Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

Higher One announced the addition of new features to its offered OneAccount, an optional FDIC Insured checking account for college and university students. Among them are two additional ways for students to deposit checks.

The OneAccount now features the ability to deposit checks using a beta version of a downloadable app for smart phones. Account holders can take picture of both sides of a signed check and upload it for deposit. In a similar way, account holders can also use a flatbed scanner to scan both sides of their signed check and make a deposit.

Higher One has also implemented a daily non-sufficient funds fee cap for checks, and does not issue non-sufficient funds fees for one-time debit card transactions or for when an account is overdrawn 60 days.

Higher One has been criticized in the past because of its fees. Read how universities are managing with these fees here.

A security breach at the University of Hawaii is said to have involved the personal information of some 40,000 students, reports a local news station.

Students personal information including students Social Security Number, date of birth, name and grade was made available via the Internet from November 2009 until October 2010. Officials say the information was posted online, accessible to just about anyone after a UH professor accidentally place the personal information onto a non-encrypted web server while conducting a study of student success rates.

The campus has already begun sending out letters and emails to all those who may have been effected. Officials said that the Web server was primarily used by faculty, but it could also be obtained by anyone who knew where to look. The university also noted that there have been no signs of malicious activity involving the files uploaded.

The security breach involves students who attended the UH Manoa campus from 1990 to 1998 and in 2001, and students who attended UH West Oahu from 1988 through 1993.

Read more here.

Blackboard announced a new partnership with PE Systems to help higher education institutions lower processing costs for credit and debit card payments.

The partnership will pair PE System’s analytic process with that of the Blackboard Payment Gateway, an IP-based processing system which provides a flexible and secure payment processing and fraud management service for campus financial transactions.  

Campuses must secure students IDs

By Andy Williams, Associate Editor, AVISIAN Publications

Students, either because of their naivety or just plain carelessness, are ideal candidates to have their identities stolen. They may loan their campus card to another student to use in the dining hall or just leave their card and other personal possessions unattended while they participate in a basketball game.

New rules set to take effect at the end of this year are designed to protect students from their own negligence while providing more paperwork for colleges. These “red flag rules,” designed to protect bank customers–and students–against ID theft, have caught many schools by surprise.

Ramonia Prosise, manager of university telecom services and the 1Card at Virginia State University, Petersburg, Va. gave college administrators a heads up on red flag during this year’s National Association of Campus Card Users conference in Phoenix in April.

The rules have caused concern for some campuses while others may not even realize they exist. Prosise had been working on a white paper for NACCU about it and the presentation at the conference dovetailed with it. “A lot of schools were taken by surprise,” she says.

The rule was developed under the Fair and Accurate Credit Transactions Act (FACTA), where Congress directed the Federal Trade Commission and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft.

The resulting rules require organizations that provide covered financial accounts to develop and implement written identity theft prevention programs to help detect patterns or activities–known as “red flags”–that could indicate identity theft. The rule became effective Jan. 1, 2008, with compliance originally required by that November. But a series of extensions have pushed the deadline back to Dec. 31, 2010.

FACTA defines a financial institution as any organization that offers accounts enabling consumers to write checks or make payments to third parties through other means.

Under this definition, universities that hold student funds in an account and give students a card to make purchases at off-campus locations are considered financial institutions. If the school provides government benefits or administers flexible spending accounts and gives students a debit card to access the funds they would also be considered a financial institution.

Schools that offer tuition payments plans or that bill for tuition after students attend class could also be included depending on how the specific program is structured. Schools that require payment up front or that offer pay as you go plans that would bar students from class if they don’t pay are not considered creditors and thus would not be impacted.

What to do?

There are a number of things schools can do to comply with the rules. “It starts at the top, through a university governing body that can appoint a board committee made up of vice presidents, internal auditors, etc.,” says Prosise. That’s how Virginia State handled it.

That governing body started by reviewing anything that might deal with ID information for the school’s customers and students, she says. VSU then took the FTC information and adopted it to our own language and standards,” she adds.

Virginia State hasn’t had any major ID theft issues, says Prosise, “But there’s been some minor instances, like students taking other students’ ID cards and trying to pass it off in the cafeteria,” she says. “You’re spending someone else’s money, which is just as bad as taking someone’s ID.”

