Compliance Yesterday, Today and Tomorrow
Simplify tuition and fee payments by offering online processing of multiple payment types in a secure, convenient, and instantly updated portal for
students while automating communications for admins.
PCI security standards are managed by the PCI Security Standards Council, and they affect all merchants and service providers. Nelnet Campus
Commerce is a Level 1 Service Provider, so they have a very rigorous certification process. And of the 352 companies that are globally qualified
security assessors, CampusGuard is the only one that’s focused solely on higher education.
You are responsible for safeguarding the credit card data at your institution and complying with the PCI DSS. In your Merchant Agreement with your
acquiring bank, it states that you are responsible for adhering to and being compliant with their security standard, and also with the PCI DSS.
High Stakes for Compliance
Over the past several years, CampusGuard has been looking at statistics regarding where breaches are coming from. Compared to all other sectors, higher education has a disproportionate share. The other thing that’s shocking is that approximately 50 percent of the breaches occurring in higher education are a direct result of hacking. By comparison, the total number of hacking breaches among retailers is under 20 percent.
So, higher education is unfortunately a prime target for hackers. Most of the breaches — starting with hacking and then continuing with fraudulent use of credit card information — come about because of very simple things that could be fixed. When a university reports its compliance, they are either omitting important pieces altogether or are not defining scope completely. They are also looking at compliance as a one day a year checkoff event, and they have an incomplete risk management strategy instead of a continuous strategy.
Across campus, you may have somewhere between five and 100 different locations taking cards in every conceivable way — for tuition and fees, parking, dining, residence halls, theater, athletic ticketing, concessions, and so on. Compare that with McDonald’s, which has 15,000 stores but one very simple, very secure way of accepting credit card payments. This is the major reason why it’s so difficult for a college or university to be compliant with the data security standard.
Want to read more?
To download this white paper, please fill out the form below.