Card, mobile credential, payment and security
Just months away, in October 2015, the more secure EMV payment technology hits the U.S. Many campus card programs and virtually every institution will feel the effects. If your campus has not started to plan, the time is now.
Europay, MasterCard, Visa (EMV) is a smart card standard used by the majority of the industrialized world for payment cards. It started its global rollout region-by-region way back in the mid-1990s, and the U.S. is one the last markets to jump on board.
Payment card data breaches like those at Target and Home Depot are part of the reason that the move to the more secure payment technology is finally underway. Another cited reason is that with the rest of the world using the technology, U.S. cardholders need EMV cards more and more when traveling abroad.
Why should colleges and universities care?
First, if an institution issues a combined student ID and branded debit card – Visa, MasterCard, Discover, etc. -- EMV will change the card and how it is issued. The new cards will have to include the EMV contact chip in addition to any technology the university requires for on-campus functions.
This only impacts a select number of institutions, as campus cards with on-board branded debit functionality is not widespread. More commonly combined cards included non-branded debit – often called ATM cards – and more recently branded prepaid accounts. Neither of these are impacted by these EMV rules. Often when branded debit is the offering, a separate companion card is issued so again, this would impact the bank card but not the campus ID.
Second, all institutions will need to prepare to accept EMV payments at any and all locations accepting branded credit and debit cards or be liable for fraudulent transactions made on campus.
Traditional EMV payment cards have a contact chip, and when making a purchase the consumer inserts the card into a reader, enters a PIN and conducts the transaction. In the U.S. this will be slightly different, as consumers will insert their card and then sign for transaction, rather than enter the PIN.
A major security benefit is that EMV doesn’t transmit the payment card number as it is shown on the card, but instead creates a one-time number that is usable for that specific transaction. If that transaction is intercepted, it cannot be reused and the card number is not compromised so fraud is reduced.
EMV will be big business in the U.S. with 185 million cards shipped in 2014, according to the Smart Payments Association.
While there isn’t a mandate for banks to begin issuing cards or for merchants to begin accepting them a liability shift takes effect in October is driving the migration. In the past, the merchant has been responsible for covering the cost of fraud from payment cards, but the liability shift puts the onus on the party with the weaker technology – either the merchant or the card-issuing bank.
For example, if a merchant has upgraded the point-of-sale terminal and backend system to accept EMV but the issuing bank has not provided an EMV card, the bank will be responsible for a fraudulent transaction. The opposite is also true. If a bank has issued an EMV card but the retailer has not upgraded systems, fraudulent transactions will be the responsibility of the merchant.
Several banks with campus partnerships told CR80News editors that they will support EMV, but none would reveal details of how they intend to do it.
Generally speaking, a campus with a combined branded debit and campus ID will first have to look at its card printer and find out if it’s capable of printing smart cards, says Alyssa Arredondo, director of Global Instant Issuance Marketing at Entrust Datacard. Additional changes to the software might need to be made in order to properly encode the chip on the smart card.
Preparations also need to be made to prepare for the financial impact of issuing these new cards. The EMV chip will drive per card costs up significantly compared to mag stripe-only cards, Arredondo says. Even more significant costs arise if the campus utilizes technology cards, such as contactless, and these must be reissued. Questions remain as to who will cover these reissuance costs?
Campuses that issue non-branded debit cards need not worry about EMV, at least not for now. Similarly, branded prepaid cards also are not impacted by the current liability shift. Experts suggest, however, that these are only the first steps and future rules may expand areas of impact.
The EMV piece that will impact far more institutions involves the acceptance of branded payments cards – the many situations and locations in which the campus operates as the merchant.
The University of Akron is deciding whether to hire an outside contractor to run the university's dining services. The move would mark the first time in the university's history that food services has been turned over to an outside vendor.
According to a report from Ohio.com, Akron spent $63,795 on three dining consultants over the past few years, and is preparing to seek proposals to manage its food operations. The Ohio.com report also suggests that one consultant reported concerns with the university's current dining services, citing specifically poor financial management.
Akron is now wrestling with a decision that every university has to contend with; when is outsourcing the right move, and is it even necessary to begin with?