The most common offense students are guilty of is passing around student IDs, says Prosise. It’s their way of lending money to one another. Students need to be told not do this because the cards that are attached to other financial accounts can be at risk.

PINs currently aren’t required at Virginia State but each card, supplied by Heartland Campus Solutions, does have the student’s photo. In order to prevent student’s from using one another’s IDs a clerk would have to match the photo to the one on the ID, which doesn’t always happen. In one instance, a student stole $300 from another student because no one bothered to check the photos. The card is a basic ID with a mag stripe with a proximity chip for physical access control, says Prosise. To comply with the red flag rules Virginia State is going to add a PIN for transactions. The new system should be rolled out by the end of the year.

Penalties

Colleges that don’t comply with red flag can be fined civil penalties and injunctive relief for violations. The law sets $3,500 as the maximum civil penalty per violation. The FTC, however, has no formalized plan in place to assure compliance. But if complaints are leveled against an institution, the agency could insist on seeing the organization’s red flag rule processes.

The FTC also doesn’t tell institutions specifically what red flag programs must look like. This has caused some consternation. “A lot of people don’t know where to start,” Prosise says

There are four basic steps to designing a program to comply with the red flag rule. An institution should know how to identify and detect red flags, prevent or mitigate ID theft and have a system in place that will update the program periodically.

Relevant red flags can include:

Prosise provides some examples of what makes a document suspicious:

To determine that personal information from an applicant is bogus, universities need to look for inconsistencies in the information provided by the students, says Prosise. If a red flag crops up a university’s response could include monitoring the account or contacting the cardholder when it’s spotted.

“Sometimes you may determine that no response is necessary. In other cases, certain events such as a recent data breach, a phishing fraud that targeted your institution, or another suspicious activity may raise the risk of identity theft and require specific preventive actions,” says Prosise.

One key step in ID theft prevention is to educate students on how easy it is for their ID to be stolen. VSU presents a skit at the beginning of each semester to illustrate this, says Prosise. “We try to tell them what not to do. Don’t leave your things unattended. Protect yourself. Don’t even trust your roommate,” Prosise warns. “We have a zero tolerance for theft.”

While a student’s picture is usually required when he enrolls, that’s not good enough for the day the student steps on campus. “On that day I want that student’s picture taken, I don’t want one from high school,” says Prosise.

She says the policies the university is developing will be turned over to the FTC by the governing board.

VSU is currently meeting all the red flag requirements but since the red flag rules were written primarily to include banks and other financial institutions, she intends to meet with the bank affiliated with the school to see if anything else is needed, she adds.

While banks are intent on complying with red flag, those contacted by CR80News did not want to be interviewed on the subject. “It’s a sensitive area,” says a spokesperson for one bank.


Want more on red flags?

The National Association of College and University Business Officers has a Web site devoted to red flag compliance, including sample documents from several universities.

That site is at: http://www.nacubo.org/Initiatives/FTC_Red_Flags_Rule.html

The CBORD Group announced the introduction of CS Notify, an advanced mass notification system designed to meet both the emergency and general multi-mode communication needs of any campus.

CS Notify leverages CBORD’s campus one-card system and access control solution – CS Gold and Odyssey PCS – to continuously keep the database of campus staff, students, administration, and others current. Information is updated automatically as students enter and update their information in order to use regular CBORD online software applications for meal plans or ID cards.

In addition, CS Notify integrates with CBORD’s CS Access system software to enable new features for end users. For example, when an authorized student cannot access a residence room because of a lost ID card or forgotten PIN, the student can send a simple text message to the system and receive verified, automatic, one-time access.

CS Notify is designed to target audience groups simultaneously through a variety of mediums, including SMS text messaging, email, point-of-service reader displays, and intercom and public address systems.

Villanova University, Pa., is using the CS Notify system to send text messages and emails to targeted groups for purposes ranging from athletic ticket lottery notifications to building maintenance updates. The university also uses the system to reach incoming freshmen and to encourage them to submit their ID card photos online over the summer.

Research shows major growth in contactless and multi-application deployment, though price still remains key driver

In March 2010 Avisian Publishing and HID Global embarked on a research effort to gauge reader perceptions related to future trends in physical access control. The project produced an interesting look at both the current state and future direction of the security market. The following article highlights key findings from the research.

