• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’s Edge
 

Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’s Edge

on

  • 615 views

In this powerpoint Kaine Costello, Blackbaud Pacific's Enterprise Account Manager, provides an introduction of PCI compliance and an overview and demonstration of The Raiser's Edge payment ...

In this powerpoint Kaine Costello, Blackbaud Pacific's Enterprise Account Manager, provides an introduction of PCI compliance and an overview and demonstration of The Raiser's Edge payment processing.

For more information on the Blackbaud Payment Services please contact sales@blackbaud.com.au.

Statistics

Views

Total Views
615
Views on SlideShare
615
Embed Views
0

Actions

Likes
0
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’s Edge Manage a Recurring Gift Process and Implement PCI Compliance with The Raiser’s Edge Presentation Transcript

    • 5/3/2013 Footer 1MANAGE A RECURRING GIFTPROCESS AND IMPLEMENT PCICOMPLIANCE WITH THERAISER’S EDGEPRESENTED BY KAINE COSTELLO
    • 5/3/2013 Footer 2• Set of comprehensive requirements for credit card data security tohelp facilitate the broad adoption of consistent data security measureson a global basis.• Established by the major card brands and the Payment Card IndustrySecurity Standards Council (PCI SSC).• All organisations that process, store, or transmit payment card datamust be PCI DSS compliant or risk losing their ability to process creditcard payments.• Consequences vary depending upon the merchant level, but canextend from fines to loss of merchant ID and the ability to processcredit cards as a form of payment.PAYMENT CARD INDUSTRY DATA SECURITY STANDARD(PCI DSS)
    • 5/3/2013 Footer 3PCI SECURITY STANDARDS COUNCIL MEMBERSPCI DSS is developed to encourage andenhance cardholder data security
    • 5/3/2013 Footer 4WHO MUST COMPLY?• Everyone who stores, processes or transmits cardholder data mustcomply with PCI DSS- PCI compliance is mandatory NOW- PCI applies to all parties in the payment process- You cannot be partially compliant: Compliance is PASS/FAIL• If you outsource components of your PCI process to Service Providers,they must comply- Either they are included in your scope- Or they must provide evidence to demonstrate their compliance
    • 5/3/2013 Footer 5PAYMENT APPLICATION MANDATES• Vulnerable payment applications that store sensitive authenticationdata post authorisation have proven to be the leading cause ofcompromise incidents, particularly among small merchants• Merchants must not use known vulnerable payment applications thatstore sensitive authentication data post authorisation• Merchants and Service Providers that use PA-DSS compliant PaymentApplications reduce the overhead of PCI Compliance
    • 5/3/2013 Footer 6CHALLENGES FOR NONPROFIT SECTOR• Fundraising through multiple channels• Therefore typically the PCI DSS triggers apply: storage, transmission andprocessing of Card Holder Data• Various Service Providers;- Telemarketing- Campaign Management- Face to Face Marketing- Outsourced IT Management Services- Donor Management- Gateway/Processing Services• Recurring Transactions (regular giving)• Online systems• Printed Card Holder Data
    • 5/3/2013 Footer 7REDUCING COMPLIANCE OBLIGATIONS• Reduce your exposure and risk• Reduce upfront & ongoing compliance obligations• Review the PCI DSS Triggers: storage, transmission and processing ofCard Holder Data• Securing Stored Card Holder Data is one of the more difficult attributes ofPCI DSS to comply with• Therefore not storing Card Holder Data alone will reduce PCI Compliancework effort
    • 5/3/2013 Footer 8YOUR PCI ASSESSMENT: HOST THE PAYMENT CARD DATAWITHIN YOUR OWN ORGANISATION.• Typical Blackbaud customer storing credit cards in The Raiser’s Edge- No in house developed credit card customisations, or secure data center storing“sensitive” information• Type 5/SAQ D80% ComplianceItems in Scope20% ComplianceItems Out of Scope
    • 5/3/2013 Footer 9YOUR PCI ASSESSMENT: REMOVE ALL PAYMENT DATA FROMYOUR SYSTEM & OUTSOURCE THE STORAGE OF THEPAYMENT CARD INFO.30% ComplianceItems in Scope70% Compliance ItemsOut of ScopeDramatically reduces the scope of assessment• Same user as before minus stored credit card numbers, using PA DSS apps• Type 4/SAQ C: Merchants with Payment Application Systems Connected tothe Internet (do not store cardholder data on any computer system)
