Taking Payments Securely While Working Remotely

With the rise of COVID-19 (coronavirus), what was once an easy in-person payment in the business office has changed dramatically. Now, remote staff are trying to take payments from their home office with students over the phone. Yet regardless of where a payment is taken, it still must be protected from breaches and encrypted for the safety of the payer and institution.

Since 2017, Nelnet Campus Commerce has partnered with Bluefin to offer PCI-validated Point-to-Point Encryption (P2PE) payment solutions. P2PE is an encryption standard established by the Payment Card Industry (PCI) Security Standards Council. This standard requires all payment card data to be encrypted immediately at a merchant’s point-of-sale terminal, and the data is not decrypted until it leaves the merchant’s system or network.

We recently teamed up with Eldred Garcia, Bluefin’s VP of Security Solutions, and Daryl Robinson, Director of Product Strategy at Nelnet Campus Commerce, in a webinar to discuss P2PE payments— what it means and its benefits.

In the webinar, we look at a case study with the University of California, San Diego Extension. They implemented Bluefin’s PayConex P2PE solution in their work stations which accept walk-in and telephone payments. UC San Diego Extension was concerned about the security of these stations and the requirements to remain PCI-compliant as they expanded. Within one year of implementing, UC San Diego Extension has seen:

• $60k in annual savings in PCI penetration scanning and testing
• Reduced IT infrastructure hours required to maintain compliant workstations
• Increased efficiencies across all departments that processed payments

Another benefit Bluefin has provided clients — including Nelnet Campus Commerce’s service team — is the ability to process payments securely while working remotely. Bluefin’s PCI-validated P2PE solution ensures that credit and debit card data is immediately encrypted once it is entered into the payment terminal (either through typing, swiping or dipping) to prevent cardholder data from being present in the device or the merchant’s systems where it could be exposed to malware. Data decryption is done offsite in a Bluefin hardware security module (HSM), and Bluefin’s payment devices are mobile. This means that payments can be accepted all around campus, and (in the event of remote work) at a home office through a secure internet connection.

Check out the P2PE Webinar to learn how the P2PE process works through encryption, tokenization, and authorizations.