View
215
Download
0
Category
Tags:
Preview:
Citation preview
Beta Program for The Raiser’s Edge 7.86PA DSS version
Anne McDonell & Bucky Wall
Corporate Readiness
Anne McDonell & Bucky Wall| Page #2 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Agenda
PCI/PA DSS overview Visa mandated deadlines Impact of regulations The Raiser’s Edge 7.86 Demo
Interaction the Blackbaud Payment Services The Raiser’s Edge Beta Program Q & A
Anne McDonell & Bucky Wall| Page #3 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
PCI DSS & PA DSS
Payment Card Industry Data Security Standard (PCI DSS) Set of requirements developed by the major credit card companies to enhance credit
card data security All organizations that process, store, or transmit payment card data must be PCI DSS
compliant or risk losing their ability to process credit card payments
Payment Application Data Security Standard (PA-DSS) Designed to help software vendors develop secure payment applications that do not
store prohibited data Ensure payment applications support compliance with the PCI DSS Payment applications that are sold, distributed or licensed to third parties are subject to
the PA-DSS requirements Formerly under the supervision of the Visa Inc. program known as the Payment
Application Best Practices (PABP)
Anne McDonell & Bucky Wall| Page #4 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Visa Mandated Deadlines
October, 1 2008: Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-
compliant applications. Merchants must be PCI DSS complaint or use PA DSS validated applications to obtain
a NEW merchant ID number• Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.• Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other
merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.
October, 1 2009: VisaNet Processors (VNPs) and agents must decertify all vulnerable payment
applications. Systems that have been subject to a security breech
July 1, 2010: Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant
applications Applies to all organizations that process credit cards
Anne McDonell & Bucky Wall| Page #5 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Impact of Regulations on Blackbaud customers
You can continue as normal until July 1, 2010 if: You have an existing merchant ID Your processor or acquiring bank doesn’t require immediate compliance And you are not using known vulnerable applications Contact your processor or acquiring bank now to determine their compliance
requirements
You should Strive to become PCI compliant as soon as possible to:
• Protect your donor data
• Remove liability from your organization
Compliancy will change your business practices You are responsible for becoming PCI compliant Review self-assessment at the PCI Security Council Organizations website
Anne McDonell & Bucky Wall| Page #6 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Impact of Regulations on Blackbaud
We need to remove credit card data from our applications to make them PA-DSS compliant
We need to develop and implement process changes that will allow our hosting facilities and our development, support and services environments to achieve PCI-DSS compliance
Anne McDonell & Bucky Wall| Page #7 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
The Raiser’s Edge 7.86 & The Blackbaud Payment Service All credit card data will be removed from your database at install
Credit card numbers will be replaced with a reference token Products will call the web service when making a transaction The token will refer to the stored credit card number to be used in the transaction All current Raiser’s Edge processes remain the same Payment service will be redundant across ATL and Vancouver hosting facilities
Anne McDonell & Bucky Wall| Page #8 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Raiser’s Edge 7.86
DEMO
Anne McDonell & Bucky Wall| Page #9 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
The Raiser’s Edge 7.86 Beta Program
Benefits Be among the first to implement this new version of that will help your organization
become compliant with PCI DSS standards Earn $500 in beta buck$ for your organization by signing up and installing Use beta buck$ toward future BB products, services, or maintenance Individuals are also eligible to win prizes for completing tasks, surveys, etc. Receive proactive weekly calls from a beta buddy Contribute to our development process by providing feedback on the software to help
ensure the release of a quality product
When RE only clients - early November through mid-December RE/BBNC clients - late January through early March RE/NetSolutions clients - mid-February through early March
Anne McDonell & Bucky Wall| Page #10 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
The Raiser’s Edge 7.86 Beta Program
Qualifications You process and store credit card information in The Raiser’s Edge You meet our beta profile
How to Apply Beta Application Survey Deadline: Friday, October 17
Contact Information Anne McDonell (anne.mcdonell@blackbaud.com)
Anne McDonell & Bucky Wall| Page #11 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Helpful links
PCI Overall information http://www.pcisecuritystandards.org/index.shtml Self-Assessment Questionnaire:
https://www.pcisecuritystandards.org/saq/index.shtml Find a QSA: http://www.pcisecuritystandards.org/qsa_asv/find_one.shtml
Blackbaud sites: PCI Landing page: http://www.blackbaud.com/pci PCI Blog: http://forums.blackbaud.com/blogs/pci/default.aspx
• Sign up for the PCI Compliance blog RSS feed at blogs.blackbaud.com
Anne McDonell & Bucky Wall| Page #12 © 2008 Blackbaud
The Raiser’s Edge 7.86 Beta
Questions
Recommended