PCI Webinar by NTEN on Friday, November 7 at 2PM (EST)

Blackbaud has teamed up with the Nonprofit Technology Network (NTEN) to provide a great FREE informational session entitled, “PCI: What’s All The Fuss?”   We are very pleased that both Bob Russo, General Manager of the PCI Security Council, and Mark Banbury, Vice President and Chief Information Officer for Plan Canada, have agreed to speak about PCI compliance.

Bob will provide information on how these new requirements impact nonprofit organizations and Mark will discuss the approach to compliance at his organization and the importance of these measures to the security of both NPOs and their constituents.

You can register for FREE here:   PCI:  What's All the Fuss?  If you are new to NTEN, create a visitor login by completing a short registration form. Then, select “Take A Webinar” from the LEARN menu (left nav bar), select the PCI session, click Register Today, and log in with your visitor account.

Select Blackbaud in the "How did you hear" field. Click Add to Cart to complete the registration process. (It will ring up as $0 for the webinar.)

Webinar: Beta Program for The Raiser’s Edge 7.86

Last week, Anne McDonell, Blackbaud’s Client Feedback Manager, Kevin Brunson, Sr. Product Support Lead for The Raiser’s Edge and I hosted a webinar on The Raiser’s Edge 7.86 beta. The webinar provided an overview of issues surrounding PCI compliance and a demo of the integration of The Raiser’s Edge and the new Blackbaud Payment Service.

You can see a recording of the webinar and download the presentation. If you are interested in joining The Raiser’s Edge 7.86 beta program, please fill out the Application Survey or email Anne McDonell. We’re holding a repeat of the webinar on Thursday and Friday, October 23 and 24. If you would like to attend, register now!

Bucky Wall, Director of Corporate Readiness

On the Road With Bucky Wall

Posted on behalf of Bucky Wall:

Last week, Jake Marcinko, Blackbaud's Data Security Manager, and I attended the PCI Security Standard Council's (PCISSC) annual community meeting in Orlando, FL (You may recall from an earlier press release that Blackbaud joined the PCISSC this past summer.) The main focus of this year's meeting was the roll-out of the PA & PCI DSS Standards 1.2.

In general, it was a bit of an eye-opener. This was mostly because it's fairly clear that the non-profit space is not on the Security Council's RADAR. You would think it should, since charitable giving topped 300 billion last year in the US alone (and while I don't have stats as to the amount donated via credit cards, you can bet it's a sizable number).

• We haven't seen a serious breach of security resulting in the loss of a large number of credit card information. And, unfortunately, many organizations don't have self-auditing processes and wouldn't know if there was a breach.
• Most non-profits have a relatively small number of credit cards in their databases, so any loss would be relatively small in comparison to a large merchant (can you say, "TJ-MAX?")
• General credit card security concerns have been slow to arise in the non-profit space.
• The unique relationship between donor and the receiving organization is fundamentally different than that between merchant and purchaser. Donors don't complain as much as purchasers…

Why should we want to be on the Council's RADAR?
Decisions have been made and will continue to be made over the next few years that will impact the way non-profits accept credit card donations. You will want a say in these decisions. You might even consider joining the council (see: https://www.pcisecuritystandards.org/participation/join.shtml)

• Vote for Participating Organization representatives on the PCI Security Standards Council Board of Advisors.
• Nominate a representative to stand for election to the PCI Security Standards Council Board of Advisors.
• Comment on drafts of all revisions to the DSS specification, and on any new specifications, prior to public release.
• Attend Community Meetings hosted by the PCI Security Standards Council.
• Recommend new initiatives for consideration to the PCI Security Standards Council.

I plan to push for a special interest group within the council focusing on the needs of non-profits, but it may take some politicking to get this approved.

• Look for the "touch points" regarding credit card data. Who sees or touches credit card information and why? If you don't need this information, then get rid of it.
• Self-assess. Contact a Qualified Assessor to help if needed, but take some time to see how vulnerable your data environment is, keeping in mind you will probably need change some of your business practices based on what you discover.
• Requirements are not absolute. There is a lot of grey area associated with these requirements, look at the best practices and see what makes sense to your organization.