best practices in campus-wide ecommerce

34
Straight Talk on Campus Commerce 2007 7 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information Best Practices In Campus-wide eCommerce STRAIGHT TALK ON CAMPUS COMMERCE

Upload: deacon

Post on 14-Jan-2016

44 views

Category:

Documents


0 download

DESCRIPTION

STRAIGHT TALK ON CAMPUS COMMERCE. Best Practices In Campus-wide eCommerce. TouchNet. Established in 1989 Specializing in Self Service Serving Higher Education since 1993 Specializes in Higher Education 700 Users Partnerships: SunGard, Datatel, PeopleSoft - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best PracticesIn

Campus-wideeCommerce

STRAIGHT TALK ON

CAMPUS COMMERCE

Page 2: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

TouchNet● Established in 1989● Specializing in Self Service● Serving Higher Education since 1993● Specializes in Higher Education 700 Users● Partnerships: SunGard, Datatel, PeopleSoft● Payment Card Industry (PCI) Certified● Member of NACHA● Foundation: Payment Gateway

– Credit Card, ACH Engine, Debit Cards

Page 3: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Agenda

● Common Practices in eCommerce

● Discuss Best Practices

● Payment Card Industry (PCI) Standards

● Summary

● Questions and Maybe Some Answers

Page 4: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

What are YourCommerce Initiatives?

● Tickets● T-shirts● Tuition● Textbooks● Donations● Event Registration● Non-Credit Classes● Athletics

● Central Stores● ACH (Electronic

Checks)● Electronic Billing● Camps● Parking● Cashiering● Fundraising● More…

Page 5: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

eCommerce Is More Than Tuition

● Athletics: Game Tickets, Logo Wear

● Alumni: Donations, Events

● Theatre: Tickets, Fund Raising

● Bookstore: Books, Merchandise

● Admissions: Application Fees

● Parking: Permits, Fines

Page 6: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Current Practices

● Multiple Payment Pages

● Multiple Security Burdens

● Disparate Systems

● Separate Reconciliation

● Rogue Processors

● Absence of a Central Administration

Page 7: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Common Practice: Typical Campus

Page 8: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best Practice

One Payment Engine for the Entire Enterprise

– Control: Piece of Mind; PCI Compliance– Costs: Collective Volumes Reduces Costs– Efficiency: Managing multiple systems drains

time and resources– Real-time Payment Processing– Brand Management

Page 9: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Centralized Commerce Model

Page 10: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Administrative Management

Page 11: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Track Tender Types

Page 12: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best PracticeCampus Commerce Management

● Common Infrastructure: Synch In-line and Online Channels

● Process Payments from a Variety of Departments and Systems

● Single & Recurring Payments

● Manage Processing and Reconciliation Costs

● Leverage Existing Business Applications

● Compliance Control:– PCI, FERPA, GLB, PABP, NACHA

● Central Accountancy: Integration with Finance Systems

Page 13: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Simplifying Campus Commerce

Single Gateway

Secure Payment Processing

Single Framework

Needed Websites

Store Store Store

Existing Websites

Pay Pay Pay

Page 14: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

The “Mall” View

The “Store” View

Sample of School Shopping Site

Page 15: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Integrating Payment Functionality to an Existing Web Site

Existing Web Page

Link out to a Secure Payment Page

Page 16: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best Practice Operations

Centralized Control /Decentralized Management

– Common Technical Environment – Reduces IT Overhead– Individual Departments Manage Online Presence– Able to serve existing web applications

Page 17: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best Practice Embrace PCI

● Understand the Requirements ● Face Reality: Your Merchants Have Issues● Accept Responsibility: Form A Team● Create eCommerce Policy● Identify & Educate Campus Merchants● Raise Awareness● Set Requirements for Campus Merchants● Budget (work into current projects)

Page 18: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

PCI Merchant LevelsMerchant Level 1

●Any merchant-regardless of acceptance channel-processing over 6,000,000 transactions per year.

●Any merchant that has suffered a hack or an attack that resulted in an account data compromise.

●Any merchant that any of the Payment Card Brands, at their sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the respective card system.

Merchant Level 2

Any merchant processing 150,000 to 6,000,000 e-commerce transactions per year.

