News

Blackboard Updates Transact Commerce App for Compliance with PCI Standards

• By Dian Schaffhauser
• 08/28/09

Blackboard has released version 3.5 of Blackboard Transact, a set of applications that provides commerce and security management for campuses. The primary focus of the new edition is its compliance with the Payment Application Data Security Standard (PA-DSS), which enables the institutions that use it to comply with the Payment Card Industry Data Security Standard (PCI-DSS). The goal of PA-DSS is to help software vendors and others develop secure payment applications that don't store prohibited data and ensure their payment applications support compliance with the PCI DSS. Campuses are encouraged to use PA-DSS-compliant applications in their payment environments or risk eventually being denied the ability to access credit services by their credit card companies.

According to the company, release 3.5 received validation from Trustwave, a security assessor company, and acceptance from the PCI Security Standards Council.

"Payment application security compliance is a very important initiative for our university," said Stacie Gomm, associate vice president for IT at Utah State University. "Our Controller's office is driving this initiative to ensure that all of our financial systems and processes are PCI compliant. The enhanced security features of the Blackboard Transact platform are an important step towards compliance for our campus-wide ID card solution."

The Blackboard Transact platform has two primary modules. The Commerce Management module facilitates campus ID card issuance; on-campus, off-campus, and online commerce; cashless payment processing for dining, bookstore, vending, laundry, copy, print and parking services; financial reporting; and self-service account management. The Security Management module provides features to monitor door access control, manage video surveillance, and perform mass notification capabilities.

The new version also introduces capabilities to support enterprise-wide compliance policies and risk management; adds improved database audit logging; provides user account and password features including forced complex passwords, limited repeat access attempts, and account deactivation after 90 days of no use; and includes rewritten user documentation.