CREDIT CARD PAYMENT IT INITIATIVE
The Usual Suspects
Eric Jeanes Frank Feagans Matt George Robbyn Lennon
Daniel Mcconnell
Keith Wilburn Cheryl Novalis-Marine
Ed Xia
Kelly Bogart Gil Salazar Greg Horner Mark Barton
Robert Casler Robert Lanza Joseph Corso Judith Mayoral-Schnee
Chris Schreiber
Matt George Ben Emmons Bernadine Cannon
Wayne Peterson
Htay Hla
Payment Process
Look
& F
eel
Logo
s an
d H
eade
rs
Prod
uct D
iver
sity
Shopping Cart Functions
Secure & PCI Compliant
Cybersource OR Other Authorized Gateway - Merchant Link - BlackBoard - etc…
Auth
oriza
tion:
Au
to o
r Man
ual S
ettle
Need to know the Source: Where the charge came from
Customized Receipt and Identification in Credit Card Statement
Need to create a Cybersource Account
Option 2: One Cybersource account for whole campus
Option 1: One Cybersource account per Event or Unit
A central e-commerce solution that:• Handles security and
vulnerability scans• Is Customizable• Puts up “products” in a
timely manner• Allows for data collection• Integrates with Bursar
accounts and KFS accounts• Has log management
Estimated Costs
TASK People Time Money Frequency
Set up Merchant Account with B of ACAMPUS MERCHANT BANK CARDS (CREDIT) ACCEPTANCE AGREEMENT Responsible Person & Department HeadSet up Authorization Gateway account (e.g. Cybersource, Authorize.net; PayflowPro) $20.00 month
Set up purchasing interface (shopping cart) Web Developer 20 hrs once per storefrontcreate web pages using custom codingORPurchase 3rd party shopping site (e.g. RegOnline; UA Foundation; or 3DCart)
Support 60 hrs Annual
Purchase Reconciliation Business Mgr/Accountant assume 1 kuali account per cybersource merchantdepends on activity level and number of accounts per store
PCI Scans and updating/patching Sys Admins 128 hrs AnnualExternal Server ScansInternal Server ScansApplication Scans includes Developer Annual
Compliance Procedures/Documentation 20 hrs AnnualMerchant SummaryMerchant AgreementSAQ / PCI CertificationCredit Card PolicyCollege/Dept'l ProceduresProcess FlowchartTraining 3rd Party VendorIncident Response PlanScan Results TOTAL ANNUAL LABOR 228 hrs @ $75/hr $17,100
per Storefront
From Meeting #3 Feb. 5, 2013
E-Commerce Service
Central Shopping Cart
Common DRUPAL Codebase
DB1 DB2 DB3 DB4 etc
1 Cybersource Accountper Department or Website
site1 2 3 4 5 6
Estimated 80 SAQ A Merchants
Dept1Website
Dept2Website
Dept3website
Etc…
1 Payment Gateway / 1 Cybersource Account for Campus
Distribute to KUALI Accountsvia Reports
Option 1 from Slide 1 Option 2 from Slide 1
3rd Party PCI-Compliant E-Commerce
Service (s)RegOnline, 3DCart, etc.
Dept1Website
Dept2Website
Dept3website
Etc…
Cybersource or Other Payment Gateways –
Per Department or EventDistribute to KUALI Accounts
After Meetings 4 & 5; Recommended Solutions: Option 1: Use 3rd Party PCI Compliant service -SAQA Merchants Only
PCI Scanning may not be required for these servers
if payment gateway is not
ours
Check mailed back to department from
RegOnline
E-Commerce in a Box from UITS –
PCI-compliant merchant service(coming soon)
Dept1Website
Dept2Website
Dept3website
Etc…
Cybersource or Other Payment Gateways –Per Department or Event
Distribute to KUALI Accounts
After Meetings 4 & 5; Recommended Solutions: Option 2: Use 3rd “E-Commerce in a Box” -SAQA Merchants Only
PCI Scanning not required for these
servers (TBD)
Anticipated Gains
• $$$ Annual Savings• Reduced Institutional Risk• Increased Collaboration based on common solutions• Increased Efficiencies
Still Needed:• RegOnline account management process (Bursar Ofc.
coordinating)• e-Commerce in a box (UITS)
Estimated Savings
Credit Card Merchant Services Process SAQA only
TASK People Savings Time Money Frequency
Set up Merchant Account with B of ACAMPUS MERCHANT BANK CARDS (CREDIT) ACCEPTANCE AGREEMENT Responsible Person & Department HeadSet up Authorization Gateway account (e.g. Cybersource, Authorize.net; PayflowPro) $20.00 month
Set up purchasing interface (shopping cart) Web Developer 10 hrs 20 hrs once per storefrontcreate web pages using custom codingORPurchase 3rd party shopping site (e.g. RegOnline; UA Foundation; or 3DCart)
Support 60 hrs Annual
Purchase Reconciliation Business Mgr/Accountant assume 1 kuali account per cybersource merchantdepends on activity level and number of accounts per store
PCI Scans and updating/patching Sys Admins 64 hrs 128 hrs AnnualExternal Server ScansInternal Server ScansApplication Scans includes Developer Annual
Compliance Procedures/Documentation 20 hrs AnnualMerchant SummaryMerchant AgreementSAQ / PCI CertificationCredit Card PolicyCollege/Dept'l ProceduresProcess FlowchartTraining 3rd Party VendorIncident Response PlanScan Results TOTAL ANNUAL SAVINGS 74 hrs @ $75/hr $5,500
CAMPUS-WIDE ANNUAL SAVINGS (80 SAQ A Merchants) $444,000
CREDIT CARD PAYMENT IT INITIATIVE
THANK YOU!!
QUESTIONS & DISCUSSION