Credit card transactions created in Blackbaud NetCommunity (i.e. Donations, Event Registrations, and Memberships) are stored in the Blackbaud NetCommunity database by either:
- Encryption for Credit Card Number, Expiration month and expiration year data using an obfuscated 192-bit key (TripleDES) for recurring credit card transactions only.
- Masking the existing credit card information with a wildcard (*) for non-recurring credit card transactions.
For direct debit transactions, the following fields are stored encrypted:
Routing number and account number.
Once the transaction has been processed in The Raiser's Edge NetCommunity plug-in, the credit card information is marked as processed in the Blackbaud NetCommunity database and remains stored in the Blackbaud NetCommunity database indefinitely. An exception is if the credit card was blocked during the processing at our Credit Card service. In this case the card number is stored encrypted in our services database. This is only used to monitor attempts to illegally use a credit card. We do not store any other information about the credit card (i.e. card holder name, address, expiration, or CSC value).
The Raiser's Edge never has a credit card number stored from a NetCommunity transaction unless the gift is recurring. When a user makes a recurring gift on the website the entire credit card number must be stored so the future payments can be processed in The Raiser's Edge. The card number is stored in Blackbaud Payment Services (BBPS).