Autocompliance Questions about Checkout
Note: The full requirements of PCI 4.0 will begin to be enforced on March 31, 2025. Your organization has its own PCI audit date to comply with those requirements. To ensure your organization is ready, update all of your payment forms before your PCI audit date. To ensure that Blackbaud is compliant before Blackbaud's audit, we will run an Auto-Compliance Migration Script from May 1-16th to enforce updated payment processing. The script will update all unchanged forms with the checkout modal, potentially causing layout and processing changes. This script cannot update API forms, which you must manually update. See Auto Migration FAQs.
March 5: What is happening on May 1 (previously March 18)?Starting May 1, Blackbaud will systematically audit all Luminate Online and TeamRaiser donation forms using an auto-compliance script to ensure full adherence to the new PCI requirements.
If non-compliant PCI settings are detected on standard donation forms, the script will auto-correct them by adding the new Checkout Merchant Account (if not already added) and the Modal to the form, which may result in layout changes. While we aim to minimize technical disruptions, please be aware that this script may inadvertently affect some donation forms' payment processing.
Note: To exclude a form from the auto-compliance script, update to checkout before May 1. Forms already configured with checkout are PCI compliant and won't be affected by the script. You can still work on forms even after the script runs.
To avoid any issues, we strongly recommend updating your donation forms using the support resources below before the March 31 PCI v4 deadline. Waiting for the May 1 Auto-Compliance Migration Script could cause unexpected payment processing problems.
March 5: What changes are happening to API-based forms?Warning: Breaking changes are coming to coming to payment processing APIs after May 1.
If your form uses APIs for online credit and debit card transactions via Luminate Online, upcoming PCI standards require updates to API methods, parameters, and shadow forms. There will not be automatic updates made to API-based donation forms; however, the previous APIs will cease to function, blocking the forms. These forms require manual updates as these are BREAKING CHANGES.
Warning: To comply with PCI 4.0, update your forms to use the new checkout methods.
| Previous method | New checkout method |
|---|---|
| addGift (TeamRaiser) | addGiftCheckout (TeamRaiser) |
| donate | donateACH (March 5 update:) |
| donate | donateCheckout |
| offlineOrganizationGift | offlineOrganizationGiftCheckout |
| updateRecurringBankAccountInfo | updateRecurringCheckoutPaymentInfo |
| updateRecurringCreditCardInfo | updateRecurringCreditCardInfo |
Additionally, in TeamRaiser, processRegistration will only process transactions that use a transaction token after May 1, 2025. Credit card numbers will no longer flow through the method.
APIs deprecated after May 1:
For more information, review the Checkout API documentation.
March 5: What's the deadline to enable forms with the PCI changes?March 31, 2025 is still the PCI 4.0 deadline.
This is the date to ensure your credit card processing points to a checkout-enabled merchant account and add either the checkout modal or embedded data element. When this is completed, the script will SKIP your compliant form.
March 5: Am I able to keep working on forms after the script runs?Yes. Blackbaud will begin running the Auto-Compliance Migration Script May 1 (previously March 18). You can continue to update and test your forms after the script runs.
March 5: When is Blackbaud switching forms systematically?We'll process a group starting May 1 and will continue to process others until May 16.
Feb 12: What will happen with the Auto-Compliance Script?Blackbaud will review every part of Luminate Online and TeamRaiser that touches credit card processing to ensure that the appropriate merchant account has been established and that a PCI-compliant checkout data element has been added. For areas that are not updated, the script will select a checkout merchant account and enable the Checkout modal data element.
Note: The Auto-Compliance Script will NOT update API forms. They must be adjusted manually to ensure they continue working appropriately.
Feb 12: Why is there an Auto-Compliance Migration Script?PCI compliance applies to all customers and Blackbaud, so to protect credit card processing for everyone, Blackbaud must ensure that all card processing is compliant by the deadline.
Feb 12: Will our dev site also be updated with the Auto-Compliance Migration Script?Yes, all development sites will also have the script run.
Feb 14: What if I have different forms to maintain external ACH processing?Protections are in place to ensure those ACH dedicated forms are untouched with this process.
Feb 14: What should I do if I detect that Blackbaud has completed the Auto-Compliance Migration Script for my site?Ensure the appropriate merchant account has been selected. If not, update it immediately.
Review donation forms to ensure that the layout is as you intend and fix any custom data elements that may have been displaced.
Feb 18: How will the Auto-Compliance Migration Script impact my form that uses the S1300 Tag version of Classic Blackbaud Checkout?Classic Blackbaud Checkout using the S1300 Tag was updated to use PCI-compliant tokens instead of credit card data, so your implementation can continue to work as long as you have configured your merchant account and completed the steps described in Checkout using the S1300 Tag.
Updated May 9: What if I am in Canada?For Canadian customers processing direct debit transactions through iATS, please use a separate donation form from the one used for credit cards processed through Blackbaud Merchant Services.
We now have support for credit cards and Canadian direct debit (ACSS) on the same form. See Canadian Direct Debit.