The methodology was straightforward. A 14-question survey was developed and made available for online response. Calls for participation were promoted via article postings and banner ads on Avisian’s ID technology focused Web sites. During a four-day period, 250 responses were collected, with approximately 150 from end users or issuers of access products and an additional 100 responses from industry representatives. For this review only end user responses were considered.

Questions focused on areas including:

Card technologies

The initial questions explored card technologies currently deployed and plans for future implementations. Respondents were asked to select all that apply to the question: “Which card based technologies does your organization CURRENTLY SUPPORT?” More than 75% reported use of magnetic stripes and nearly 40% indicated that a bar code was used. Nearly 45% use proximity technology and about 30% indicated contactless technology was in place (see Figure 1).

When categories were evaluated in combination there were some interesting results. Two-thirds of all respondents indicate that they currently use proximity and/or contactless. This number jumps to 80% when asked about planned use of proximity and/or contactless.

While it will likely come as no surprise that contactless saw the largest level of growth from current to planned use, the size of that growth is dramatic. The use of contactless is anticipated to rise nearly 80%. Currently less than one in three users are issuing the technology but nearly six in 10 plan to deploy (see Figure 2).

As expected, this dramatic rise in contactless usage will come at the expense of other technologies but surprisingly it is not proximity that will feel the bulk of the pinch. Proximity use remained strong with four out of 10 users reporting their intention to continue or initiate its use. That is a decline of less than 10% from current use levels. It is not, however, enough to account for the 80% rise in contactless.

The survey suggests that magnetic stripe and bar coded IDs will make up the bulk of the migration to contactless. Each technology experienced more than 15% declines and together made up 75% of the migration from a currently used technology to contactless.

Applications

Moving from technologies to applications, respondents were asked to identify how they planned to use their cards in the future. Not surprisingly, identification and physical access topped the list at 75% and 65% respectively. Next came time and attendance and vending, both planned for use by more than half of all issuers.

Visitor management, parking and logical security each received at least 40% response rate (see Figure 3).

In terms of rise in planned use, there was a significant lift in the number of end users planning to expand use of the ID to logical security–be it network access, file encryption, authentication or single sign on. More than 40% of end users responding to the survey plan to do so in the future, a rise of more than 50% over current levels (see Figure 4).


Security of access control solutions

A series of questions related to the security of current access control solutions. Respondents were asked to rate if they deem a particular security attribute important or unimportant. If they said it is important, they were asked if they are: “SATISFIED with (their) current installed physical access systems related to the specific item.”

The specific attributes identified were:

All six attributes scored as important with an average 90% of respondents indicating so. Respondents were generally satisfied with their current installed solutions. Five of the six attributes averaged 70% satisfaction rate.

The attribute that garners the least satisfaction among the list was, “Hardware that can update security technology if current technology is hacked.” Less than 50% of respondents reported satisfaction with their current installed solution related to this item.

System selection criteria

A series of system attributes or selection criteria was also investigated. Each item was rated as important or not important, and those deemed important were evaluated based on the respondent’s perceived satisfaction with their current solution related to the item.

Two financial questions were posed, one asking about “Price” and another “Total Cost of Ownership.” Not surprisingly, both were deemed important by an overwhelming majority of respondents. In both cases, 60% of respondents reported that they were satisfied with their current solution leaving 40% dissatisfied.

“Capability to Support New Applications with Minimal Investment,” was another system selection criteria investigated. Nearly 90% ranked it important and respondents were split down the middle in terms of satisfaction.

The item, “Credential Form Factor Options (e.g., card, phone, sticker, etc.),” received an importance vote from 70% of respondents, with 40% expressing dissatisfaction with their current solution.

Programming advanced technology credentials

With the rise in advanced card technology use, the issue of programming credentials into cards has become increasing complicated and essential. Respondents were asked: “Which method(s) does your organization CURRENTLY USE when programming your cards/credentials prior to distribution?” Additionally they were asked what they plan to use in the future.

If an access control system supplier or a service bureau provides programmed cards to the site, the response is categorized as “off-site.” If the issuer programs the cards via a desktop printer or a desktop programmer, the response is categorized as “on-site.” In some cases a combination of off-site and on-site programming was reported.

