1 / 34

Best Practices In Campus-wide eCommerce

STRAIGHT TALK ON CAMPUS COMMERCE. Best Practices In Campus-wide eCommerce. TouchNet. Established in 1989 Specializing in Self Service Serving Higher Education since 1993 Specializes in Higher Education 700 Users Partnerships: SunGard, Datatel, PeopleSoft

deacon
Download Presentation

Best Practices In Campus-wide eCommerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. STRAIGHT TALK ON CAMPUS COMMERCE Best Practices In Campus-wide eCommerce

  2. TouchNet • Established in 1989 • Specializing in Self Service • Serving Higher Education since 1993 • Specializes in Higher Education 700 Users • Partnerships: SunGard, Datatel, PeopleSoft • Payment Card Industry (PCI) Certified • Member of NACHA • Foundation: Payment Gateway • Credit Card, ACH Engine, Debit Cards

  3. Agenda • Common Practices in eCommerce • Discuss Best Practices • Payment Card Industry (PCI) Standards • Summary • Questions and Maybe Some Answers

  4. Tickets T-shirts Tuition Textbooks Donations Event Registration Non-Credit Classes Athletics Central Stores ACH (Electronic Checks) Electronic Billing Camps Parking Cashiering Fundraising More… What are YourCommerce Initiatives?

  5. eCommerce Is More Than Tuition • Athletics: Game Tickets, Logo Wear • Alumni: Donations, Events • Theatre: Tickets, Fund Raising • Bookstore: Books, Merchandise • Admissions: Application Fees • Parking: Permits, Fines

  6. Current Practices • Multiple Payment Pages • Multiple Security Burdens • Disparate Systems • Separate Reconciliation • Rogue Processors • Absence of a Central Administration

  7. Common Practice: Typical Campus

  8. Best Practice One Payment Engine for the Entire Enterprise • Control: Piece of Mind; PCI Compliance • Costs: Collective Volumes Reduces Costs • Efficiency: Managing multiple systems drains time and resources • Real-time Payment Processing • Brand Management

  9. Centralized Commerce Model

  10. Administrative Management

  11. Track Tender Types

  12. Best PracticeCampus Commerce Management • Common Infrastructure: Synch In-line and Online Channels • Process Payments from a Variety of Departments and Systems • Single & Recurring Payments • Manage Processing and Reconciliation Costs • Leverage Existing Business Applications • Compliance Control: • PCI, FERPA, GLB, PABP, NACHA • Central Accountancy: Integration with Finance Systems

  13. Single Framework Simplifying Campus Commerce Needed Websites Existing Websites Store Store Store Pay Pay Pay Secure Payment Processing Single Gateway

  14. The “Mall” View Sample of School Shopping Site The “Store” View

  15. Integrating Payment Functionality to an Existing Web Site Existing Web Page Link out to a Secure Payment Page

  16. Best Practice Operations Centralized Control / Decentralized Management • Common Technical Environment • Reduces IT Overhead • Individual Departments Manage Online Presence • Able to serve existing web applications

  17. Best Practice Embrace PCI • Understand the Requirements • Face Reality: Your Merchants Have Issues • Accept Responsibility: Form A Team • Create eCommerce Policy • Identify & Educate Campus Merchants • Raise Awareness • Set Requirements for Campus Merchants • Budget (work into current projects)

  18. PCI Merchant Levels

  19. Face Reality… “Your campus merchants have issues!” • Single Location or Multiple Campuses • Tens or Hundreds of Merchants ID’s • Unknown online activity • Multiple Payment Methods • Multiple Banking/Processor Relationships • Multiple Payment Gateways in use • Little to no knowledge of PCI requirements

  20. Accept Responsibility:Form a Project Team • Treasurer • Controller • Bursar • IT Appoint a Team Leader

  21. Create eCommerce Policy • If starting from scratch • Look for examples online • Ask your favorite listserv • If one currently exist • Include PCI requirements

  22. Identify & Educate Campus Merchants • Identify Merchants • Include Online and In-line Merchants • Across the entire enterprise • ERP Systems: SIS, Finance • Departments: Athletics, Alumni, Theatre, etc. • Survey Merchants • Google your “.edu” domain

  23. Raise Awareness • Get the word out… - Email - Newsletters - Meetings - Advertisements - Broadcast • Fear Factor - show them why...

  24. PCI - #1 ISSUE Why the Control? The Headlines! • Two West Coast Universities • 178,000 former and current students, applicants and employees • 59,000 students, staff and faculty • Three Northeast Schools • 2,100 students, alumni and professors • 120,000 individuals • Two Southwest Universities • 5,000 International Students • 55,200 students, faculty and staff • Two Southern Universities • 30,000 students, faculty and staff • 57,000 patrons of the Arts & Theater

  25. PCI - #1 ISSUE Why Should You Care? Source: Privacy Rights Clearinghouse, Feb. 15, 2005 through June 14, 2006.

  26. Merchant Liabilityfor improper storage of credit card data • If cardholder data is compromised, you may be subject to the following liabilities and fines associated with non-compliance: • Potential fines of up to $500,000 • All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward • Cost of re-issuing cards associated with the compromise • Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise • Average cost of rectifying breech = $2 Million - Ambrion TrustWave

  27. Design Enterprise Architecture • Standardize – Build or Buy a Gateway as a foundation for campus commerce • Enterprise Payment Gateway • PCI Self Assessment or Certified Provider • Consolidate Acquiring Banks and Processors • Open to campus vendors i.e., Parking, Collections, Alumni, etc.

  28. Self Assessment Questionnaire • Complete PCI Internal Assessment • 10 Pages (Microsoft Word format) • http://www.visa.com/cisp • 12 Requirements

  29. PCI Data Security Standards (often referred to as the “Digital Dozen”) 1 Install and maintain a working firewall 2 Do not use vendor-supplied default passwords 3 Protect stored data 4 Encrypt data sent across public networks 5 Use and update anti-virus software 6 Develop and maintain secure systems and applications

  30. PCI Data Security Standards 7 Restrict access to data by “need to know” 8 Assign unique ID to each person with access 9 Restrict physical access to cardholder data 10 Track and monitor all access to network resources and cardholder data 11 Regularly test security systems and processes 12 Maintain a policy that addresses information security

  31. PCI - #1 ISSUE What’s One More Certification? Payment Application Best Practices [PABP]

  32. Best Practices: Summary • One Payment Engine for Enterprise • Consolidate ALL Payments • Control and Manage Costs • PCI Preparedness • Conduct Self Assessments • Create Awareness • Form a Team • Educate Merchants • Document, document, document

  33. Questions? Thank you! Dave Swan Regional Manager TouchNet Information Systems dswan@touchnet.com

More Related