PCI Compliance

What is PCI compliance?

The Payment Card Industry (PCI) Data Security Standards are a set of requirements instituted and regulated by the PCI Security Standards Council (PCI SSC). The PCI SSC is a consortium of major card brands including Visa Inc., MasterCard, American Express, Discover Financial Services, JCB International, and UnionPay, created to enhance credit and debit card data security. All organizations that process, store, or transmit payment card data must comply with PCI DSS requirements or risk losing their ability to process credit card payments. Version 4.0 of the PCI DSS was released by the PCI Council in 2023 and all organization are required to meet this standard as of March 2024. All Blackbaud 2024 PCI AOCs will be completed under the new 4.0 version.

How does Blackbaud manage PCI compliance?

Blackbaud acknowledges our responsibility for compliance with PCI requirements and protection of any cardholder data that we, as a service provider, process, store, process, or transmit on behalf of the customer. A detailed listing of these responsibilities can be downloaded here.  Validated as a Level 1 Service Provider and Payment Gateway, Blackbaud demonstrates compliance with 12 security requirements through an annual review of the IT environment and information security policies and procedures.

Blackbaud has modified every application that processes, stores, or transmits credit card numbers to become PCI DSS compliant. We have implemented PCI standards regarding secure storage of data, strong access control, and other requirements.

Blackbaud developed a secure, PCI DSS-compliant credit card payment gateway that facilitates processing via our products. This gateway has passed a Service Provider Level 1 PCI DSS assessment and compliance can be verified by Visa and/or MasterCard. This enables users to process credit card transactions without the burden of maintaining all card data locally.

Blackbaud has upgraded our entire Blackbaud Application Hosting environment to ensure PCI DSS compliance and data security.

If your organization uses a hosted Blackbaud product or service, you may need a yearly compliance report for assessment purposes. To learn more about available Blackbaud PCI DSS Compliance reports and how to receive one, click here.

What is the customer’s responsibility regarding PCI?

It is the responsibility of each Blackbaud customer to comply with PCI DSS requirements prescribed by the PCI SSC or by your acquiring bank. Blackbaud can help you comply by providing services and solutions that meet these standards. You should review the standards provided by the PCI SSC and assess your PCI requirements. Here are other actions that you can take:

• Download the PCI Quick Reference Guide from the PCI Library. Search for “PCI DSS Quick Reference Guide.”
• Download and complete the appropriate Self-Assessment Questionnaire
• Contact your acquiring bank or the entity that issued your merchant ID and ask for clarity on their dates for compliance.
• Use compliant applications, services, and solutions when available.

For a complete list of available Blackbaud PCI DSS Compliance reports for Blackbaud hosted customers, click here and review the table at the bottom of the page.