Security Statement

Details on Secure Credit Card Donations

AFAP uses eTapestry secure payment gateway service. All eTapestry services are fully PCI compliant. PCI compliance is a set of security requirements endorsed by the PCI Security Standards Council, founded by a consortium of major credit card brands to enhance credit and debit card data security. The consortium includes Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services and JCB. All organizations that process, store, or transmit payment card data must comply with PCI standards. All existing merchant organizations must comply with PCI standards or risk losing their ability to process credit card payments. 

eTapestry is a Blackbaud product. Blackbaud has validated compliance with the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). Brightline performed the PCI DSS validation for Blackbaud’s solutions within the hosted environment. Blackbaud offers both hosted and locally-installed payment solutions because all nonprofits operate differently. Alternatively, Blackbaud’s locally-installed payment solutions are PCI certified and compliant with PA-DSS.

The PCI DSS security requirements are endorsed by the PCI Security Standards Council, founded by a consortium of major credit card brands including Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB, to enhance credit and debit card data security. Validated as a Level 1 Service Provider and Payment Gateway, Blackbaud had to demonstrate compliance with 12 security requirements by thoroughly reviewing its IT environment and information security policies and procedures.

The Council also supports the PA DSS, a set of security requirements that apply to software vendors that develop payment applications that process, store or transmit cardholder data as part of authorization or settlement.

For further information please go to https://www.blackbaud.com/pci-compliance/