2013 UNC Financial Systems
Conference
Tackling our Financial
Challenges
March 17 - 19, 2013
Agenda
• How do I find out who is taking payments?
• Centralizing Department Payments
–
–
–
–
Policy
Process
Communications
Technology
• Co-Sourcing, Integration, Security & Compliance
2
Online Payments
$100
$90
$80
Millions
$70
$60
$50
$40
$30
$20
$10
$2008
3
2009
2010
2011
2012
Proj
Best Practice
4
“Big Rocks”
• Tuition and Fees
– ERP
– Hosted Solution
– Policies for face-to-face payments
• Cashiering
• Swipe devices
•Payment Plans
•Enrollment process
•Service (questions about account)
•Red Flag Compliance
5
Best Practice
6
College Budgets
Departments
• Decreased State funding
• Seeking ways to generate
revenue
• Larger portion of budget
Auxiliary Services
• Promotes college
• Generates revenue
• Community Involvement
It’s great to have departments generating some revenue….
BUT……
7
Departmental Revenues
•
•
•
•
•
Want it right now
Going off on their own
All over the board
Don’t involve business office
Creates extra work for business office
Reconciliation nightmare!!!!!
8
Campus Departments
•
•
•
•
•
•
•
•
•
9
Parking
Theater
Events
Summer Camps
Alumni/Development
Pottery Store
Cheese Store
Merchandise Sales
Tickets
HOW ARE THEY DOING IT????
10
How do I find out who is
taking payments?
Subtitle
And how they are taking them…….
11
Do a search of your website…..
Awesome State University
12
13
Review and act upon what you find!!!
14
I know who is taking
payments……..
Now what do I do ????
Centralize Campus Commerce &
Department Payments
15
Centralize Campus Commerce &
Department Payments
• Policy
• Process
• Communication
• Technology
16
Policy & Process
• Day-to-day AND new service implementation
control is in YOUR hands
• Administrator establishes “order details” and
interface parameters in “test”
• File transfer & interfaces
– HTTPS communication
– Hash validation
• Tools are provided for testing new pages and
orders, and migrating them on your schedule
17
17
Value Proposition
• Departments can now innovate and create revenue
enhancement opportunities by selling on-line – securely!
• Reduces your institutional PCI compliance burden
• By design, encourages eCommerce best practices
•Straightforward configuration and rapid deployment drives
adoption
•Reports and “End-of-Day” file support reconciliation and other
production requirements
•Scalability and transparency
•Distribute administrative and operational support to trusted
partners
•Central visibility into all commerce activities
18
18
Centralized eCommerce Technology
• Platform for campus-wide commerce support
• Hosted order page with flexible data gathering capability
• Geared to address common university commerce needs
(product sales, simple event registration, gift processing)
• Powerful – multiple usage paradigms
• As basic “site” combined with payment page
• As embedded payment form in another website (e.g. in an
iFrame)
• As a behind-the-scenes payment service (pay now button)
•Versatile financial design
•Flexible configuration defines reporting and settlement
structure
•Can be leveraged to consolidate MIDs, reduce expenses,
enable “rollups”
19
19
Department Commerce
• Front End
•
•
•
•
Demographic information
Name, rank and serial number
SSN?
Student ID?
•Back end
•Payment information
•Account Information and card
holder data
•Address and zip
•CVV?
20
Co-Sourcing, Integration,
Security & Compliance
&
Strategies for Compliance
22
Accept
the risk
Mitigate
the risk
Avoid
the risk
Transfer
the risk
Co-sourcing & Compliance
A Trusted Partner
•
•
•
•
•
•
23
Part of your overall
compliance solution
Protect YOUR sensitive data
Proven track record
Knowledgeable
Customer Service focus
Reliable
SICAS Summit 2011 – The Power of SUNY
Co-sourcing: Secure & Convenient Convenience
•
•
•
•
Integration with your ERP
Integration with 3rd party vendors
Campus Commerce self-service
Centralized reporting &
reconciliation
Security
•
•
•
24
Core Business – PCI Level 1
Compliant Provider
Fully Hosted
Higher Ed Focused
Co-sourcing: Secure & Convenient Securing YOUR data
•
•
•
•
•
•
•
•
•
•
End-to-end encryption
Data at rest
Data in transit
Vulnerability scans
Penetration testing
Secure coding practices
Background checks
Best Practices
Redundancy
Physical Security
Value Added
•
•
•
25
Merchant Services
Compliance consulting
Forms processing
Third Party Vendor Integration -
26
Limiting your scope
Co-source with PCI-DSS Level 1Compliant
Providers
•
•
•
Level 1 Providers process >300K
transactions annually
Most stringent audit requirements
Prove compliance annually - (QSA)
Avoid Payment Applications that
reside locally
•
Ensure PA-DSS compliance where
this cannot be avoided
PTS Compliant Devices
•
Ensure PED (Pin Entry Devices) are
up-to-date and compliant
Policies & Procedures
•
27
Develop AND follow them
Limiting your scope
Training
•
Develop in-house training
program for anyone who
handles card holder data
Self-Assessment Questionnaire
(SAQ)
•
Complete it
annually
Incident Response Plan
•
Identify key stakeholders
•
Have a plan
“Compliance is a journey..not a destination”
Ron King, COO, CampusGuard
28
About Nelnet Business Solutions -
29
Contact
Brian Barry, Regional Vice President
brian.barry@nelnet.net - 888.867.8290
www.campuscommerce.com
30