PCI Compliance

What is PCI compliance?

The Payment Card Industry (PCI) Data Security Standards are a set of requirements instituted and regulated by the PCI Security Standards Council (PCI SSC). The PCI SSC is a consortium of major card brands including Visa, MasterCard, American Express, Discover, and JCB, created to enhance credit and debit card data security. All organizations that process, store, or transmit payment card data must comply with PCI DSS requirements or risk losing their ability to process credit card payments. The council also supports Payment Application (PA) security standards for software products that are installed and used locally by merchants to process, store, or transmit credit card data. Software products that meet the Payment Application Data Security Standard (PA-DSS) have been validated as compliant with PCI DSS requirements and enable merchants to readily attain PCI compliance.

How does Blackbaud manage PCI compliance?

Blackbaud acknowledges our responsibility for compliance with PCI requirements and protection of any cardholder data that we, as a service provider, possess, store, process, or transmit on behalf of the customer. A detailed listing of these responsibilities can be found here. Validated as a Level 1 Service Provider and Payment Gateway, Blackbaud demonstrates compliance with 12 security requirements through an annual review of the IT environment and information security policies and procedures.

Blackbaud has modified every application that processes, stores, or transmits credit card numbers to become PCI DSS and PA-DSS compliant. We have implemented PCI standards regarding secure storage of data, strong access control, and other requirements.

Blackbaud developed a secure, PCI DSS-compliant credit card gateway that facilitates processing via our products. This gateway has passed a Level 1 PCI DSS audit and compliance can be verified by Visa or MasterCard. This enables users to process credit card transactions as they do today without the burden of maintaining all card data locally.

Blackbaud has upgraded our entire Blackbaud Application Hosting environment to ensure PCI DSS compliance and data security.

Blackbaud has passed all audits conducted by our third-party Qualified Security Assessor. If your organization uses a hosted Blackbaud product or service (including Blackbaud Merchant Services and Blackbaud Payment Service), you may need a yearly compliance report for auditing purposes. To learn more about audit reports and how to request one, click here.

What is the customer’s responsibility regarding PCI?

It is the responsibility of each Blackbaud customer to comply with PCI DSS requirements by the dates prescribed by the PCI Security Standards Council or by your acquiring bank. Blackbaud can help you comply by providing applications and solutions that meet these standards. You should review the standards provided by the Security Standards Council and assess your PCI requirements. Here are other actions that you can take:

  • Download the PCI Quick Reference Guide from the PCI Library. Search for “PCI DSS Quick Reference Guide.”
  • Download and complete the appropriate Self-Assessment Questionnaire.
  • Contact your acquiring bank or the agency that issued your merchant ID and ask for clarity on their dates for compliance.
  • Use compliant applications when they become available.

Blackbaud has developed the solutions below, which process, store, and/or transmit cardholder data, to become PCI DSS and PA-DSS compliant:

  • Blackbaud Checkout (formerly Blackbaud Secure Payments)
  • Blackbaud CRM
  • Blackbaud Education Edge
  • Blackbaud eTapestry
  • Blackbaud Financial Edge
  • Blackbaud Internet Solutions
  • Blackbaud Luminate Online
  • Blackbaud Merchant Services
  • Blackbaud MobilePay
  • Blackbaud NetCommunity
  • Blackbaud Online Express
  • Blackbaud Payment Service
  • Blackbaud Raiser’s Edge