PCI DSS compliance

Rose Figg

Hi, is there a requirement to complete a PCI DSS assessment if we use Online Express?

Chris Martin

Hi Rose. While Blackbaud doesn't give generally give specific PCI guidance beyond how our products comply with PCI requirements, we don't believe that using Online Express eliminates the need to identify the right self-assessment questionnaire and to be able to demonstrate compliance.

Related important note: Last week, we shipped an update to OLX that included a new credit card processing configuration option for OLX donation forms. It now allows you to configure OLX donation forms to process credit cards using Blackbaud Checkout as opposed to direct connect to Blackbaud Payment Service (BBPS). What's relevant here is that there's a subtle technical difference in how Blackbaud Checkout works (compared to direct BBPS processing) that, when used, we believe could lower your burden of PCI compliance and if you would otherwise have used the SAQ A-EP questionnaire, you might now be able to use the simpler SAQ A questionnaire.


Of course each organization's situation is unique and there can be other factors impacting choice of SAQ...but we're optimistic that this new credit card processing option will help many OLX customers to lower their burden of PCI compliance.


Thanks Rose!

Chris Martin