Hi,

I've been reviewing the PCI DSS to determine how to best store credit card information for donors who give monthly, but it is not yet clear to me if we are compliant with the new standards or not. It would be intrusive to contact these donors every month to get this information, so we need to store it somehow.

At present we save the credit card information for each of these donors in an encrypted file that is stored in a password-protected location on our server, then un-encrypt it every month just long enough to print the information. The information is shredded promptly after the charge is completed. But my impression from discussions during breakout sessions at a recent Blackbaud meeting in Portland is that this may not be enough.

Thanks in advance for any advice, suggestions and feedback,
Barbara Robertson
Development Assistant
Metropolitan Family Service

If I understand the 7.91 update correctly, you do not have to worry about storing the #s if you enter them in RE and process your payments in RE via IATS or ICVerify.  Blackbaud Payment Services (BBPS) stores the #s and when you process a payment through RE the number is retrieved from BBPS.  Pledge payment schedule would need to be set as monthly.  BBPS does not store one-time gift payments.

I get the impression you are not currently processing your credit card payments through RE.  I would certainly look into it. Contacting donors every month is definitely not a donor friendly way to go about it.  Good luck.