Embracing Compliance, Security, and Technology in a COVID World

Nelnet Campus Commerce presented at the PDG Bursars SFS 2021 Virtual Conference in late April. This conference had over 700+ virtual attendees – and we were proud to be a Gold sponsor. Our presentation, “Embracing Compliance, Security, and Technology in a COVID World,” was hosted by Virgil Lloyd, business development executive at Nelnet Campus Commerce, and Cameron Stearns, interim bursar at the University of Wisconsin-Milwaukee.

In this webinar, we covered several topics, with a focus on technology, security, and compliance. The goals of this presentation were to promote insights on technology innovations (data analytics) that are reshaping higher ed today, highlight security threats (ransomware) facing institutions, and form a better understanding of compliance expectations and contactless payment solutions (PCI DSS 4.0).

In March 2021, a year into the pandemic, Inside Higher Ed conducted a survey of over 400 university and college presidents to gauge their confidence in their institutions. Over 44% said now is the time they will be transforming their institution by making changes to their core structures and operations to position themselves for long-term sustainability. Part of that transformation? Investments in technology – particularly solutions focused on improving retention.

Of these technology investments, data analytics is at the forefront. According to Virgil, the purpose of data analytics is to gain real-time insights from students and drive change with data. All of this needs to begin with a student-centered design, which has to be transparent with data collected and open to student feedback. At his institution, Cameron said, they recently conducted a drop student analysis, which measured students who left and their reasons for doing so. Thanks to data analytics, they discovered that most students left due to financial reasons. This allowed the institution to pivot, offering more flexible payment arrangements to keep more students enrolled.

Along with data analytics, artificial intelligence (AI) is the technology most Gen Z students are expecting in their campus lives. Students are connected to their devices almost 24/7 – because of that, they’ve come to expect answers quickly and efficiently. Virgil shared that in 2020, Nelnet recorded over 34,600 chat conversations.

It’s evident that students are far more likely to engage with a chat bot rather than make a phone call. This isn’t particularly surprising. Chat bots are great for quick, simple answers and they’re extremely convenient for students used to finding answers to their questions in mere seconds. Cameron added his institution uses a chat bot; however, it is informational only and does not connect the user to a person.

When it comes to security threats in higher ed, ransomware has the largest impact. Ransomware involves malicious actors gaining entry to your system/platform through things like phishing or spear phishing emails. Once these actors have access, they will hold your system hostage until a ransom is paid.

In 2020, ransomware attacks in higher ed spiked from just eight to 31 by Q3 and there are almost 4,000 attacks daily across all industries. Globally, that is one ransomware attack every 11 seconds. When it comes to cost, these types of attacks can cost a university over $230,000 and around 19 days of downtime for system access.

Ransomware attacks on higher ed institutions follow a similar pattern around timing. Attacks usually occur around the 1098-T during the tax refund period or even during financial aid disbursement. These players are getting more and more sophisticated when it comes to higher ed specifically.

To protect yourself and your institution, spend where it makes sense. Invest in training your staff, refer to online resources, like Information is Beautiful, and reach out to your technology partners who may have tips and tricks available. Other resources include the OmniSOC website, which is a group of Big 10 schools who specializes in security threats; and the FBI Cyber Division provides any notices of recent attacks.

At Nelnet Campus Commerce, we have a team of over 80 professionals focused on security and compliance. We are PCI Level 1 compliant service provider which can relieve institutions of the burden of hosting secure payment information, allowing them to focus on their students. Cameron shared his institution also has a dedicated in-house PCI DDS compliance manager. This position has helped them set up payment solutions that are compliant, paving the way for future methods of payment via systems like Venmo and PayPal.

Looking ahead to the release of the new PCI DDS 4.0 standard, the Q2 timeline has been shifted towards the end of 2021 or early 2022 due to COVID-19. As we wait to learn more about this timeline, we can share some suggested changes that are forthcoming:

• Focusing on new payment technologies and alternative forms of payment methods like type and swipe or tap to pay.
• Revising access management authentication requirements to reflect the latest industry best practices for passwords and multi-factor authentication.
• Moving away from a specific risk assessment checklist and making it more of a risk management process.
• Creating a more flexible, customized approach where institutions can design their own controls and implement them on the intent of the requirements.

Want to learn more from our conference session? Watch on-demand here.