Akron runs its own dining services and has done since the university was founded in 1870. Per the report, Akron food services employs some 80 full- and part-time food, catering and retail workers, not including students. Now, following a tightening budget, due in part to declining enrollment, the decision to outsource dining services has come to the forefront.
Under its current operation, Akron sees about 2,500 students pay for one of nine dining plan options each semester, ranging from $500 to $2,200 per semester. However, management and budget concerns have led Akron administrators to explore other options for food services, suggesting that an outsourced model could be the answer.
Akron will examine vendor proposals and compare the offerings with the university's current service. Cost aside, however, the university is not committed to signing with an outside contractor, stating that the quality of service will be top priority.
Turn away percentages at the polls are higher than ever at North Dakota’s Bismarck State College as students struggle with updating their state IDs to reflect residency changes.
Students traditionally use state-issued identification cards with their parents’ home address, but many students live on campus and are therefore ineligible to vote in their university’s local precinct. In order to vote, students are required to produce an identification card with an updated address reflecting any residency changes -- a requirement that has led to some students to experience complications at the polls.
According to the Bismarck Tribune, 7.7% of the 65 students who reported that they either voted or tried to vote said they were unsuccessful due to problems associated with their address. Address changes must be filed up to 30 days before elections.
As with other college campuses, Bismarck State College students with hectic schedules and little downtime struggled to update their information on time. In order to address this conflict, a new bill was introduced in the North Dakota House that would require student ID cards to be printed with a date of birth and residential addresses, making the campus card credential an acceptable form of voter ID.
The bill failed mid-March, in part, because university administrators in the state testified that the cost to recreate and reissue student IDs would fall directly on the budgets of universities.
Proponents of the bill argue that identification cards could then also be used to verify date of births and addresses for other forms of necessary identification such as signing an apartment lease or purchasing alcohol. This new system would introduce a flurry of possible new conflicts as students regularly using false identification, an ever-present concern on college campuses.
A more detailed report of college students' voting experiences in North Dakota can be found in a recent survey conducted by North Dakota State University.
The use of the student ID card beyond the confines of campus has been a topic of discussion in recent months, particularly as it relates to services like voter ID. Moreover, with continued reports of fake ID use among college students, the discussion over whether sensitive personal data such as birth dates should be printed on cards. Now, reports out of Iowa and Illinois are serving as a further reminder that the use of fake IDs remains a concern in college towns.
Law enforcement officers in the states are cracking down on college students' use of fake identification, and according to Iowa State Daily, the Ames Police Department cited 16 restaurants selling alcohol illegally to minors, with each restaurant being fined $735. Whether the result of more robust fake credentials, or a more lax ID vetting process at the door, the problem has inspired some to rethink their policies.
One restaurant cited in the Iowa sting has a new regulation regarding IDs in an effort to combat the fake ID conflict with college students. The restaurant will not accept vertically oriented licenses even if the patron is 21 years old, and the only ID permitted is a horizontal, state-issued ID. In Iowa, individuals under the age of 21 are issued vertically printed driver licenses, while legal aged individuals that renew their license after their 21st birthday receive the horizontal license.
This adds to a growing trend of using not only tech systems to vet IDs, but also gives bouncers a quick and easy graphic and design cue to verify the card's legitimacy. In relying on a simpler method of verification, mistakes are less likely to occur.
In Illinois, similar to Iowa, citations for fake identification cards are rampant and the consequences are hefty. According to Vidette Online, if a student loans their ID to a friend or uses someone else's ID, that student can be charged with a Class A misdemeanor.
Even the student that allows someone else to use his or her ID is still subject to punishment under state law. Usually, the fake ID is sent to the Secretary of State’s office, and both the user and the person who offered the fake ID receive a license suspension.
Worse still, if an individual produces or purchases a counterfeit identification card, they could be charged with a felony. A serious offense, the Class 4 felony could affect all future job applications as it would require full disclosure to prospective employers. In an attempt to counteract the conflict in Illinois, several bars have ramped up their efforts to confiscate fake IDs on sight.
A “companion app” is typically defined as a secondary device that is used while participating in another activity – watching TV, playing a game, etc. The companion is used in an effort to interact with what you’re seeing and, in turn, find out more about it.
