CREDIT CARD PAYMENT IT INITIATIVE

The Usual Suspects

Eric Jeanes Frank Feagans Matt George Robbyn Lennon

Daniel Mcconnell

Keith Wilburn Cheryl Novalis-Marine

Ed Xia

Kelly Bogart Gil Salazar Greg Horner Mark Barton

Robert Casler Robert Lanza Joseph Corso Judith Mayoral-Schnee

Chris Schreiber

Matt George Ben Emmons Bernadine Cannon

Wayne Peterson

Htay Hla

Payment Process

Look

& F

eel

Logo

s an

d H

eade

rs

Prod

uct D

iver

sity

Shopping Cart Functions

Secure & PCI Compliant

Cybersource OR Other Authorized Gateway - Merchant Link - BlackBoard - etc…

Auth

oriza

tion:

Au

to o

r Man

ual S

ettle

Need to know the Source: Where the charge came from

Customized Receipt and Identification in Credit Card Statement

Need to create a Cybersource Account

Option 2: One Cybersource account for whole campus

Option 1: One Cybersource account per Event or Unit

A central e-commerce solution that:• Handles security and

vulnerability scans• Is Customizable• Puts up “products” in a

timely manner• Allows for data collection• Integrates with Bursar

accounts and KFS accounts• Has log management

Estimated Costs

TASK People Time Money Frequency

Set up Merchant Account with B of ACAMPUS MERCHANT BANK CARDS (CREDIT) ACCEPTANCE AGREEMENT Responsible Person & Department HeadSet up Authorization Gateway account (e.g. Cybersource, Authorize.net; PayflowPro) $20.00 month

Set up purchasing interface (shopping cart) Web Developer 20 hrs once per storefrontcreate web pages using custom codingORPurchase 3rd party shopping site (e.g. RegOnline; UA Foundation; or 3DCart)

Support 60 hrs Annual

Purchase Reconciliation Business Mgr/Accountant assume 1 kuali account per cybersource merchantdepends on activity level and number of accounts per store

PCI Scans and updating/patching Sys Admins 128 hrs AnnualExternal Server ScansInternal Server ScansApplication Scans includes Developer Annual

Compliance Procedures/Documentation 20 hrs AnnualMerchant SummaryMerchant AgreementSAQ / PCI CertificationCredit Card PolicyCollege/Dept'l ProceduresProcess FlowchartTraining 3rd Party VendorIncident Response PlanScan Results TOTAL ANNUAL LABOR 228 hrs @ $75/hr $17,100

per Storefront

From Meeting #3 Feb. 5, 2013

E-Commerce Service

Central Shopping Cart

Common DRUPAL Codebase

DB1 DB2 DB3 DB4 etc

1 Cybersource Accountper Department or Website

site1 2 3 4 5 6

Estimated 80 SAQ A Merchants

Dept1Website

Dept2Website

Dept3website

Etc…

1 Payment Gateway / 1 Cybersource Account for Campus

Distribute to KUALI Accountsvia Reports

Option 1 from Slide 1 Option 2 from Slide 1

3rd Party PCI-Compliant E-Commerce

Service (s)RegOnline, 3DCart, etc.

Dept1Website

Dept2Website

Dept3website

Etc…

Cybersource or Other Payment Gateways –

Per Department or EventDistribute to KUALI Accounts

After Meetings 4 & 5; Recommended Solutions: Option 1: Use 3rd Party PCI Compliant service -SAQA Merchants Only

PCI Scanning may not be required for these servers

if payment gateway is not

ours

Check mailed back to department from

RegOnline

E-Commerce in a Box from UITS –

PCI-compliant merchant service(coming soon)

Dept1Website

Dept2Website

Dept3website

Etc…

Cybersource or Other Payment Gateways –Per Department or Event

Distribute to KUALI Accounts

After Meetings 4 & 5; Recommended Solutions: Option 2: Use 3rd “E-Commerce in a Box” -SAQA Merchants Only

PCI Scanning not required for these

servers (TBD)

Anticipated Gains

• $$$ Annual Savings• Reduced Institutional Risk• Increased Collaboration based on common solutions• Increased Efficiencies

Still Needed:• RegOnline account management process (Bursar Ofc.

coordinating)• e-Commerce in a box (UITS)

Estimated Savings

Credit Card Merchant Services Process SAQA only

TASK People Savings Time Money Frequency

Set up Merchant Account with B of ACAMPUS MERCHANT BANK CARDS (CREDIT) ACCEPTANCE AGREEMENT Responsible Person & Department HeadSet up Authorization Gateway account (e.g. Cybersource, Authorize.net; PayflowPro) $20.00 month

Set up purchasing interface (shopping cart) Web Developer 10 hrs 20 hrs once per storefrontcreate web pages using custom codingORPurchase 3rd party shopping site (e.g. RegOnline; UA Foundation; or 3DCart)

Support 60 hrs Annual

Purchase Reconciliation Business Mgr/Accountant assume 1 kuali account per cybersource merchantdepends on activity level and number of accounts per store

PCI Scans and updating/patching Sys Admins 64 hrs 128 hrs AnnualExternal Server ScansInternal Server ScansApplication Scans includes Developer Annual

Compliance Procedures/Documentation 20 hrs AnnualMerchant SummaryMerchant AgreementSAQ / PCI CertificationCredit Card PolicyCollege/Dept'l ProceduresProcess FlowchartTraining 3rd Party VendorIncident Response PlanScan Results TOTAL ANNUAL SAVINGS 74 hrs @ $75/hr $5,500

CAMPUS-WIDE ANNUAL SAVINGS (80 SAQ A Merchants) $444,000

CREDIT CARD PAYMENT IT INITIATIVE

THANK YOU!!

QUESTIONS & DISCUSSION