More than 65% of all respondents currently use on-site programming methods and this method’s use is expected to increase to nearly 70% in the future. Both off-site and combined on-site and off-site programming declines from current use rates to planned use rates among survey participants (see Figure 5).

Key drivers for future access control decisions

Respondents were asked to select what they feel will be the leading drivers for physical access control in the next three years. Each was asked to select the first, second and third most significant driver from a list of eleven options. For evaluation purposes, first place votes were weighted with three points, second place two points and third place one point.

“Total Cost of Operation” led the list of drivers receiving acknowledgement from nearly 80% of respondents. Using this as the benchmark, the remaining options were compared to this response. “Single Card/Multi-application Solution” ranked second, and “Campus Security & Penetration Issues” ranked third. The remaining responses fell far short of these top three suggesting clear differentiation in perceived importance (see Figure 6).

Conclusions

The Future Trends in Physical Access Control study suggests that security technology is changing, and end users/issuers are acknowledging and planning for many of the changes. This seems evident in the rise in planned use of contactless technology, a strong list of additional card-driven applications being considered and widespread recognition of the importance of security in the solutions deployed.

While this is positive for the access control industry, the user community remains extremely cost conscious. “Total Cost of Operation” ranks as the number one driver for future purchasing decisions, and both “Price” and “Total Cost of Ownership” topped the list of system selection criteria.

It seems users are ready to embrace new solutions and higher levels of security, assuming the price is right.

India-based Anil Printers through its subsidiary United Tectsa has developed an RFID solution to eliminate the duplication and tampering of original grade sheets and diplomas for schools and universities, reports sify.com.

Leveraging RFID technology, a tag is placed inside of each grading sheet or diploma embedded with the student’s original grades and other significant details. Any attempt of tempering in the printed information can be detected easily by comparison of what is embedded, and locked, on the tag.

The company said that this technology will help universities, education boards, school and colleges to authenticate each and every original document using only a USB reader and the provided software designed for this purpose,

Read more here.

The University of Dallas has partnered with technology and payment services provider Higher One to offer a more efficient process to distribute financial aid refunds and other disbursements to its students.

Up until now the university issued refunds to students by paper check. Staffs were assigned the labor-intensive task of printing, stuffing, addressing and mailing the paper checks to students. And students were required to wait however long while this process took place.

Using Higher One’s OneDisburse Refund Management system the university will send a file to Higher One, including student names and the total amount of each refund.

Students may choose from several options as to how they wish to receive their refunds including a direct deposit to a bank of their choosing, or to a Higher One provided account.

Rapid rollout on Boston campus

By Andy Williams, Associate Editor, AVISIAN Publications

Re-carding a college, even one with just 4,200 students, doesn’t come easy. When those cards feature a new technology and the time line is short, a lot of things can go wrong.

For Boston’s Emerson College, however, it was a relatively smooth process and the few things that went wrong were fixed on the fly, recalls Adam Travis, Emerson’s enterprise system administrator, information technology.

Technically, Emerson has no campus to speak of, says Travis. “We’re right in the theater district. Thousands walk by our buildings every day. To enter each of the eight buildings on campus you walk past a guard post.” The school’s dorms are on the upper floors so students need to present their card to enter the building and again to enter the living areas, he adds.

One element that led to the abandonment of Emerson’s previous system was the college’s implementation of the Banner system to handle payroll, student information, admissions and finance, says Travis. In the school’s older student information system, Social Security numbers were the primary student identifier, he says, but the switch to Banner required the university to issue new student ID numbers.

That, says Travis, provided an ideal opportunity to replace the legacy card system and magnetic stripe card the school used for about 10 years.

When it came time to ditch the current system and to find someone to help the college re-card, Emerson looked at a number of vendors, says Travis. One vendor that caught Emerson’s eye was campus card provider CBORD. Another was Charlotte, NC-based ID provider ColorID. Both ended up providing re-carding assistance to the school.

This part of the process was not a quick. The first discussions took place in 2007 but the contract was not signed until two-years later, Travis says. At about the same time Travis was negotiating with ColorID to print the new student cards. “They started getting us quotes then we had conference calls and worked closely with them in June and July,” says Travis.

