I downloaded the latest PE release recently. After a bit of testing, It seems that blackbaud really has made this pci compliant. What this means is that:--Any transfer of credit-card data is encrypted
--The credit card data is deleted from the database once the charge completes (except for the last four digits).
We have some business processes that depend on stored credit-card numbers, so we are waiting to upgrade until those are sorted out.
I did find that card numbers are stored in the pc-charge datbase (under heavy encryption). these numbers can only be accessed one at a time using teh trout id. It is a solution for an accountant that needs to refund a charge to an unknown patron, but would not be efficient for reporting purposes. I imagine that similar functions exist in other payment processing programs.
Raisers edge has a functionality for recurring payments in it's latest version. Perhaps a similar feature would benefit us PE users well? Be sure to put in a request if this is something that you can use.
If you decide to store card numbers outside of PE (on paper or otherwise) , your organization must comply with pci standards. Search for PCI "Self-Assesment Questionaire D" or SAQ-D to get the checklist required for such storage.
Happy PEing!
(ps, sorry about the data pollution. My last post about "clean coal" has been moved to another blog)