For a number of reasons, not the least of which is an incredibly tech-savvy student population, the concept of a companion app is ideally suited for the college campus. Students are never without their smart phone, they relish every opportunity to use it, and universities have taken notice.
Search either The App Store or Google Play and you’ll find countless apps targeting students and a host of university-branded apps that can be used for just all types of utilities. But what will the campus app look like going forward? It may be that for higher education, the term “companion app” will assume a more literal meaning.
Here at CR80News, we’ve speculated that the mobile app will be an all-encompassing, daily facilitator for a student’s life on campus. It’s a theory that is shared with leaders in the campus community and may be closer to reality than fiction.
“Essentially you could apply the entire breadth of features and functions to a mobile iteration,” says Jeff Staples, vice president of market development, Blackboard Transact. “We will see students begin their student experience well before arrival on campus by leveraging the integrated campus app that delivers capabilities for both learning and living.”
As Staples sees it, many of those students will begin using these same tools during their K-12 years, prior to their first arrival on a university campus. “They will arrive as a more informed freshman, go straight to their residence hall, open the door with their mobile and begin their college experience in earnest,” says Staples.
The campus environment that Staples is alluding to is one where the institution will be able to deliver a coordinated mobile experience that takes the place of a multitude of disparate solutions and single-function apps. He says these many unique functions will come together in a comprehensive app, including vital services like event and door access, mobile ordering, payments, coursework, attendance, testing, safety and more.
“The objective is to enhance the student experience and deliver better outcomes, resulting in more engaged and supportive alumni who will continue to leverage the campus mobile solution for everything from event attendance to donations for the rest of their lives,” explains Staples. “Their post-graduation mobile experience will be tailored to their interests while on campus and evolve with them as their engagement with the institution evolves.”
The mobile experience itself will be multi-dimensional, ranging from responsive text to location-based services leveraging GPS, Bluetooth Low Energy (BLE) and NFC. “The most successful campuses will create a ubiquitous use environment where the student doesn’t have to think ‘card or mobile?’ for a certain transaction or activity, but instead can simply leverage their mobile for the full gamut of activities on campus,” he adds.
Identification, access control and security solutions provider, IDenticard has announced the release of UBand Prox, the latest product in the company's wearable access credentials.
UBand Prox is a silicone wristband that features an internal proximity chip that allows the wristband to support the same functions as a standard proximity card. UBand Prox is available in the most common proximity technology formats, including 26, 35 and 37 bit. UBand Prox is also compatible with a number of HID proximity formats making it a viable alternative for a number of organizations.
The addition of proximity technology will enable the UBand to be used as a complement to existing access card programs or as a replacement access solution for sites not requiring visual identification.
The bracelet features a sweat proof silicone construction, making it a good fit for gym and fitness center access. Meanwhile, delivery personnel stand to benefit from door access functionality that doesn't require them to put their delivery down and take out an access card.
“UBand Prox makes proximity-based access easier, giving it a broad appeal,” says Katelynd Boles, IDenticard's product manager for cards and credentials. “Any organization currently using or seeking a new proximity solution will benefit from UBand Prox’s durability, ease of use and innovative design.”
Each UBand is the width of a standard rubber band, while the internal chip is less than 4 mm thick and 20 cm in diameter. The band sits comfortably on the wrist and can be put on or taken off with ease. UBand Prox is available in two in-stock colors, black or blue, and three wrist circumference sizes 6, 7 and 8 inches. Custom colors or graphics are available upon request.
The annual NACCU Conference is right around the corner. This year marks the 22nd installment of the campus card event, which will take place in New Orleans March 8-11. In advance of the conference, here are a few things you should know.
Mobile everything is taking center stage across the higher-ed space, with apps launching for virtually every student-facing service on campus and beyond. The cover story in the current issue of CR80News – being mailed as we speak – examines this trend and explores what the future of the campus mobile app could be.
As more and more services are pushed to the mobile, the future for the student app will likely be a single, all-encompassing application from which students can facilitate their daily activities.
The major campus card vendors are on board with the trend, and report being well well on their way to offering a comprehensive mobile solution. A host of other, third party mobile apps are revolutionizing everything from food ordering to ID photo uploads.
With NACCU bringing all of these folks together under one roof, I encourage conference attendees to do a little ‘mobile’ homework.