Merchant Level 3

Any merchant processing 20,000 to 150,000 e-commerce transactions per year.

Merchant Level 4

Any merchant processing fewer than 20,000 e-commerce transactions per year, and all other merchants processing up to 6,000,000 transactions per year.

Page 19: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Face Reality… “Your campus merchants have issues!”

● Single Location or Multiple Campuses

● Tens or Hundreds of Merchants ID’s

● Unknown online activity

● Multiple Payment Methods

● Multiple Banking/Processor Relationships

● Multiple Payment Gateways in use

● Little to no knowledge of PCI requirements

Page 20: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Accept Responsibility:Form a Project Team

● Treasurer

● Controller

● Bursar

● IT

Appoint a Team Leader

Page 21: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Create eCommerce Policy

● If starting from scratch– Look for examples online– Ask your favorite listserv

● If one currently exist– Include PCI requirements

Page 22: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Identify & Educate Campus Merchants

● Identify Merchants– Include Online and In-line Merchants– Across the entire enterprise

ERP Systems: SIS, Finance Departments: Athletics, Alumni, Theatre, etc.

● Survey Merchants

● Google your “.edu” domain

Page 23: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Raise Awareness

● Get the word out…

- Email

- Newsletters

- Meetings

- Advertisements

- Broadcast

● Fear Factor - show them why...

Page 24: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Why the Control?● Two West Coast Universities

– 178,000 former and current students, applicants and employees– 59,000 students, staff and faculty

● Three Northeast Schools– 2,100 students, alumni and professors – 120,000 individuals

● Two Southwest Universities– 5,000 International Students– 55,200 students, faculty and staff

● Two Southern Universities– 30,000 students, faculty and staff– 57,000 patrons of the Arts & Theater

The Headlines!

PCI - #1 ISSUE

Page 25: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Source: Privacy Rights Clearinghouse, Feb. 15, 2005 through June 14, 2006.

PCI - #1 ISSUE

Why Should You Care?

Page 26: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Merchant Liabilityfor improper storage of credit card data

● If cardholder data is compromised, you may be subject to the following liabilities and fines associated with non-compliance: – Potential fines of up to $500,000

– All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward

– Cost of re-issuing cards associated with the compromise

– Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise

– Average cost of rectifying breech = $2 Million - Ambrion TrustWave

Page 27: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Design Enterprise Architecture

● Standardize – Build or Buy a Gateway as a foundation for campus commerce– Enterprise Payment Gateway– PCI Self Assessment or Certified Provider– Consolidate Acquiring Banks and

Processors– Open to campus vendors i.e., Parking,

Collections, Alumni, etc.

Page 28: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Self Assessment Questionnaire

● Complete PCI Internal Assessment

● 10 Pages (Microsoft Word format)

● http://www.visa.com/cisp

● 12 Requirements

Page 29: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

PCI Data Security Standards (often referred to as the “Digital Dozen”)

1 Install and maintain a working firewall

2 Do not use vendor-supplied default passwords

3 Protect stored data

4 Encrypt data sent across public networks

5 Use and update anti-virus software

6 Develop and maintain secure systems and applications

Page 30: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

PCI Data Security Standards

7 Restrict access to data by “need to know”

8 Assign unique ID to each person with access

9 Restrict physical access to cardholder data

10 Track and monitor all access to network

resources and cardholder data

11 Regularly test security systems and processes

12 Maintain a policy that addresses information

security

Page 31: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Page 32: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

What’s One More Certification?

PCI - #1 ISSUE

Payment ApplicationBest Practices

[PABP]

Page 33: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Best Practices: Summary

● One Payment Engine for Enterprise● Consolidate ALL Payments● Control and Manage Costs● PCI Preparedness● Conduct Self Assessments● Create Awareness● Form a Team● Educate Merchants● Document, document, document

Page 34: Best Practices In Campus-wide eCommerce

Straight Talk on Campus Commerce 2007

© 2007 TouchNet Information Systems, Inc. All rights reserved. TouchNet Confidential Information.

Questions?

Thank you!

Dave Swan

Regional Manager

TouchNet Information Systems

[email protected]