Lyle Janney gwydion@purdue.edu

Doug Kanwischer kanwisch@purdue.edu

Information Technology Enterprise Applications

(ITEA)Purdue University

Copyright Statement

• Copyright Lyle Janney and Doug Kanwischer , 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

The Discussion

Background• SSINFO• Ecommerce

The Project• Parts is parts• Who’s paying (for who): SSINFO• Money in our pocket: Ecommerce• Giving credit where its due

Picture: Today and Tomorrow

SSINFO Background

• Electronic Student Services since 1990

• On the Web since 1998

• 2 or 3 upgrades to functionality each year

• Primary service to West Lafayette campus students

SSINFO ApplicationFeatures

• Academic History• Transcript Request• CODO Papers Request• Class Schedule• Grades• Course Tutors• Exam Schedule• Progress Report• "What If" Progress Reports• Aid Status• Encumbrances• Tuition & Fee Info• Fee/Housing Credits• Housing Fee Info

• Student Loans• Tax Credit• Addresses & Phones• Emergency Contact Info• Demographic Info• Change My Password• Manage Account Access• SCC Concert Ticket Times• Athletic Tickets• Voting/Elections• Surveys• Off Campus Housing• Student Job Postings • Student Organizations

Other University Services Connected to by SSINFO

• Graduate Student Database• Purdue Directory Search• Purdue Web Search• Student Web Email• Boiler Volunteer Network

• Online Course Information• University Schedule of

Classes• University Final Exam

Schedules• University Evening Exam

Schedules

SSINFO Infrastructure

Student accesses SSINFO using a web browser from home, dorm room, lab, kiosk, etc.

Round-robin load distribution assigns each connection to one of the SSINFO web application servers

SIS database server is the store-house for all the student information

SSINFO Infrastructure

SIS database server is the authoritative source for some student data, but not all

Data that still must be synchronized with legacy systems passes through the Distributed Processing Environment (DPE) on a nightly basis

Mainframe is still the source for Registration, Bursar, Financial Aid and other student information

IBM

SSINFO Usage

Nearly 40,000 students have used SSINFO this semester

Most used features include:• Course Schedules• Exam Schedules• Academic History• Financial Aid• Tuition & Fees• Progress Reports• Student Job Listings• Student loans• Link to Student Web Email

Ecommerce Background

Driver• Added service• Increased Investment funds

Scope• Strictly a “plug-in”• Uses only Perl, PL/SQL (Oracle), SQL, C• VISA Security Requirements

Ecommerce BackgroundShow Me the Money

050

100150200250300

Millions

Actual

Potential

Ecommerce Background

Use of credit cards• Applications• Cost• Customer service• Versus Automated Clearing House (ACH)

transactions

Purdue-payThe Project

Allow ACH payments • Tuition• Deferred Fees• Housing

Generous RelativesLeveraging existing functionality

Purdue-payAssembling the Parts

Purdue-payAssembling the Parts

Purdue-payBill Presentment

SSINFO provides access to current student billing information for:

• Tuition & Fees

• Deferred Fees

• Housing Fees

Purdue-payCross-system Communication

Tuition & Fees, Deferred Fees, and Housing Fees data is kept up to date on SSINFO by:

• The data is extracted from the Bursar and Housing systems on the mainframe every weeknight

• The extracted data is converted to transaction format• The transactions are loaded into the SIS Database

Purdue-payConsiderations

Students don’t pay all their bills themselves!

