Card, mobile credential, payment and security
Share your story with colleagues and peer institutions by participating in a 3-5 minute video interview during the NACCU Annual Conference. The CampusIDNews team will be conducting interviews with campus representatives in our exhibit hall booth (#116). Brag about your program, share something interesting your team has done, describe a challenge you are facing, or think of another subject that would interest card office and auxiliary service professionals. And while you’re at it, grab your $50 Visa gift card.
Vendors – you are invited to join in as well. We will be conducting these interviews at your booth. It’s your opportunity to share thought leadership or show off a new product.
All interviews will take place during exhibit hall hours:
Reserve your 15-minute slot at the links below. If you know your topic, add it now. If not, grab a slot and we can coordinate topics before the event.
https://calendar.app.google/zAhRkcA9mp5Xjc8t6
https://calendar.app.google/4pru7puHQipkzaFC8
The Security Industry Association (SIA) released its Corporate Credential Design Guide, a new resource produced by their Credential Design Working Group. It specifies recommended practices for the design and implementation of credentials and badges by card issuers and security teams.
Though the document is geared toward corporate issuers, it is also highly relevant and beneficial for higher education issuers.
It covers key topics in physical credentials, identity verification, badge production, data security, counterfeiting protection, technology options, and more.
Modern attackers exploit human behavior, oversharing on social media, and advances in image replication to reproduce badges with alarming accuracy.
Identity credentials are key to modern enterprise security and operations, but the credential ecosystem is fragmented and increasingly vulnerable to new forms of attack. The guidelines shared in the report are intended to establish a vendor-neutral framework for designing secure, interoperable credentials.
In the section titled Security Awareness in Badge Design, it explains that design should not be viewed aesthetics, but rather as a core security effort to reduce exposure to social engineering, unauthorized access and credential misuse.
“Modern attackers increasingly exploit human behavior, oversharing on social media, and advances in image replication to reproduce corporate badges with alarming accuracy,” says the document. “As a result, the design of corporate credentials must include intentional and measurable security protections that help prevent forgery, misuse and unauthorized entry.”
Until now, no dedicated guidelines have existed to help organizations design IDs with both security and usability in mind.
The 72-page document is comprehensive but easy to navigate and digest. Users can skip between sections to focus on specific topics they need. As a whole, it defines a robust set of best practices covering the entire credential life cycle, including:
“Until now, no dedicated guidelines have existed to help organizations design corporate IDs with both security and usability in mind,” says Teresa Wu, vice president, head of Smart Credentials and Smart Integrate at IDEMIA Public Security. “The Corporate Credential Design Guide reflects SIA’s mission to lead with standards that shape the future of identity in the enterprise.”
The Corporate Credential Design Guide is available for free downloaded on the SIA website.
The bill that would enable students at virtually all Virginia universities to donate their unused meal plan credits fell just short of passing this year. State lawmakers voted to continue debating the proposal – supported by the nonprofit Swipe Out Hunger organization – in the 2027 session.
The bill was introduced by Senate Democrat Danica Roem and would have allowed students to voluntarily donate their unused meal swipes. The meals could then be distributed to other students for redemption at campus dining halls or on-campus food pantries.
The proposed legislation hoped to build on Roem’s 2025 legislative success that established the Hunger-Free Campus Food Pantry Grant Program. It provides funding to support campus food pantries at public and qualifying private higher education institutions in the state.
The new bill would have required universities to allow students to donate meal swipes in order to receive funding from the state's Food Pantry Grant Program
In both 2025 and 2026, the grant program distributed $500,000. In 2026, pantries at 48 different institutions received between $6,000 and $15,000 awards.
Had the new bill passed, it would have required universities to allow students to donate their swipes in order to remain in the Food Pantry Grant Program and receive funding.
The efforts were shaped and supported in part by the ongoing work of the nonprofit organization Swipe Out Hunger. Largely via student engagement, Swipe Out Hunger works with institutions and legislators to address student food insecurity. To date, they have facilitated the provision of more than 20 million meals at 900 campuses throughout the country.
Two thirds of Virginia’s public colleges report that 25% to 50% of their students experience food insecurity, but just 40% have any funding for resources and services.
On the advocacy front, they have helped a dozen states pass Hunger Free Campus legislation. These include:
According to the organization, two thirds of Virginia’s public colleges report that 25% to 50% of their students experience food insecurity. Still, just 40% have any funding allocated to student food security resources and services.
