PCI DSS Compliance

PCI DSS Compliance Policies

Sarah Coco — Wed, 14 Oct 2009 19:32:44 GMT

Can anyone share their internal PCI DSS compliance document that relates to employee use and security of the system? I am starting one from scratch and thought it would be helpful to see written policies.

Thanks for your help

Sarah

Storing Hard copies of Credit Card Info

Mary Pelikan — Fri, 02 Oct 2009 20:57:22 GMT

Hello

with the new PCI standards that have come into place, is there somewhere in these policies that addresses the storing of Hard Copy Credit Card info? I can't seem to find much infor,atopm pertaining to these controls, other than cross-shredding. please email me at mpelikan@redemptorists-denver.org. Thanks,

Changes in The Raiser's Edge 7.91

Douglas Clinton — Tue, 14 Jul 2009 14:37:48 GMT

There've been a lot of changes in The Raiser's Edge 7.91 and we know there are a lot of questions. Here are a few we've been hearing a lot.

One of the first changes you'll notice is that we've made changes to passwords. After you update to 7.91 or higher, you'll have to enter your password using all capital letters (e.g., ADMIN1 instead of admin1. After you log in using all capital letters, we recommend that you change your password by going to Edit, Change Password. If you don't change your password, you'll have to keep using all capital letters to log in. The password changes are a requirement of the Payment Card Industry Data Security Standard (PCI DSS). Check out Knowledgebase solution BB608912 for more info.

Another big change is the 15 minute inactivity setting, which is another change made in accordance with PCI DSS, which requires users to re-enter passwords when a session has been idle for more than 15 minutes. When someone is locked out due to inactivity, processes like reports, mailings, exports, and queries will continue to run, and the user license will still be used. Knowledgebase solution BB620558 has more on this setting.

The most significant change is that The Raiser's Edge 7.91 now integrates with the Blackbaud Payment Service (BBPS) to store credit card numbers. Credit card numbers will be replaced with reference tokens and credit card information is kept in this secure, PCI DSS-compliant environment and only the last four credit card digits will display in The Raiser's Edge. When you process credit card transactions, your software will connect to the BBPS service. The reference token in your database will summon the stored credit card number to be used in the transaction.

Check out the Version 7.91 FAQs and post any questions you have here! I'll be answering questions all day

Policy and Procedure

Josh Culver — Sun, 14 Jun 2009 23:36:37 GMT

I am currently updating are policy and procedure manule to include PCI Compliance. In hope that I will not have to start from scrach I was wondering If any one would be willing to share, what they have put together so far. I have a basic outline from other sources and I would look as though I would have to pull from policies that are all ready inplace. But a template would be nice.

FE and RE interaction with PCI

Peter Scott — Fri, 21 Nov 2008 03:39:53 GMT

We will be running RE7.85 after this weekend. This version is not complient with PCI.

There is also a new version of FE7.77 just released which is compliant with PCI.

What will the affect be on any postings, transactions and the like if FE is the recipient of the data, but you wish to view the revenue component in RE? What happens to the Credit Card number?

Credit Card use in Raiser's Edge

Stu Pattison — Mon, 08 Sep 2008 17:47:36 GMT

Two questions:

1) How is credit card information stored in the Raiser's Edge database? Has this method been proven to be secure enough to meet the PCI Standard requirements?

2) We are setting up our firewall. What port(s) and protocol(s) does Raiser's Edge use to transmit and receive Credit Card information from IATS for processing? We want to block all internet traffic except for this function.

Thanks! Stu Pattison WCPE-FM Radio - Wake Forest NC

New Forums

Douglas Clinton — Fri, 20 Jun 2008 20:34:47 GMT

Welcome to the PCI-DSS Forums, your place to discuss the new Payment Card Industry Data Security Standards with the rest of your online community. You can also check out our PCI Compliance Blog!