PCI 4.0 Requirements and Resources

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard that provides technical and operational requirements designated to protect payment data. PCI DSS v4.0.1 requirements, which were previously included in v4.0 as best practices, become effective as of March 31, 2025.

While Blackbaud can't provide specific PCI compliance advice to customers, our compliance team suggests the following resources to assist you in understanding your responsibilities:

• What is a PCI DSS Self-Assessment Questionnaire

• Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A

• Important PCI DSS v4.0.1 Update for E-commerce Merchants | Schellman

• FAQ Clarifies New SAQ A Eligibility Criteria for E-Commerce Merchants

• New Information Supplement: Payment Page Security and Preventing E-Skimming

• PCI Security Standards Council – Merchant Resources

For more specific guidance for your organization, contact your internal IT or compliance teams, a Qualified Security Assessor, or your acquiring bank.

Blackbaud is a third-party gateway for payment processing and a PCI DSS validated Level 1 Service Provider. For more information on how Blackbaud manages PCI compliance, see PCI Compliance on Blackbaud’s website.