PCI refers to the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of rules that govern what you must do to handle credit card data. There are several levels of compliance that your organization may need to be certified for, depending on how much cardholder data you have access to and how many transactions you process per year.

  1. Bloomerang Forms and PCI
  2. Your Organization and PCI

Bloomerang Forms and PCI

Bloomerang partners with Spreedly to reduce your PCI scope, or the compliance burden you face so you may continue taking credit card data.

Why Partner with Spreedly?

Before we partnered with Spreedly, your PCI scope was greater. Here’s how it worked: Your organization placed a Bloomerang donation form on its website. This form was hosted by Bloomerang, so credit card data was never sent to your organization directly. However, the card data collection form did come from your website, which meant that your organization needed to use form SAQ-EP to self-assess.

Spreedly integrates with various credit card processors. The credit card data fields come directly from Spreedly, instead of from the Bloomerang form or your website. By partnering with Speedly, Bloomerang is able to reduce your PCI scope to only SAQ-A, a much easier self-assessment.

Note: Curious about SAQ-A vs. SAQ-EP and how it affects your organization? Read PCI-DSS v3.0 for Online Merchants.


Your Organization and PCI

Please note that even using Bloomerang’s solution does not entirely eliminate your compliance burden! Your contract with the credit card company requires that your organization fills out a PCI self-assessment to become PCI certified. However, Bloomerang and Spreedly make your certification much easier to attain.


Related