.  If you need to get your credit card data out of The Raiser's Edge, you can export the information, but then you'll want to check with a Quality Security Assessor about how to make sure your organization is meeting the PCI DSS standards.

# September 5, 2008 10:50 AM

Tricia Bouton said:

Will Blackbaud offer any educational web seminars related to the new BB Payment Service?  Will the BB Payment Service be covered in a breakout session at the Nov. User Conference in Charleston?    Will the BBPS replace the partnership you have with the preferred vendor ICVERIFY?  

# September 5, 2008 4:54 PM

Laurel Quaintance said:

Hey Doug,

If we add the integrated Credit Card services like IATS to our RE - will we still be able to take recurring payments and use recurring batches to send for authorixzation or will we need to manually re enter all credit cards each time?

# September 8, 2008 12:14 PM

Douglas Clinton said:

It's great to see all this chatter on the blogs.

To answer your questions, Tricia - we will offer web seminars for the BBPS and for affected versions of each product - as we are doing this week for EE/FE/BBSIS.  At the conference there will be two sessions scheduled to discuss the service.  BBPS will support both ICVerify and IATS users.

Laurel - you will still be able to authorize credit card transactions through RE using IATS.  Data will not need to be re-entered in the Raiser's Edge each time.

# September 10, 2008 1:59 PM

Robert said:

Can you please tell me if access to credit card numbers stored in the BBPS is available via the RE API?

# September 18, 2008 7:29 AM

Douglas Clinton said:

Hey Robert, RE API will not be able to access credit cards stored in BBPS.  That would violate the PCI-DSS requirements.  RE will still be able to process credit cards - the reference tokens from BBPS will take the place of the credit card numbers in The Raiser's Edge.

# September 18, 2008 9:24 AM

Becky Creamer said:

Is BBPS available now, if not, when will this software be available to users?

# October 1, 2008 1:19 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 


Enter the numbers above: