Stay PCI Compliant By Taking Action 4126

Stay PCI Compliant By Taking Action

Published

Hopefully you’ve heard about TLS and the changes to TLS recommended by the PCI Security Standards Council. The bottom line? You may need to take action to remain PCI Compliant and retain full functionality in your software solutions.  But don’t worry – we have you covered!
 


What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS to date are TLS v1.0, v1.1, and v1.2.

What’s changing and what do I need to do?
As part of our commitment to sector-leading security and in alignment with industry best practices set forth by the PCI Security Standards Council, Blackbaud is disabling TLS (Transport Layer Security) v1.0 encryption protocol across all its solutions on March 15, 2018.
This is an industry-wide change, required by the PCI Security Standards Council of all software vendors and payment processors.

Blackbaud Solutions
If you are on a Blackbaud cloud or hosted solution and receive upgrades automatically, your Blackbaud solutions are always current and always compliant – you will receive any needed changes to your solution automatically. However, if you are self-hosted or schedule your own upgrades, please go to www.Blackbaud.com/TLS to review what version of your solution you need to be on and make sure your organization has plans to adopt a compliant version before March 15, 2018.

Operating Systems and Browsers
In addition to ensuring you’re on the latest version of your Blackbaud solution, you also need to ensure you’re using compatible operating systems and browsers. The same requirement applies to your donors that are making transactions on your website. For a full list of compliant operating systems and browsers, visit Blackbaud.com/TLS.

After March 15th, you will not be able to log on to your Blackbaud solutions from a noncompliant operating system or browser. If your donors go to your website to make a donation and are running incompatible versions of their operating system or browser, their transaction will fail.

Ask your IT department to confirm your organization’s operating system and browsers are ready for TLS changes.

Still have questions? Don’t worry. As your technology partner, we’re here to help. Check out Blackbaud.com/TLS for all the information you need.
 
 
News Community News 10/26/2017 4:36pm EDT

Leave a Comment

14 Comments
Hi Mike! CyberSource should probably address that question, not us. :)
How will Cybersource customers be affected, given their recent announcement that they are disabling TLS v1.0 and v1.1 by February 28th, 2018?
Thanks for the catch, Kelley. I've updated the blog post with a reference link.
>"For a full list of compliant operating systems and browsers, SEE BELOW"
Did you forget to append the list?
Debra, we will definitely be blogging (like we did here) simple language that you can use with donors soon. I'm still tracking down if we will also send an email with everything in it.
We are recent clients of RE and OLX. I will follow up with our IT from our end, but can you send me suggested simple language when ready? Thank you. 
Hi June, you can find a full list of solutions, how they are impacted by this, and what you will need to do to prepare for it here: https://www.blackbaud.com/TLS
Could you please let me know specifically which Blackbaud software solutions are affected? Does it involve only transactions that are made on our webpage?
What I really need are chip readers, when are those going to be available?
 
Great question, Laura. I’ve reached out to the teams who are coordinating these messages and they said we will know more early next week. Once I know, I’ll let you know as well! 
Will the follow-up post be emailed as well? 
Great questions, Marisa and Patricia! We will be posting a follow-up blog post with some helpful language and tips for communicating this information with your donors.
Or a standardized paragraph to be added to donation pages?
Can anyone suggest "language" that is user friendly when trying to communicate this to our donors?  I am guessing we should send email blasts about this in Luminate, but want it to be easily understood.  Any suggestions?  

Share: