Guide to BBPS and BBMS Blackbaud Payment Services and Blackbaud Merchant Services explained. What is BBPS/BBMS? Blackbaud Payment Services (BBPS) is Blackbaud s solution for secure credit card storage. All credit cards in your Blackbaud products are stored in our secure servers at BBPS. This protects the donor s personal information as well as the user from any liability. BBPS is required by all Blackbaud products to either process or store credit card information. BBPS is what enables Blackbaud software to adhere to the PCI-DSS security standards set forth by the major credit card companies. Blackbaud Merchant Services (BBMS) is a merchant account available to use with your Blackbaud products. Merchant accounts are responsible for actually processing the credit card transactions and depositing the funds into your bank account. How do I sign up for these accounts? This is a two part sign up process. Clients must have their Site ID and be listed as a Primary User or Web Admin on our records to sign up. Contact support@blackbaud.co.uk if you are unsure of this or ask your Web Admin to look on blackbaud.com where they can view this. Firstly you need to go to https://bbps.blackbaud.com and sign up for BBPS. The terms and conditions for Blackbaud Payment Services can be found here: www.blackbaud.com/files/bbms/bbpstc.pdf Then, you need to go to https://bbmsmerchant.blackbaud.com to sign up for BBMS. At this stage you will need your bank details. You will also create a statement descriptor at this stage. Note: It is extremely important that you note each username and password you create at this stage.
After signing up for BBMS you will need to provide validation of the bank account to our compliance team. You can see the information needed and who to send it to in the URL: www.blackbaud.com/bbmsaccountvalidation Note: You can still take payments while waiting to do this, but you won t get any of the money disbursed until this is completed. Are there fees associated with using BBMS? Yes there are transactional fees when using BBMS therefore if you never process a payment you will never be charged. For Visa/MasterCard/Maestro cards, there is a 2.75% + 19p per transaction fee. For American Express cards, this rate is higher at 3.5% + 19p per transaction. Note: BBMS is not compatible with Visa Electron cards. Can I have more than one BBMS account? Yes, additional BBMS accounts can be used to diversify funds by adding another bank account for deposit and/or for reporting purposes, for example one BBMS account for donations and another for all event income. When using Blackbaud Merchant Services as your merchant provider, you can create additional accounts at no extra cost. If you plan to process multiple currencies, you will need to create a BBMS account per currency, so one for s and one for $ s. What currencies does BBMS support? BBMS currently is available to clients processing in U.S. dollars, Canadian dollars, British pounds and Euros. Euros are limited only to banks located in Ireland and England. You must have a bank account domiciled in these countries if you would like to set up Blackbaud Merchant Services (BBMS) accounts for multiple currencies. In other words, to have a BBMS account which processes dollars, you must have a bank account in the US.
How do I link my product with my BBMS account to take payments? etapestry Simply navigate to Management > My Organisation > Preferences and enter your BBPS username and password. Save this change. Then navigate to Management > My Organisation > ecommerce and select Add new BBMS processor, enter your BBMS details. Save, then log out of etapestry and back in. The Raiser s Edge and Online Express You will first need to login to The Raiser s Edge as the Supervisor user. Note that this is the default account for The Raiser s Edge with the name Supervisor. Once you re logged in, head over to Config > General and enter your BBPS Username & Password. You won t see this section if you are not logged in with the user Supervisor (even if your own account has Supervisor rights). Once completed, click Test Connection and it should be successful. From here, your BBMS accounts automatically download in Config > Business Rules > Merchant Accounts. Blackbaud NetCommunity While logged in with an account that has Supervisor rights, head over to Administration > Sites & Settings. Once this page loads, click into Web Services and scroll down until you get to Blackbaud Payment Services. Enter your username/password then hit Save at the top. Your BBMS accounts will automatically download in Administration > Merchant Accounts. Can I only take payments via an Online Form with BBMS? No, each product has its ability for payment processes and feature set. For example, in etapestry you can process payments directly within a journal record. etapestry is currently the only product that will automatically take payments on a scheduled basis. For The Raiser s Edge, transactions are processed through the Batch module.
It s important to note that when you process a transaction via the CRM product (etapestry / The Raiser s Edge) then the donor will not automatically be acknowledged for the donation. If the donor donates via an online form (etapestry DIY Form, Blackbaud NetCommunity or Online Express) then they will be. Is BBMS compliant with data protection? Can a user access card details? Blackbaud Services has achieved full Payment Card Industry Data Security Standard (PCI DSS) compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed by the major credit card companies to enhance credit card data security. Information on Blackbaud and PCI Compliance can be found here: www.blackbaud.co.uk/pci-compliance All card numbers are tokenised after saving (only the last four digits will show) so that no user can access these details. What measures can I put in place to prevent fraud occurring through BBMS? You can increase current AVS and CSC levels on your merchant accounts. This will help to prevent fraudulent transactions. The Address Verification System (AVS) is a fraud prevention tool that matches the address entered by the donor against what the credit card issuer has on file. AVS checks are provided as additional fraud protection to verify the customer billing address submitted with online transactions. CSC refers to the printed, not imprinted, number on your Visa, MasterCard, American Express, or Discover Card. This number is never transferred during card swipes and should only be known by the person in physical custody of the credit card. Card Security Code (CSC) checks are provided as additional fraud protection for online transactions to verify the code entered during the transaction.
Finally, the last measure you can put in place to avoid this is to implement premium Fraud Management screening available for Card Not Present transactions. This offers you the ability to block donations originating in High Risk Countries (those with a high risk of scams and credit card fraud), deny transactions based upon the number of times the same card has been used within a short duration (what you would ideally like to set up) and various other settings. However, with these premium settings there is an additional fee for each transaction (on top of your usual processing fee). AVS Levels: So what AVS and CSC Levels can I set? Full: Accepts transactions only when both the numeric portion of the street address and postal code match. Medium: Accepts transactions when either the numeric portion of the street address or postal code match. This is the most commonly selected option. Light: Accepts transactions when either the numeric portion of the street address or the postal code match or when either aren t checked/verified. None: Accepts all transactions regardless of incorrect data. CSC Levels: None: BBMS does not use CSC to check transactions. Light: The CSC must be correct or return a response that indicates the result is unavailable (i.e. Does not participate ). Full: The CSC must be correct. Does my CRM have any built-in fraud prevention methods? etapestry etapestry automatically adds a new restriction when six failures occur within the past hour for any single IP address. The effective date should be set for one hour from the current date/time. If a restriction already exists for the given IP address and isn t active (i.e. is disabled or the effective date is old), it will be activated with a one hour restriction.
You can also manually restrict particular IP addresses from attempting to donate on your pages. You should retrieve the IP addresses from each individual fraudulent transaction in the Web Portal, then carry out the below steps: 1. Log into etapestry 2. Click Management 3. Click My Organization 4. Click the ecommerce tab from under the main account header 5. Click Manage IP Address Restrictions from under Links 6. On this page you can see any active restrictions, enable or disable them based on your needs 7. Click New Restriction from under Tasks 8. Fill in the Address, any Comments, and specify when you would like to restrict this IP address 9. Click Save The Raiser s Edge The Raiser s Edge will use the fraud prevention measures from Blackbaud Merchant Services. Note that AVS is not used when processing Credit Cards via this product. Blackbaud NetCommunity In NetCommunity, can enable recaptcha. This goes at the bottom of donation forms and will ask the donor to enter a piece of text they see on an image. recaptcha is widely used when making online payments. How often will the money be disbursed? Blackbaud Merchant Services (BBMS) regularly issues disbursements (deposits) to clients banks from donations that have come through the payment gateway. The disbursement calendar will allow you to view when a payment will be made to the organisation.
What is the maximum amount I can process through BBMS? Through Blackbaud Merchant Services, there is a security feature that limits high value transactions. Gifts larger than the transaction limit will be declined. To authorise transactions for gifts larger than the transaction limit, break the donation up into parts. For example, if processing a transaction in USD that is worth $60,000, process two $30,000 gifts. The default limit for British Pound Sterling (GBP) is 32,700 or less. What is a suspect transaction and what do I do with it? Transactions are flagged as suspect when they meet certain criteria that makes them stand out as possibly fraudulent. Criteria for flagging transactions as suspect are as follows: - Velocity check for multiple identical transactions (same amount) from the same credit card and/or IP address within a short period of time (for Card Not Present transactions only) - Questionable IP addresses which fraudulent activity has been reported from previously - High-risk country check - Transaction amount exceeds 10,000 Suspect Transactions will expire after 60 days, and will be disbursed at that point if no action is taken. What is a chargeback? A chargeback is issued when a donor disputes the donation/transaction with their credit card company. This can occur if the card was reported stolen, or the cardholder does not recall making the specified transaction.
Any time a donor files a chargeback, it is always approved upfront. Because credit card processing companies charge approximately 20 per chargeback issued, this same 20 charge is in turn charged to the organisation. When a chargeback occurs, the bank is automatically retrieving the donation from the organisation. You can however challenge this. You can also email ChargeBacks@Blackbaud.com. You should dispute these chargebacks and also refund other suspect transactions as soon as possible. How do I refund a transaction? You are able to issue refunds within the BBMS Web Portal. Simply search for the transaction and select Refund. You can refund the full transaction amount or issue a partial refund. This refund will appear in the next disbursement cycle. BBMS refunds the transaction to the credit card company/bank immediately. Although, it may take 3-5 days for the bank to post it to the constituents account. Note: Credit card refunds must be issued within 180 days from the date of the original transaction. etapestry Reverse the transaction by marking it as final, saving and then selecting the reverse option to show that it was refunded and keep your reports and historical data tracking accurate. The Raiser s Edge Ensure you correctly amend the gift so your reporting remains accurate.
You can log into the web portal and access the Disbursement Report: https://bbms.blackbaud.com/login.aspx www.blackbaud.co.uk How can I reconcile with my bank statement? This report contains all net and gross amounts for donors in the disbursement period. You can run reports in your CRM product (etapestry or The Raiser s Edge) to reconcile with the BBMS report. I can t access my BBMS account how can I get in? Web admins are able to reset their BBMS and BBPS passwords via the Blackbaud website. Once reset, these must be added into your CRM product and if BBPS has been reset this must be entered in BBMS (account configurations) otherwise you will be unable to process payments. If your BBPS account credentials are correctly entered into The Raiser s Edge, your merchant accounts will automatically download. For etapestry, you will need to manually enter in your BBMS details. The Support team can also make you aware of the username of the accounts which have been created. Can I use any other payment processors with my CRM? BBPS must be used regardless of the payment processor. The only other processor that is compatible with The Raiser s Edge, etapestry and NetCommunity is CyberSource, however the fees associated with CyberSource tend to be higher than BBMS. Want to know more? Don t hesitate to get in touch with our Support team and they will be more than happy to answer any questions you might have.