    • 5/3/2013 Footer 10• Acts as an intermediary between the database and credit cardprocessing gateway.• Securely stores credit card information that is entered into Blackbaudapplications.• Integrates with PA DSS compliant versions The Raiser’s Edge,eTapestry, NetSolutions, Blackbaud NetCommunity, BlackbaudEnterprise CRM.• Makes it possible to adhere to the PCI DSS and process credit cardtransactions.BLACKBAUD PAYMENT SERVICE (BBPS)
    • 5/3/2013 Footer 11BLACKBAUD PAYMENT SERVICE (BBPS)• Certified PCI compliant as a Level 1 Gateway- Stored Information:• Credit card number• Valid from date• Expiration date• Issue ID (first six digits of the CC number)• Merchant account info (Gateway ID)• Cardholder name• Card type- What is returned to The Raisers Edge:• Card type• Cardholder name• Expiration date• Token which represents the card in BBPS– Displayed as truncated credit card number (last 4 digits)
    • 5/3/2013 Footer 12• Go to the PCI Security Standards Council website.• Review the PCI Quick Reference Guide.• Complete the appropriate Self-Assessment Questionnaire (SAQ).• Review the PCI DSS v2.0.• Contact their acquiring bank or agency that issued their merchant IDand ask for clarity on their dates for compliance.• Upgrade to compliant versions of Blackbaud applications.• Verify compliance with the PCI DSS and obtain report on compliance.HOW DOES AN ORGANISATION ATTAIN PCI COMPLIANCE?
    • 5/3/2013 Footer 13• Acts as an intermediary between the database and credit cardprocessing gateway.• Securely stores credit card information that is entered into Blackbaudapplications.• Integrates with PA DSS compliant versions The Raiser’s Edge,eTapestry, NetSolutions, Blackbaud NetCommunity, BlackbaudEnterprise CRM.• Makes it possible to adhere to the PCI DSS and process credit cardtransactions.BLACKBAUD PAYMENT SERVICE (BBPS)
    • 5/3/2013 Footer 14WORKFLOWBBNCThe Raiser’sEdgeBBPSTokensNABIPPBank
    • 5/3/2013 Footer 15BBNCThe Raiser’sEdgeBBPS(creates uniqueTokenID)PaymentgatewayTokenizer Utility(third party tokenization plugin)ImportRaw CHD(.csv)OutputsTokenizedfile (.csv)Import-o-maticSend CHD totokenize in BBPSReturns tokenizedCHDThird Party SupplierTOKENISER
    • 5/3/2013 Footer 16RAISER’S EDGE 7.91+ GIFT PROCESSING
    • 5/3/2013 Footer 17BATCH• Use batch to auto generate transactions/payments (Recurring Gifts)- In the batch go to Tools Automatically Generate Transactions/Payments• Use batch to enter one off credit card payments directly into Batch• EFT? box must be ticked on the gift record (circled above)
    • 5/3/2013 Footer 18BATCH• Sending donations to Processing Gateway- In the batch go to Tools Create EFT Transmission Files
    • 5/3/2013 Footer 19CREATE TRANSMISSION FILES – V7.91+• Select yourprocessing accountand click “Createnow”
    • 5/3/2013 Footer 20BATCHING• IP Payments will send back Authorisation Code or Rejection Code• If batch is not committed and batch has received authorisation code orrejection code from processor, user can choose to commit batch or ifneeded add more transactions to batch. RE will only process transactionsthat do not have an authorisation code or rejection code.
    • 5/3/2013 Footer 21COMMITTING BATCH• It is recommended to ‘Create a new batch of exceptions’ when committingthe batch. Rejected transactions will copied to this exception batch
    • 5/3/2013 Footer 22CLEAR DECLINED AUTHORISATION AND REJECTION CODES• In an exception batch – user can clear declined authorisation and rejectioncodes by clicking on Tools – Clear Declined Authorisation and RejectionCodes• NOTE: This will clear ALL the values out of the Rejection Code column.• To ONLY reprocess specific transactions, the specific rejection codes willneed to be deleted for those transactions. (see next page)
    • 5/3/2013 Footer 23CLEAR DECLINED AUTHORISATION AND REJECTION CODES• If user only wants to clear one particular group of rejection codes, user cansort batch by Rejection Code and delete the specific values.
    • 5/3/2013 Footer 24QUESTIONS???????????????Kaine CostelloEnterprise Account ManagerKaine.Costello@Blackbaud.com.au