Despite passing unanimously in the Virginia Senate, the bill stalled in the House Appropriations Committee.
Roem attributes the setback primarily to political dynamics between the two legislative chambers rather than concerns over cost.
Students by and large are 18 years and older, they’re adults. Choosing what to do with their meal plans, that’s their choice.
In an article in the Commonwealth Times, she says some legislators took issue with the idea of students donating swipes paid for by their parents.
She dismisses that argument, however, suggesting it assumes all students come from traditional middle-and-upper class families. It ignores the fact that many students put themselves through college with alternative funding sources.
“Students by and large are 18 years and older, they’re adults,” she says. “Choosing what to do with their meal plans, that’s their choice – and if their parent happens to pay for the meal plan, then that’s a conversation they can have with their parent.”
Senator Roem remains committed to continue the effort in 2027 working to get both chambers on board.
The University of Texas at Austin is preparing to launch mobile student IDs beginning in the 2027–28 academic year. The initiative, driven by strong student demand and backed by university leadership, will allow students, faculty, and staff to access campus services using credentials stored in their mobile wallets.
Spearheaded by Student Government leadership, the effort marks the culmination of years of student advocacy. They first began pushing for mobile IDs back in 2018, but recent Student Government legislation formally set the project in motion.
Student Government says the project represents a long-standing student vision now becoming reality through collaboration with university administrators
When the program launches in fall 2027, digital IDs will be delivered through the MyUT platform and integrated into Apple Wallet and Android Wallet. Users will be able to tap their phones to enter buildings, access residence halls, check out library materials, attend events, and make purchases at campus dining and retail locations. Physical cards will remain available at least through a transition period.
On campus, surveys conducted by Student Government show overwhelming support for replacing physical IDs with mobile alternatives – particularly among residential students who rely on their credentials multiple times per day.
The road to digital ID
For student leaders, the initiative is about aligning campus infrastructure with modern expectations. In a statement, the Student Government president and vice president say that the project represents a long-standing student vision now becoming reality through collaboration with university administrators.
At its core, the Digital ID initiative is designed to create a more connected and frictionless campus experience. University officials describe two guiding pillars: improving campus connection and building a technology foundation that unlocks long-term value.
From a user perspective, the benefits are immediate. Mobile credentials reduce the everyday friction of forgotten or misplaced cards and eliminate lost card replacement fees. The system is also expected to improve residential life by minimizing dorm lockouts and strengthening access control.
Beyond convenience, the university says the initiative sets a foundation for broader digital transformation. By consolidating identity, access, and payments into a single mobile experience, UT Austin aims to create a more seamless user experience and technology ecosystem.
They also point to potential cost savings, with reduced spending on card production and fewer replacement fees for students.
The rollout will follow a phased approach. The initiative is currently in a feedback and discovery stage, with design and development scheduled for the 2026-27 academic year. A full student launch is planned for fall 2027, followed by expansion to faculty and staff in spring 2028.
We all know campus card programs generate a constant stream of data, and each interaction creates a digital record. Protecting this data and the individuals involved –our students, faculty, and staff – is a crucial responsibility.
How institutions can best respond to this challenge was the focus of a recent NACCU webinar and article featuring by Erin Williams, Manager of Access & Privacy at the University of Calgary. Her message was clear: protecting data requires more than security controls – it demands strong information governance.
Information governance (IG) is the overarching framework that connects people, processes, and technology across the entire lifecycle of data. It goes beyond security or compliance alone, encompassing how information is created, stored, used, shared, retained, and ultimately destroyed.
“It is how we manage information and data in a way that complies with required regulations and best practices,” says Williams. “Think of it as like the rules of the road or the guardrails.”
Technology evolves faster than legislation, and campuses that lead with strong governance will be better positioned to meet both current and future requirements.
One part of that framework, data governance, focuses on structure and standards that protect individual privacy.
“Data governance is a subset of information governance that focuses on specifics like data quality and access,” she explains. “This role is often housed often in IT because they're usually the ones that manage the infrastructure, architecture, and data warehouses.”
Another part, security, provides the technical and administrative safeguards. While these disciplines are often discussed separately, Williams suggests that they must function together to build trust and reduce risk.