The new campus card deployment

Emerson’s new system is more modern and enables greater flexibility and better security, says Read Winkelman, CBORD’s vice president of sales. With Emerson’s main concerns being security, contactless technology quickly rose to the top. “A contactless card tends to be more difficult to duplicate which makes it more secure,” he says. “Emerson described what they were looking for which helped us guide them towards the technology to re-card their system.”

The university decided to go with HID’s iCLASS contactless smart card technology, Winkelman says. “iCLASS is certainly a little newer and more secure than prox,” says Winkelman. “We have 35 or 40 customers with some form of iCLASS implementation, all college campuses.”

David Stallsmith, ColorID product management director, agreed that iCLASS would be beneficial compared to a prox card, citing, the increased memory and ability to be used with more applications.

The top concern for many Universities is physical access control, and officials are often willing to pay a little more for a more secure card, explains Stallsmith.

“We tend to recommend iCLASS in most cases because HID manufactures its own cards and their support is excellent,” he says. “When they’re going to re-card the whole campus at one time the school needs to know that the cards can be delivered on time and that they work.”

Quick rollout

Winkelman says the contactless conversion went fast. “From signing the contract, it took about three months.”

The campus card system deployed is CBORD’s CS Gold that handles both debit, through the mag stripe, and physical access through the contactless iCLASS chip, says Winkelman.

Emerson now has iCLASS readers mounted at each of the guard posts when entering buildings. “When someone presents the card, his picture comes up on the screen so the guard can see that the picture matches the photo,” says Emerson’s Travis. “He doesn’t have to look at the card but can see the photo.”

Mag stripe card readers and POS terminals were installed in the dining hall. In addition, readers were installed at copying, laundry and vending machines. About 50 iCLASS-based door access readers were installed across the campus, says Travis.

Emerson went with HID’s Corporate 1000 program that guarantees a certain range of ID numbers are assigned to Emerson and won’t be duplicated at any other site, says Travis.

CBORD’s UGryd system for off-campus card use was also implemented. “Right now about a half dozen businesses, mostly food and one CVS pharmacy, accept the Emerson card,” says Travis.

The school is also testing an elevator card reader that controls access to certain floors. “One floor of our dorm includes apartments for guest artists or scholars in residence,” says Travis. “This allows guests access to their apartment but no one else can get to that floor.”

“A distinct advantage of utilizing contactless is that students no longer have to hand the card to a guard at the desk … they can keep the card in their wallet or bag and present it at the reader,” says Travis.

When asked about the advantages for his team, he explains, “I like the fact there’s no moving parts, no mag stripe read heads which means fewer repairs.”


Lessons learned from card technology upgrade

Plan with future needs in mind

The CBORD system enables Emerson to integrate video surveillance functionality when the campus is ready.

Education is crucial

“We had to let people know they couldn’t punch holes in the card because of the chip,” says Emerson’s Adam Travis, and even teach them “what to do when the readers didn’t have a slot to swipe.”

Leave enough time to receive all necessary components

“Our last batch of cards arrived less than 24 hours before distribution started,” Travis says. “They made it on time, but it was nerve-racking. And we had no blank stock during the week of implementation.”

Communicate with other business units

Because the bookstore upgraded its software during the implementation process, Travis reports that they had to scramble to ensure compatibility with the new systems.

Leave time for testing and training

“We didn’t have a lot of time for testing because of the tight time frame. By the time we went live in August, there wasn’t time to test the meal plans. For the most part things did work,” says Travis. But be careful.

Order spares

“We didn’t (invest in spare readers) to save money, but a couple readers had problems at installation,” explains Travis, suggesting that you will want to have them anyway for future needs so go ahead and get them up front.

Shop24, an automated convenience store concept company, has installed and opened a Shop24 on the campus of Cal State Fullerton in Fullerton, California, reports the CSP Daily News.

With the ability to accept cash as well as debit and credit cards, the Shop24 dispenses a variety of products from fresh foods to packaged goods. The machine also features an integrated video security system so that it can be monitored remotely to ensure safety for its customers.

Titan Shops, a CSUF campus bookstore, will be responsible for selecting stocked items and the different price points. The automated machine can hold up to 175 products ranging from one ounce to eight pounds including food, beverages, snacks, health and beauty aids, as well as large packaged goods.

The State University of New York (SUNY) at Morrisville has had the Shop24 machines installed on its campus, and its Cortland campus is scheduled for installation in early November 2010.

Read more here.

CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.