2013 UNC Financial Systems Conference Tackling our Financial Challenges March 17 - 19, 2013 Agenda • How do I find out who is taking payments? • Centralizing Department Payments – – – – Policy Process Communications Technology • Co-Sourcing, Integration, Security & Compliance 2 Online Payments $100 $90 $80 Millions $70 $60 $50 $40 $30 $20 $10 $2008 3 2009 2010 2011 2012 Proj Best Practice 4 “Big Rocks” • Tuition and Fees – ERP – Hosted Solution – Policies for face-to-face payments • Cashiering • Swipe devices •Payment Plans •Enrollment process •Service (questions about account) •Red Flag Compliance 5 Best Practice 6 College Budgets Departments • Decreased State funding • Seeking ways to generate revenue • Larger portion of budget Auxiliary Services • Promotes college • Generates revenue • Community Involvement It’s great to have departments generating some revenue…. BUT…… 7 Departmental Revenues • • • • • Want it right now Going off on their own All over the board Don’t involve business office Creates extra work for business office Reconciliation nightmare!!!!! 8 Campus Departments • • • • • • • • • 9 Parking Theater Events Summer Camps Alumni/Development Pottery Store Cheese Store Merchandise Sales Tickets HOW ARE THEY DOING IT???? 10 How do I find out who is taking payments? Subtitle And how they are taking them……. 11 Do a search of your website….. Awesome State University 12 13 Review and act upon what you find!!! 14 I know who is taking payments…….. Now what do I do ???? Centralize Campus Commerce & Department Payments 15 Centralize Campus Commerce & Department Payments • Policy • Process • Communication • Technology 16 Policy & Process • Day-to-day AND new service implementation control is in YOUR hands • Administrator establishes “order details” and interface parameters in “test” • File transfer & interfaces – HTTPS communication – Hash validation • Tools are provided for testing new pages and orders, and migrating them on your schedule 17 17 Value Proposition • Departments can now innovate and create revenue enhancement opportunities by selling on-line – securely! • Reduces your institutional PCI compliance burden • By design, encourages eCommerce best practices •Straightforward configuration and rapid deployment drives adoption •Reports and “End-of-Day” file support reconciliation and other production requirements •Scalability and transparency •Distribute administrative and operational support to trusted partners •Central visibility into all commerce activities 18 18 Centralized eCommerce Technology • Platform for campus-wide commerce support • Hosted order page with flexible data gathering capability • Geared to address common university commerce needs (product sales, simple event registration, gift processing) • Powerful – multiple usage paradigms • As basic “site” combined with payment page • As embedded payment form in another website (e.g. in an iFrame) • As a behind-the-scenes payment service (pay now button) •Versatile financial design •Flexible configuration defines reporting and settlement structure •Can be leveraged to consolidate MIDs, reduce expenses, enable “rollups” 19 19 Department Commerce • Front End • • • • Demographic information Name, rank and serial number SSN? Student ID? •Back end •Payment information •Account Information and card holder data •Address and zip •CVV? 20 Co-Sourcing, Integration, Security & Compliance & Strategies for Compliance 22 Accept the risk Mitigate the risk Avoid the risk Transfer the risk Co-sourcing & Compliance A Trusted Partner • • • • • • 23 Part of your overall compliance solution Protect YOUR sensitive data Proven track record Knowledgeable Customer Service focus Reliable SICAS Summit 2011 – The Power of SUNY Co-sourcing: Secure & Convenient Convenience • • • • Integration with your ERP Integration with 3rd party vendors Campus Commerce self-service Centralized reporting & reconciliation Security • • • 24 Core Business – PCI Level 1 Compliant Provider Fully Hosted Higher Ed Focused Co-sourcing: Secure & Convenient Securing YOUR data • • • • • • • • • • End-to-end encryption Data at rest Data in transit Vulnerability scans Penetration testing Secure coding practices Background checks Best Practices Redundancy Physical Security Value Added • • • 25 Merchant Services Compliance consulting Forms processing Third Party Vendor Integration - 26 Limiting your scope Co-source with PCI-DSS Level 1Compliant Providers • • • Level 1 Providers process >300K transactions annually Most stringent audit requirements Prove compliance annually - (QSA) Avoid Payment Applications that reside locally • Ensure PA-DSS compliance where this cannot be avoided PTS Compliant Devices • Ensure PED (Pin Entry Devices) are up-to-date and compliant Policies & Procedures • 27 Develop AND follow them Limiting your scope Training • Develop in-house training program for anyone who handles card holder data Self-Assessment Questionnaire (SAQ) • Complete it annually Incident Response Plan • Identify key stakeholders • Have a plan “Compliance is a journey..not a destination” Ron King, COO, CampusGuard 28 About Nelnet Business Solutions - 29 Contact Brian Barry, Regional Vice President brian.barry@nelnet.net - 888.867.8290 www.campuscommerce.com 30