Take the time to peruse the conference schedule and find those mobile solutions that sound interesting. Then, simply download the free app should one be offered, explore what it can do and come conference time find that vendor and ask informed hands-on questions.
A great example of this in practice could be mobile food ordering app, Tapingo. Students and the general public alike have taken to mobile food ordering in droves. Find out what the fuss is all about, and get ahead of the curve when the demand reaches your campus.
Online photo submission is another hot topic at this year’s conference, and is yet another service with a mobile future. The online photo submission trend is so significant that it’s less a matter of if, than it is when your campus will be using it.
It’s worth it to visit sites like MyPhoto and others to see how online photo submission is cutting time and cost from the card issuance process. Also, consult with your card system vendor as many are offering photo upload solutions as well.
Another great mobile initiative is being offered by HID Global through its Mobile Access Test Drive. The company is encouraging conference attendees to experience HID Mobile Access by enrolling their mobile device prior to arriving in New Orleans.
Both Android and iOS mobile devices can be used for building and gate access by holding the device up to a Mobile Enabled reader, or by twisting your phone from a distance. The app is free to download, so either before or while at NACCU, give Mobile Access a spin.
Once on the conference floor find the folks at HID, Tapingo, MyPhoto and your card system vendors and ask tough, informed questions. Test out their mobile apps, ask them to troubleshoot issues you run into and tell them about your experience with their solutions en route to learning more about these mobile options.
Make it a point to leave the conference with a better understanding of what your vendors are already offering, as well as what's on their roadmap.
Spend some time in the App Store or Google Play before you leave home. It’s a quick and simple way to arrive in New Orleans prepared and informed. And even if downloading some apps to your personal device seems a bit much, remember you can always delete them as easily as you downloaded them.
And if mobile apps and other emerging trends spark your interest, I encourage you to join me on Tuesday during the 1:30 block of sessions for my presentation “Innovative IDs: 10 Unique Use Cases Every Campus Should Consider.” I hope to meet many of you on the conference floor.
Monitoring access to university dining halls is a necessary evil, as it ensures that only those students who have paid for meal plans are accessing the tasty food inside. The story is no different at Michigan State, though some off-campus students have discovered a number of resourceful, though unwarranted, methods to get into university dining halls without swiping in or paying.
At MSU, dining hall employees are told to wait for the register to approve a student before handing their ID card back, but long lines and hungry, impatient students makes this a difficult task. According to a report from The State News, Michigan State's student paper, those living off campus are still able to purchase a modified meal plan that grants them access to campus dining halls. However, there has been enough of a problem with students sneaking into dining halls -- as many as one in 10 -- that the paper compiled a list of common access methods.
Common methods for accessing one of MSU's dining facilities as outlined by a university dining services manager:
"The Drop." This method is specific to a particular MSU dining hall, but is resourceful nonetheless. The student swipes into the dining hall and then walks to an open, walled area that connects the first and second floors. The student then drops their ID card down to another waiting on the lower level and that student swipes in using the same ID.
"The Handoff." One student swipes into the dining hall, gets a meal and sets their items down at a table. The student then asks the dining hall employee if they can leave the cafeteria to use the bathroom or go to the front desk. Once outside, the student hands their ID off to another student.
"The Relay." The cash register at MSU dining facilities notify employees when a student tries to swipe their ID more then once in 15 minutes. This method sees two students who have meal plans enter the dining using their own IDs. One of the students then waits 15 minutes for the re-use violation to expire and leaves the dining hall with both IDs. The student then meets another student outside of the dining hall and gives them the extra ID and scans in again with their own.
"The Confident Caper." This method sees a student confidently walk past the dining hall employee, implying they are working in the dining hall with hopes the employee won't speak up. The employee in the situation may or may not stop the student prior to entering the dining hall.
"Lost in the Crowd." This method sees a student attempt to enter the dining hall during a rush. The idea here is that the cashier, overwhelmed by the line entering the dining hall, quickly swipes student IDs without waiting for the register to catch up enabling the student to gain access and blend in before the cashier realizes the error.
"The Slip." Another method common to this particular dining location, students swipe their ID to enter then slip the ID underneath the doors in a private study area to another student on the outside.