• Allowing access for 3rd party payers

• Student record privacy (FERPA)

• Student and 3rd party payer bank account privacy

Purdue-pay3rd Party Payer Setup

All SSINFO users need to use their own account. People wishing to pay student bills on SSINFO must create an account providing:

• Full name• Home Street Address• Basic Demographic Information• Email address• Password and Password Reminder

They are assigned generated account ID

Purdue-pay3rd Party Payer

Authorization Handshake

3rd party payer requests access to pay student

bills for a specific student by ID

Student grants access to pay

student bills to a specific 3rd party

payer by ID

3rd party payer may then view and pay

student bills

Purdue-paySeparation of Payer Info

• The student and all authorized payers can view pending payments

• Only the individual making a particular payment may modify or delete that payment

Purdue-paySSINFO link to Ecommerce

When a user elects to pay online, SSINFO sends the following to Ecommerce via URL query parameters:

• User Account ID• Student ID• Payment Type and Academic Session• Amount due, Minimum & Maximum payment allowed• Due Date & latest payment date allowed• User Authentication and Authorization data• Return URL

Purdue-payEcommerce Challenges

Financial Institution selection• Flexible system• Reasonable contract

Terms of UseGeneral statements for increased reusabilityAll legal action limited to local code and courts

Purdue-payEcommerce Challenges

Cross-environment communication• Mainframe• UNIX• Win32

National Automated Clearing House Association (NACHA) (www.nacha.org)Who? What?Standards

ACH transactionsAuthorization

Purdue-payEcommerce Challenges

Data Security• Secure Socket Layer over HTTP (https vs. http)• Application timeouts• Encryption

– Account/routing numbers– Authorization– File exchanges with financial institution

Purdue-payEcommerce Design

Template Structure• Central scripts• Personalized libraries• Custom HTML

Payment-side• Triad Organization

– Owner– Account– Payment

• Owner’s financial institution• Unique Ids for accounts and payments

Purdue-payEcommerce Design

Administrative-side• Purdue central authentication system• Query screens for the Triad• Audit Logs and Error Logs• Account and Owner lockout feature

Purdue-payEcommerce Design

Daily Extractions• Database extraction• Pretty Good Privacy (PGP) encryption

• GnuPG – Privacy Guard• File Transfer Protocol (FTP)• Update Ecommerce database with received files• Financial Institution maintains account/routing

numbers

Purdue-pay Ecommerce Extraction

Database Server Financial Institution

Payment and Account File

Transaction, Return, Account File

Purdue-pay Ecommerce Reconciliation

Bursar’s Office• Purdue-pay administrative site queries• Bursar system totals• Financial Institution Confirmation Reports• Investments Daily Reporting

Accounting• Weekly sweep of funds• Documents for General Ledger

Purdue-payBursar System

Leverage Existing Processes• Current lockbox provider• Harvest from Bursar to SIS

Purdue-payThe Big Picture

Purdue-payLessons Learned

• More returns than expected• Paper invoice vs. SSINFO display• Netscape Browser privacy• Account types – what is a “regular” account?• Extraction Process

– Failure points• FTP• PGP• Database/Server connectivity

Purdue-payLessons Learned

• Insufficient Fund Difficulty (NSFs)– Redepositing to match lockbox– Payment credit – debit – credit– Result: Paperwork mess– Change to single deposit to match other electronic

commerce

• Banking Travails– Processing problems

• Double billing• Corrupt encryption

Purdue-payStatistics

Inception on March 25, 20021,000 hits in each of first three weeksHave received payments every business day

since inceptionTo date, payments exceed $5 millionNo advertising done until September 6, 2000

Purdue-payStatistics (as of September 30, 2002)

Owners:Number of registered owners: 3773Repeat users, since inception: 936Number of 3rd party payers: 249Number of owners paying for 2+ students: 27Number of students paid for by 2+ owners:12Number of owners with 2+ accounts: 121

Accounts:Number of accounts: 2856Number of rejected accounts: 69 (2.4%)

Purdue-payStatistics (as of September 12, 2002)

Payments:Number of completed payments: 4366Number of 3rd party payments: 166

(3.8%)Number of returns: 96 (2.2%)Tuition payments, Fall 2002: 1506

(6.6% of all tuition payments to Purdue University)Tuition payments, since inception: 2282Housing payments, since inception: 1607Deferred payments, since inception: 477Payments by repeat users, since inception: 2073

(48%)Post-dated payments, since inception: 255 (5.8%)

Purdue-pay

Questions?