2013 UNC Financial Systems Conference

Tackling our Financial Challenges

March 17 - 19, 2013

2

Agenda

• How do I find out who is taking payments?• Centralizing Department Payments

– Policy– Process– Communications– Technology

• Co-Sourcing, Integration, Security & Compliance

3

Online Payments

2008 2009 2010 2011 2012Proj

$-

$10,000,000

$20,000,000

$30,000,000

$40,000,000

$50,000,000

$60,000,000

$70,000,000

$80,000,000

$90,000,000

$100,000,000

4

Best Practice

5

“Big Rocks”

• Tuition and Fees– ERP– Hosted Solution– Policies for face-to-face payments

• Cashiering• Swipe devices

• Payment Plans• Enrollment process• Service (questions about account)• Red Flag Compliance

6

Best Practice

7

College BudgetsDepartments• Decreased State funding• Seeking ways to generate

revenue• Larger portion of budget

Auxiliary Services• Promotes college• Generates revenue• Community Involvement

It’s great to have departments generating some revenue….

BUT……

8

Departmental Revenues

• Want it right now• Going off on their own• All over the board• Don’t involve business office• Creates extra work for business office

Reconciliation nightmare!!!!!

9

Campus Departments

• Parking• Theater• Events• Summer Camps• Alumni/Development• Pottery Store• Cheese Store• Merchandise Sales• Tickets

10

HOW ARE THEY DOING IT????

11

How do I find out who is taking payments?

Subtitle

And how they are taking them…….

12

Do a search of your website…..

Awesome State University

13

14

Review and act upon what you find!!!

15

I know who is taking payments……..

Now what do I do ????

Centralize Campus Commerce & Department Payments

16

Centralize Campus Commerce & Department Payments

• Policy

• Process

• Communication

• Technology

17

Policy & Process• Day-to-day AND new service implementation

control is in YOUR hands• Administrator establishes “order details” and

interface parameters in “test”• File transfer & interfaces

– HTTPS communication– Hash validation

• Tools are provided for testing new pages and orders, and migrating them on your schedule

17

18

Value Proposition• Departments can now innovate and create revenue

enhancement opportunities by selling on-line – securely!

18

• Reduces your institutional PCI compliance burden

• By design, encourages eCommerce best practices• Straightforward configuration and rapid deployment drives

adoption• Reports and “End-of-Day” file support reconciliation and other

production requirements

• Scalability and transparency• Distribute administrative and operational support to trusted

partners• Central visibility into all commerce activities

19

Centralized eCommerce Technology• Platform for campus-wide commerce support

• Hosted order page with flexible data gathering capability • Geared to address common university commerce needs

(product sales, simple event registration, gift processing)

19

• Powerful – multiple usage paradigms• As basic “site” combined with payment page

• As embedded payment form in another website (e.g. in an iFrame)

• As a behind-the-scenes payment service (pay now button)

• Versatile financial design• Flexible configuration defines reporting and settlement

structure• Can be leveraged to consolidate MIDs, reduce expenses,

enable “rollups”

20

Department Commerce

• Front End• Demographic information• Name, rank and serial number• SSN?• Student ID?

• Back end• Payment information• Account Information and card

holder data• Address and zip• CVV?

Co-Sourcing, Integration, Security & Compliance

&

22

Strategies for Compliance

Acceptthe risk

Transferthe risk

Avoidthe risk

Mitigatethe risk

23

Co-sourcing & Compliance

A Trusted Partner

• Part of your overall compliance solution

• Protect YOUR sensitive data• Proven track record• Knowledgeable• Customer Service focus• Reliable

SICAS Summit 2011 – The Power of SUNY

24

Co-sourcing: Secure & Convenient -

Security• Core Business – PCI Level 1

Compliant Provider• Fully Hosted• Higher Ed Focused

Convenience• Integration with your ERP• Integration with 3rd party vendors• Campus Commerce self-service• Centralized reporting &

reconciliation

25

Co-sourcing: Secure & Convenient -

Value Added• Merchant Services• Compliance consulting• Forms processing

Securing YOUR data• End-to-end encryption• Data at rest• Data in transit• Vulnerability scans• Penetration testing• Secure coding practices• Background checks• Best Practices• Redundancy• Physical Security

26

Third Party Vendor Integration -

27

Limiting your scope Co-source with PCI-DSS Level 1Compliant

Providers• Level 1 Providers process >300K

transactions annually • Most stringent audit requirements• Prove compliance annually - (QSA)

Avoid Payment Applications that reside locally

• Ensure PA-DSS compliance where this cannot be avoided

PTS Compliant Devices• Ensure PED (Pin Entry Devices) are

up-to-date and compliant

Policies & Procedures• Develop AND follow them

28

Limiting your scope Training

• Develop in-house training program for anyone who handles card holder data

Self-Assessment Questionnaire (SAQ)

• Complete it annually

Incident Response Plan• Identify key stakeholders• Have a plan

“Compliance is a journey..not a destination”Ron King, COO, CampusGuard

29

About Nelnet Business Solutions -

30

Contact

Brian Barry, Regional Vice Presidentbrian.barry@nelnet.net - 888.867.8290

www.campuscommerce.com