PCI Compliance

What is PCI compliance?

The Payment Card Industry (PCI) Data Security Standards are a set of requirements instituted and regulated by the PCI Security Standards Council (PCI SSC). The PCI SSC is a consortium of major card brands including Visa, MasterCard, American Express, Discover, and JCB, created to enhance credit and debit card data security. All organizations that process, store, or transmit payment card data must comply with PCI DSS requirements or risk losing their ability to process credit card payments. The council also supports Payment Application (PA) security standards for software products that are installed and used locally by merchants to process, store, or transmit credit card data. Software products that meet the Payment Application Data Security Standard (PA-DSS) have been validated as compliant with PCI DSS requirements and enable merchants to readily attain PCI compliance.

How does Blackbaud manage PCI compliance?

Blackbaud acknowledges our responsibility for compliance with PCI requirements and protection of any cardholder data that we, as a service provider, process, store, process, or transmit on behalf of the customer. A detailed listing of these responsibilities can be found here. Validated as a Level 1 Service Provider and Payment Gateway, Blackbaud demonstrates compliance with 12 security requirements through an annual review of the IT environment and information security policies and procedures.

Blackbaud has modified every application that processes, stores, or transmits credit card numbers to become PCI DSS and/or PA-DSS compliant. We have implemented PCI standards regarding secure storage of data, strong access control, and other requirements.

Blackbaud developed a secure, PCI DSS-compliant credit card payment gateway that facilitates processing via our products. This gateway has passed a Service Provider Level 1 PCI DSS assessment and compliance can be verified by Visa and/or MasterCard. This enables users to process credit card transactions without the burden of maintaining all card data locally.

Blackbaud has upgraded our entire Blackbaud Application Hosting environment to ensure PCI DSS compliance and data security.

If your organization uses a hosted Blackbaud product or service, you may need a yearly compliance report for assessment purposes. To learn more about available Blackbaud PCI DSS Compliance reports and how to receive one, click here.

What is the customer’s responsibility regarding PCI?

It is the responsibility of each Blackbaud customer to comply with PCI DSS requirements prescribed by the PCI SSC or by your acquiring bank. Blackbaud can help you comply by providing services and solutions that meet these standards. You should review the standards provided by the PCI SSC and assess your PCI requirements. Here are other actions that you can take:

  • Download the PCI Quick Reference Guide from the PCI Library. Search for “PCI DSS Quick Reference Guide.”
  • Download and complete the appropriate Self-Assessment Questionnaire.
  • Contact your acquiring bank or the entity that issued your merchant ID and ask for clarity on their dates for compliance.
  • Use compliant applications, services, and solutions when available.

For a complete list of available Blackbaud PCI DSS Compliance reports, click here and review the table at the bottom of the page.

Blackbaud PA-DSS compliant payment applications:

  • Blackbaud NetCommunity (BBNC)
  • Blackbaud Raiser’s Edge (RE7)
  • Blackbaud Internet Solutions (BBIS)
  • Blackbaud CRM (BBCRM)