A key takeaway from the webinar was the need for a proactive mindset. Rather than waiting for regulations to dictate action, institutions should adopt best practices early. Technology evolves faster than legislation, and campuses that lead with strong governance will be better positioned to meet both current and future requirements.
Campus card environments are particularly challenging to govern due to their complexity. Both their reach and data are often decentralized, involving multiple departments with varying practices. At the same time, they are highly integrated, relying on third-party vendors and APIs that can introduce vulnerabilities.
Card offices frequently store data for extended periods “just in case,” which expands the potential impact of a breach.
Long data retention practices further increase risk. Card offices frequently store data for extended periods “just in case,” which expands the potential impact of a breach. The combination of decentralized ownership, deep integrations, and large data stores makes campus card systems attractive targets.
The article outlines a pragmatic approach that campus card programs can implement without significant new resources. It begins with creating a simple system and data map that identifies key systems, the types of data they hold, and access controls. This foundational step enables better decision-making across the organization.
Many breaches originate from third-party vendors, so it essential to have clear requirements around data handling and security.
Next, institutions should strengthen procurement and integration processes. Many data incidents originate from third-party vendors, making it essential to establish clear requirements around data handling, security, and breach response.
Reducing unnecessary data retention is another high-impact step. Routine cleanup of exported reports and files, along with defined retention schedules, can significantly limit exposure.
Preparation is equally important. Conducting regular tabletop exercises helps teams understand how to respond to incidents before they occur. These simulations clarify roles, communication pathways, and technical responses in a controlled setting.
To learn more about information governance for your card program and explore a detailed 90-day step-by-step plan to improve information governance, check out the article and webinar.
For years, campus technology leaders have discussed the coming shift to cloud-based systems, flexible credential options, and non-proprietary hardware and solutions. According to Danny Smith, owner of ColorID, that transformation is no longer theoretical – it’s happening now, and it is fundamentally changing how universities think about identity infrastructure.
“Even before the pandemic, when we were hosting identity summits, we talked about how cloud-based solutions and mobile credentials were going to reshape the industry,” Smith says. “We knew it would happen, but we also knew it would take time.”
Today, many campuses are reaching the point where those predictions are becoming reality.
Over the past several years, IT departments have become far more involved in campus identity ecosystems. As institutions evaluate long-term technology strategies, Smith says many are beginning to move beyond the traditional one-card model that centralized multiple campus services under a single vendor platform.
Identity becomes the foundation, and everything else connects to it.
He describes the emerging approach as independent identity infrastructure, where identity serves as the central layer connecting multiple specialized systems.
Applications that rely on credentials – housing, dining, recreation, visitor management, and access control – can operate independently rather than being tied to a single vendor ecosystem.
Historically, campus one-card systems functioned as the hub for a wide range of services, from dining and vending to building access and campus payments. Vendors built platforms designed to manage these services through centralized infrastructure.
While that model served campuses well for many years, Smith says it also created a level of technological lock-in that many institutions are now trying to avoid.
“Most one-card providers are fundamentally financial platforms – they’re payment processors,” he says. “There’s really no reason for a third-party payment platform to control a university’s entire identity infrastructure.”
In the architecture Smith describes, identity becomes the core and service providers connect to it as needed.
Universities want the freedom to choose the best solution for each service instead of being tied to one ecosystem.
“In a modern architecture, the one-card provider becomes just another consumer of identity,” he says. “Universities can still use those platforms for dining or payments, but they’re no longer locked into them.”
This approach allows institutions to select specialized best-of-breed vendors for specific services, link them to the university-owned identity layer, and replace them, if necessary, with minimal disruption.
According to Smith, this is where ColorID’s CardExchange platform fits in.
“With CardExchange, we provide the identity infrastructure layer that connects everything together,” he explains. “Key to this is that the institution controls it and owns their identity data.”
ColorID has worked in higher education for more than 25 years, helping campuses deploy ID systems and integrate technologies across their environments. He believes that experience positions the company to help institutions transition from legacy card systems to a more modern campus identity infrastructure.
The credential itself isn’t the breakthrough. The breakthrough is how identity connects every system on campus.
One part of that evolution involves mobile credentials. ColorID has certified integrations with Apple Wallet and Google Wallet, enabling them to help campuses issue digital credentials directly to smartphones.
But Smith cautions that mobile credentials alone are not the real transformation.
