Compliance Yesterday, Today and Tomorrow

In Brief:

  • Simplify tuition and fee payments by offering online processing of multiple payment types in a secure, convenient, and instantly updated portal for
    students while automating communications for admins.

  • PCI security standards are managed by the PCI Security Standards Council, and they affect all merchants and service providers. Nelnet Campus
    Commerce is a Level 1 Service Provider, so they have a very rigorous certification process. And of the 352 companies that are globally qualified
    security assessors, CampusGuard is the only one that’s focused solely on higher education.

  • You are responsible for safeguarding the credit card data at your institution and complying with the PCI DSS. In your Merchant Agreement with your
    acquiring bank, it states that you are responsible for adhering to and being compliant with their security standard, and also with the PCI DSS.

Insight type: White Paper

High Stakes for Compliance

Over the past several years, CampusGuard has been looking at statistics regarding where breaches are coming from. Compared to all other sectors, higher education has a disproportionate share. The other thing that’s shocking is that approximately 50 percent of the breaches occurring in higher education are a direct result of hacking. By comparison, the total number of hacking breaches among retailers is under 20 percent.

So, higher education is unfortunately a prime target for hackers. Most of the breaches — starting with hacking and then continuing with fraudulent use of credit card information — come about because of very simple things that could be fixed. When a university reports its compliance, they are either omitting important pieces altogether or are not defining scope completely. They are also looking at compliance as a one day a year checkoff event, and they have an incomplete risk management strategy instead of a continuous strategy.

Across campus, you may have somewhere between five and 100 different locations taking cards in every conceivable way — for tuition and fees, parking, dining, residence halls, theater, athletic ticketing, concessions, and so on. Compare that with McDonald’s, which has 15,000 stores but one very simple, very secure way of accepting credit card payments. This is the major reason why it’s so difficult for a college or university to be compliant with the data security standard.

Want to read more?

To download this white paper, please fill out the form below.

Ron King

President and Chief Operating Officer, CampusGuard

Widely known for his expertise in developing long-term partner relationships, Ron effectively communicates directly with C-level administrators at campus-based institutions nationwide. With over 25 years’ experience supporting campus-based information and network systems initiatives, including more than ten years specializing in information security and compliance issues, Ron is a frequent guest speaker and panelist at prestigious conferences throughout the United States.