Blackbaud Online Giving Form - not secure?
I would think Blackbaud would enforce security, wouldn't they?
I guess if the giving form is hosted on the school's site, there's not much Blackbaud can do, is there?
Comments
-
Blackbaud NetCommunity? I know that has as donation part that is not secure, so we don't use that one. The payment 2.0 part is secure and PCI compliant. Also, I found the donation part/method on the personal giving pages is NOT secure in my book either.
0 -
I'm not entirely sure if it's NetCommunity or not. It has all the personal info and the credit card fields on a one page form, and Chrome says "This page is not secure, do not enter things like passwords and credit cards here..." And then there's a link that reads "Payment Process By Blackbaud"... That probably isn't PCI compliant, is it?
We don't have NetCommunity (and we're looking at lots of different options for online giving right now) so I'm a little unclear about what needs to be secure and what doesn't....0 -
I'm not an expert on PCI, however, that does not sound secure. At minimum, it should use a SSL certificate and be the URL should be prefixed with "https://" Now their certificate may have just expired, so they should take care of that ASAP if that is it.
However, just because you use BBPS or BBMS to process credit cards, does not mean you are PCI compliant.
The idea is if you enter, transmit, or store credit cards on your network, the entire network would be brought into scope. Even if you store paper credit card information, there are certain steps you need to take to be PCI compliant.
I try to have the credit cards processed on third-party servers, so that we are not bringing our network into scope. More information on PCI in general can be found here: https://www.pcisecuritystandards.org/
I do recommend working with a PCI consultant to ensure PCI compliance for your organization. Even if you use all third-party vendors you are required to fill out of these forms: https://www.pcisecuritystandards.org/document_library?category=saqs#results
2 -
We had the same issue when we switched to Online Express/BBMS. We had to have our web person secure our website. BB had nothing to do with it.3
-
I've seen this (and have had it happen to me). Usually it's due to a photo or logo being on the page that is externally hosted.
For example, if I have a BBNC page (https://www.donatenow.com) but the layout points to an external logo (http://www.mycompany.com/logo.jpg) in the code, this will cause Chrome to say the page is not secure. In Chrome you can Ctrl+Shift+I to see the page's code, and search for "http://" to see where the bad links are.
I hope this explains it! I have a head cold today so what I wrote may be gibberish.Michelle
1 -
We had something similar come up and it had to do with our web address, people were typing www before the address so it was being redirected to our actual address making it appear as though the page wasn't secure. BB helped up put the verified by GEO Trust on each of our giving pages so visitors would know it was secure. I would check with support they can probably help you identify why it is being flagged and fix it.
0 -
Nicole McMorrow:
We had the same issue when we switched to Online Express/BBMS. We had to have our web person secure our website. BB had nothing to do with it.Same here - we switched to OLX and needed to buy the security for the page. No big deal - just wish someone other than a DONOR had told us!
0 -
You're right - it's no big deal, but it would be nice to get this information from Blackbaud. We also heard from a donor about this.
Jennifer Lange:Nicole McMorrow:
We had the same issue when we switched to Online Express/BBMS. We had to have our web person secure our website. BB had nothing to do with it.Same here - we switched to OLX and needed to buy the security for the page. No big deal - just wish someone other than a DONOR had told us!
2 -
We also had this problem when we switch to OLX. I was surprised to discover that OLX wouldn't be secure with our current website. We couldn't buy a certificate for that website setup, but were within a couple of months of upgrading our site on a new host. We needed to switch the type of hosting we purchased, and needed the certificate. I was surprised that BB didn't share more of this info before selling us the software. And clearly like it wasn't only us. (Blackbaud, if you're listening, please give your customers more info about what they need to have in place to use OLX forms securely, before the purchase!)
2 -
Tom Klimchak:
I'm not sure where else to post this... We're looking at different schools and their giving forms. We found a school that says it is using Blackbaud's online giving, but the form is NOT secure.
I would think Blackbaud would enforce security, wouldn't they?
I guess if the giving form is hosted on the school's site, there's not much Blackbaud can do, is there?Though it doesn't directly affect this particular issue, with the recent change in regulations allowing ISPs to sell consumer browsing information now is a good time for all organizations to take a closer look at all your web security and consider forcing https for your entire web site. Technology has advanced enough that the added overhead is minimal and the extra security also helps block 3rd party pop-ups (xfinity is notorius for adding content when using their open wifi). https://en.wikipedia.org/wiki/HTTPS_Everywhere
1
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 3 Blackbaud Staff Discussions
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board