“Sometimes the industry focuses too much on the fact that the credential sits inside a phone,” he says. “The real value is what you can do with that credential – how it connects to systems and enables new services.”
Mobile credentials, he believes, are simply another form factor. The real innovation lies in the identity ecosystem surrounding them.
Roughly 50 campuses currently use CardExchange as part of their identity infrastructure, and adoption is accelerating as institutions begin evaluating modernization strategies.
“Many universities are still operating within older architectures,” he says. “The longer they wait to modernize, the more complicated and expensive that transition becomes.”
At the same time, the identity technology landscape is becoming more competitive as new vendors enter the higher education market. Smith sees this as a positive development.
“Competition validates the model,” he says. “It pushes all of us to improve our solutions and ultimately gives institutions more options.”
He believes identity is no longer a supporting technology, but rather, the core platform that connects campus systems.
“I think the identity-first architecture will become the standard model in higher ed and across large organizations,” he says. “Identity is the common denominator, and as institutions recognize that, it becomes the foundation that everything else builds around.”
The NACCU Annual Conference is fast approaching and the deadline to book your hotel rooms is March 25 at 11:00pm CST.
NACCU has secured special conference rates at two hotels – the Cincinnati Marriott at RiverCenter and the Hotel Covington. According to the association, however, the Marriott has limited remaining availability. All the more reason to book now.
Reservations are managed through the meetNKY Passkey system link. Visit this page at naccu.org and click on the “Reserve Your Room” button.
This is a boutique hotel rooted in local history. Originally a luxury department store built in 1907, it has been transformed into a hotel that blends historic charm with upscale comfort and is on the Kentucky Bourbon Trail.
Just a 10-minute walk from the convention center, it is surrounded by local dining and entertainment options for your off-hours. The conference's opening reception will be held at the hotel on Sunday evening. For additional convenience, NACCU will be providing a shuttle that will run between the convention center and Hotel Covington during conference hours Sunday through Wednesday.
Rooms are available in two distinct towers, with rates ranging between $165-$185++ per night. Learn more about Hotel Covington.
This hotel is connected to the convention center by skywalk. The room rate is $189++ per night. Learn more about the Marriott at RiverCenter. Availability is now limited at the Marriott.
If you have not yet registered for the conference, take a moment and secure your spot.
Transact + CBORD formerly announced its new name, visual identity, and branding as Illumia at its Momentum annual user conference.
According to an announcement about the launch, the company powers payments, access, foodservice, and credentialing at more than 10,000 clients in higher education, healthcare, and senior living institutions.
"The Momentum conference is the right place to bring this brand to life for the first time, with clients and partners who have been part of this journey from the beginning," says Greg Brown, the company’s new CEO.
CEO Greg Brown and Chief Commercial Officer Laura Newell-McLaughlin kick off Momentum ’26, Illumia’s annual user conference, with a fireside chat.
At the event, Illumia also recognized its 2026 Distinction Award winners including both clients and partners. Honorees include:
"There's no better reminder of what this brand stands for than what happens when these organizations and partners work side by side – sharing ideas, solving problems, and making things easier for the people they serve,” says Brown.
Illumia is a business unit of Roper Technologies. Roper acquired CBORD in 2008 for $367 million at a time when CBORD supported 750 colleges and universities. In 2024, they added Transact at a $1.5 billion price tag.
The two companies have operated as Transact + CBORD for the 18 months following the August 2024 Transact acquisition.
FutureState, a new entrant to the campus credential, dining, and auxiliary service space, announced its new closed-loop, stored value and meal plan offering called BalanceU.
“FutureState’s BalanceU is designed to help colleges and universities lower operating costs, eliminate vendor lock-in, and gain real-time financial visibility across campus,” says Christopher Augustine, Co-Founder and Head of Product Development at FutureState.
It is hardware-agnostic so institutions can choose the front-end systems that best meet their goals without being constrained by legacy one-card architectures, he explains.
Because we are not weighed down with legacy codebase, we can iterate quicker to meet emerging needs like roll over meals and donated meals to food insecurity programs.
BalanceU eliminates some of the costs that are common in traditional meal plan environments, such as fixed POS integration fees, charges for access to real-time balance data, and forced hardware replacements.
Augustine says institutions only pay for what they use, and existing systems already deployed on campus can be redirected to operate with BalanceU.
