PA DSS Compliance and Blackbaud NetCommunity

PCI DSS/PA DSS compliance…
The Payment Card Industry (PCI) Security Standards Council has mandated that all merchant processors use a certified payment application.  Blackbaud has validated compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS).  Blackbaud NetCommunity (BBNC) is PA DSS compliant with version 6.10 and later, and The Raiser’s Edge (RE) is compliant with version 7.91.

What changes have been made to The Raiser’s Edge?
In order to make The Raiser’s Edge compliant with PCI DSS/PA DSS standards, we have developed the Blackbaud Payment Service (BBPS). BBPS will integrate with RE and store credit card and merchant account information in a secure environment.

During the update to PA DSS version of RE, you will be prompted to choose whether to store your credit cards in BBPS or to delete them. If you choose to use BBPS, credit card numbers will no longer be visible in RE and will be replaced with reference tokens; users will see these token as the last four digits of the credit card number. When you process credit card transactions, the reference token in your database will summon the stored credit card number from BBPS to be used in the transaction. 

If you choose not to use BBPS, back up your credit card data before updating to the PA DSS version of our software as all credit card information will be removed. Contact a Qualified Security Assessor (QSA) for advice on how to secure this credit card information in accordance with PCI DSS.

What changes have been made to Blackbaud NetCommunity?
As with RE, Blackbaud NetCommunity integrates with BBPS to store credit card and merchant account information in a secure environment.  This change does not affect existing functionality.  For one-time donations, there is no change from a user perspective between an existing payment service and BBPS.  Your data will move from the existing service to the BBPS.

If you accept recurring debit or credit card gifts through BBNC, you will need to upgrade to a compliant version of RE to continue processing new gifts in your usual manner.  If you do not download credit card information into RE, you will not notice a difference between the current version of BBNC and the compliant version.  However, if you do not upgrade to the compliant version of RE, you will no longer have the option to download credit card numbers/tokens into RE.

How to upgrade to the PA DSS compliant versions of RE and BBNC if Blackbaud hosts BBNC and you host RE…
If Blackbaud Application Hosting hosts BBNC and you host RE, it is important to schedule your update with Blackbaud before running the install file of the new version of BBNC on your RE7 Web Services server.  The BBNC web server which Blackbaud hosts should be upgraded to the latest version at or around the same time that you update your RE7 web services server.  After our hosting administrators upgrade your BBNC site to version 6.10 or higher, you should upgrade RE to version 7.91.  Review our Knowledgebase solution for more information about the update.  When you are ready to upgrade your site, contact our BBNC Support team; they will be happy to assist you with scheduling a time.

How to upgrade to the PA DSS compliant versions of RE and BBNC if you host BBNC and RE…
If your organization does not plan to upgrade to RE 7.91, and you choose to continue processing credit cards by exporting or printing credit card numbers, we strongly recommend that you contact a Qualified Security Assessor.  A QSA can advise your organization on how to secure your credit card data and authorize credit card transactions in accordance with PCI DSS.