Welcome to Luminate Ideas!

Please submit all product enhancement ideas below. We welcome your feedback; your ideas will be reviewed by the Product Manager that oversees the development of that part of the product on an ongoing basis and updated with its current status monthly based on our product planning process. Ideas you submit could help us shape features currently in development or grow our repository of requirements for our next big enhancement. Thank you for taking the time to share your thoughts and expertise with us.

If you believe you are experiencing a defect please contact Support.

Unpublished LO forms shouldn't process payment data

Currently when an LO form is unpublished, that just "shuts the front door" by making the client-side page for that form inaccessible, but that form is still available for attackers to fraudulently send payment data to over HTTP POST -- which is then processed by the unpublished donation form. This strikes us as a PCI compliance issue.

  • Guest
  • Feb 4 2019
  • Reviewed: Voting Open
LO - Current Gen / Compliance/Regulation
Area of the Product Donations
Org/Company Name Smithsonian
  • Attach files

Related ideas

Privacy Policy | Safe Harbor Notice | Terms of Use | Acceptable Use Policy | © 2019 Blackbaud, Inc. All Rights Reserved