FutureState began as a project at the University of Arizona.
In 2025, Arizona took a unique approach to campus transactions, identity, and mobile credentials. The institution created its own software ‘layer’ between the credential and the multitude of campus systems that consume the credential. At its most basic form, they created a hub that manages API endpoints.
It connects the wide array of services on the campus – access control, housing, campus rec, dining, retail, parking, attendance, events, vending, laundry – to the credential manager. Because the university controls this layer, they can swap out both the upstream credential manager as well as any downstream consuming system without disrupting the larger network.
It is a radical change from the way it has always been done in higher ed. Traditionally, the transaction system or the access control system managed these connections, and this locked the campus to that vendor.
The Arizona project was led by two of the leaders of Administrative and Auxiliary Operations, Sr. Director of IT Joe Harting and IT Project Manager Chris Augustine.
“What we built sounds basic and logical, but it is a radical change from the way it has always been done in higher ed,” says Harting. “Traditionally, the transaction system or the access control system managed these connections, and this locked the campus to that vendor.”
Harting believes they have upended an outdated model, and now they hope to help other institutions benefit from their work. In this pursuit, they founded a private company called FutureState.
In the same way that the company’s credential solution is designed to integrate the array of the wider campus vendor solutions, the FutureState meal plan solution connects to a broad range of dining-centric vendors.
Supported systems include:
Self-service retail integrations include:
FutureState founders say BalanceU provides free, unrestricted access to real-time meal plan and stored value balance data. This ensures institutions can power mobile apps, parent portals, analytics tools, and reporting systems without additional cost.
“Our goal from the beginning was to give institutions immediate access to their own data so they could do things like display balances and transaction history alongside the mobile credential,” says Augustine. “You shouldn’t have to negotiate with your transaction system provider or pay additional fees to use your campus data.”
With decades of experience in auxiliary services, Harting says he understands the complexities of meal plans.
“Because we built BalanceU from the ground up using an AI native development stack, we are able to incorporate the normal dining feature set as well as features I’d wished were available through my years running both card and meal plan offices,” explains Harting. “Because we are not weighed down with legacy infrastructure and codebase, we will also be able to iterate quicker to meet key emerging needs like roll over meals and donated meals to food insecurity programs.”
FutureState will showcase BalanceU at the NACCU Annual Conference in Covington, KY, April 19-22, 2026. They are seeking a small group of colleges and universities to pilot BalanceU in Fall 2026, ahead of general availability in Q1 2027.
Transact + CBORD (rebranding to Illumia in March 2026) announced a new agreement with sports and entertainment point-of-sale (POS) provider MyVenue. The partnership allows students to use their campus card and stored-value campus funds for purchases inside stadiums and arenas.
The integration adds MyVenue’s high-volume point-of-sale platform to Transact + CBORD’s campus commerce platform.
Designed specifically for hospitality environments, MyVenue supports mobile ordering, POS terminals, self-service kiosks, in-seat and suite catering. Its real-time back-office inventory and reporting helps venues serve more fans faster and streamline operations.
For students and fans, it means shorter queues, and for operators, it means greater oversight and improved efficiencies.
According to Transact +CBORD, most campuses manage dining and events with separate systems, creating friction for students and operational challenges for staff. This leads to long wait times, inconsistent payment experiences, and limited reporting and operational visibility.
This attempts to change that by providing a unified payment experience everywhere on campus without the need for a dedicated event card or payment tender.
“The partnership delivers a faster, unified commerce experience across campus and sporting facilities,” says Tim Stollznow, Founder and CEO of MyVenue. “For students and fans, it means shorter queues, and for operators, it means greater oversight and improved efficiencies.”
Colleges and universities deploying MyVenue, can simplify vendor onboarding and deployment by leveraging their existing Transact + CBORD network. By purchasing the solution directly from Transact + CBORD, the acquisition process can be streamlined.
“MyVenue stands alone in its ability to perform in high-volume, high-pressure environments where speed and reliability matter most,” says Chris Setcos, SVP of Partnerships, M&A, and Corporate Strategy at Transact + CBORD.
The Australia-based company’s solution is used at venues including Lumen Field, Ball Arena, AT&T Stadium, Dodger Stadium, and Little Caesar’s Arena. It also serves collegiate athletics, including University of Florida, Purdue University, and Michigan State University.
