I downloaded the latest PE release recently. After a bit of testing, It seems that blackbaud really has made this pci compliant. What this means is that:--Any transfer of credit-card data is encrypted
--The credit card data is deleted from the database once the charge completes (except for the last four digits).
We have some business processes that depend on stored credit-card numbers, so we are waiting to upgrade until those are sorted out.
I did find that card numbers are stored in the pc-charge datbase (under heavy encryption). these numbers can only be accessed one at a time using teh trout id. It is a solution for an accountant that needs to refund a charge to an unknown patron, but would not be efficient for reporting purposes. I imagine that similar functions exist in other payment processing programs.
Raisers edge has a functionality for recurring payments in it's latest version. Perhaps a similar feature would benefit us PE users well? Be sure to put in a request if this is something that you can use.
If you decide to store card numbers outside of PE (on paper or otherwise) , your organization must comply with pci standards. Search for PCI "Self-Assesment Questionaire D" or SAQ-D to get the checklist required for such storage.
Happy PEing!
(ps, sorry about the data pollution. My last post about "clean coal" has been moved to another blog)
3 comments:
Is there any way that you would be willing to explain exactly where the c.c info is hidden in p.c charge, we are familair with the trout id. Thankyou for all the info on your blog!
pccharge has an "account lookup" feature. I forget how to get to it, but a little clicking around on the client will get you there. you enter the trout-id, and it will display the account number.
There is also a feature to purge out old transactions and / or archive old transactions, although it seems only to run when you start the program (pccharge server). PC-charge is listed as being pci compliant, so i'm assuming this includes the archiving feature... but any software is only as secure as the user - be sure to keep the admin password for pccharge safe.
BRING THIS BLOG BACK!!! It was wonderful now that I've found it, sadly so much has changed :(
Post a Comment