Campus ID News
Card, mobile credential, payment and security

PCI on campus

Zack Martin   ||   Jan 14, 2009  ||   , ,

Universities need to be aware of security requirements for payment card data

College and university campuses need to be aware that different portions of their computer networks may need to be secured because of requirements from the payment card industry. Payment Card Industry Data Security Standards (PCI DSS) are some times overlooked by campuses, but the National Association of Campus Card Users hosted two Web conferences to bring some of the issues to light.

PCI DSS pertains to anyone who accepts credit or debit cards and how that information is stored and transmitted. If organizations don’t protect payment card information and a breach occurs it could result in fines from the card associations, says J. Ashley Ewing, director of information security and compliance at the University of Alabama. In 2006 alone Visa issued merchant fines totaling $4.4 million across all industries.

The fines from the payments card associations aren’t the only costs associated with data breaches, Ewing says. The average higher education breach involved 5,000 to 50,000 accounts. A small breach can cost an initiation $1 million, but the average cost is $182 per account. This includes the cost of notifying those affected, paying for credit monitoring and unauthorized charges. “There’s also the additional cost of unfavorable publicity and significant brand damage to the institution,” he says.

Educational institutions seem to be particularly vulnerable to some of these breaches. Thirty-three percent of data breaches were at educational institutions, Ewing says. “There’s a lot more businesses out there than educational institutions,” he says. “We have a disproportionately high hit rate.”

There are a number of ways campuses can be impacted by PCI, Ewing says. Anyone or any system that deals with payment cards must know how to handle the information. So not only do the point-of-sales terminals in cafeterias need to be secured but the individual taking donations over the phone from alumni also needs to know how to securely handle payment card data. “Everyone who takes credit cards on behalf of the institution is affected by PCI,” he says.

Depending on what type of ID the campus issues, that could fall under PCI too, says Joel Weidner, director of information systems for Penn State auxiliary and business services. If the card has a MasterCard or Visa logo PCI standards have to be met. If a campus ID is tied to a bank account but a PIN is necessary the regulations are different and PCI doesn’t apply.

But even if it doesn’t, PCI may pertain to areas where the student ID is used, Weidner says. If a point-of-sales terminal accepts both student IDs and credit and debit cards PCI regulations need to be followed. “Understanding your environment is critical to compliance, he says. “Campuses need to understand what parts of the infrastructure need to be protected.”

Even if a campus outsources all of its card processing, officials need to make sure that vendors are complying with PCI regulations or they can still be held liable, Ewing says.

Campuses that enable students to use IDs at off-campus merchants need to perform due diligence too, Ewing says. Those vendors need to be questioned on how they handle payment card information to make sure they comply with security standards or the university could be held liable if there’s a breach.

Subscribe to our weekly newsletter


Feb 07, 23 / ,

Drake University maximizing off-campus program with Grubhub

Drake University’s fledgling off-campus program started in October of 2020, and it quickly became evident that mobile ordering would be a valuable addition. Grubhub joined the Drake CampusCash program just one short year later in October of 2021, and the partnership has provided Drake students with a wider variety of off-campus dining options than ever before.
Feb 03, 23 /

Brown campus mailroom adds visual queue

Brown University has added a new visual queue in its campus mailroom that displays the order in which students will be called to pick up their packages. The system is underpinned by the student ID card and a kiosk system in the mailroom.
Feb 02, 23 / ,

East Carolina adds robot delivery with Grubhub, Starship

East Carolina University has joined the growing list of institutions to deploy robot delivery, partnering with Grubhub and Starship Technologies to provide the service. All students, faculty and staff at East Carolina University are able to leverage robot delivery from main campus dining locations.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

As supply chain issues in 2021 persist, identity solutions provider @ColorID discusses ways campuses can to overcome potentially troublesome delays until the situation eases.

A dining services push at the @UBuffalo is reinforcing the utility of self-service checkout. @CBORD is improving the food service experience using the GET app, as well as Nextep kiosks and Oracle’s Micros Simphony POS.

Did you miss our recent webinar? No worries - watch it on-demand. Leaders from @NAU and the @UAlberta joined Ryan Audus, Touchnet, and Andrew Hudson, @CR80News, to discuss innovative mobile services and the future of mobile tech in higher ed. Watch now:

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.