10 November 2022 
Matt Sisson, Projects and Membership Manager
This blog is provided by Martha Wilson, ISA, Sr. Manager, Payment Programs at TouchNet
Bad actors continue to innovate ways to launder, hack, and phish payments and user data. Higher education holds a large amount of financial and personal data as well as significant and sensitive research data. This makes universities a prime target for data breaches.
To stay ahead of new risks and reduce damage, government and payment industry authorities continually develop data security and compliance standards. Keeping pace with these standards is not merely “checking the box” on a form but crucial to the financial and operational health of an organisation.
Anyone that processes, stores, or transmits credit or debit card data is required to be compliant with standards set by the Payment Card Industry (PCI) Security Standards Council. In doing so, higher education institutions not only stay in good standing but also protect themselves from the financial costs, legal processes, and damaged reputation that come from a data breach.
Achieving and maintaining PCI compliance is made simpler and more effective by wisely selecting a payment processing solution. The following features and benefits should be at the top of your list when choosing a processing partner:
1. Built to secure and comply
Choose a payments solution that is fully in accordance with PCI standards and is Europay-MasterCard-Visa (EMV) certified.
2. Built for change
A secure solution should also be built to accommodate changes to a campus and its payments environment. Look for software with the flexibility and scalability to support multiple payment methods such as credit/debit and channels including in person, online, mobile, and across campus.
3. Evolves quickly to new standards
As the digital conversion of payments continues, compliance standards and regulations will continue to evolve. Go with a solution that stays current and simplifies the process to meet the latest standards including PCI, SCA, PSD2, and GDPR.
4. Goes beyond the minimum requirements
A payment solution should not just meet the security standards set by the PCI council but surpass minimum requirements and implement high standards. This protects your institution and students and reinforces a campuswide culture of compliance and security.
5. Provides impactful resources
The work of PCI compliance is complex, difficult and time consuming. A payments solution provider should ease your workload by offering resources including guidance on processing, policy templates, helpful reports, system vulnerability scans, and more.
6. Reduces PCI scope and paperwork
A payments solution should limit the scope of required compliance through a variety of methods, which in turn reduces the amount of annual paperwork to attest compliance. PCI scope reduction can include, but is not limited to, centralising all campus payments through one platform, supporting link-out payments for third-party vendors, organising merchant identification numbers, and integrating with PCI and EMV-compliant payments hardware.
7. Provides end-to-end service
Choose an end-to-end solution that secures the entire payment chain, from purchase through processing, via the vendor’s vertical integration.
Staff training is crucial
Software helps but security and compliance is achieved and maintained by human habits. A well-chosen PCI-compliant payments solution needs well-trained staff to implement it and uphold standards. The PCI Security Standards Council provides a wealth of knowledge and resources. In addition, your payments solution vendor should also offer counsel on security and compliance training for staff.
Simplify Securing Payments
Due to the complexity, diversity, and quantity of payments on a campus, security and compliance requires consistent attention and effort in many areas. An advanced payments solution will help fulfil PCI compliance measures and, as often as possible, find ways to decrease the intricacy and extent of compliance measures you must fulfil, while securing payments data from end to end.
For any questions, or to get in touch with the team at TouchNet, contact Kelsey Ingram.
