Card, mobile credential, payment and security
Card systems at colleges and universities have typically centered around on-campus commerce and access. But today, they are extending their reach off-campus and opening their on-campus services to more commerce-savvy students, faculty, and staff. Credit card use has continually increased on college and university campuses, specifically in conjunction with their transaction systems. The companies provisioning campus card program technologies, as well as the universities, find themselves facing greater responsibilities and, more importantly, liabilities.
In Blackboard’s case, it meant assuring the 400-plus colleges utilizing the company’s Commerce Suite products that cashless transactions – campus card and credit card – are handled in a secure fashion.
That meant making sure Blackboard’s Payment Gateway has been certified as compliant with major card association security programs, such as Visa CISP (Cardholder Information Security Program), MasterCard SDP (Site Data Protection) program, Discover’s DISC (Discover Information Security and Compliance) program and American Express’ Data Security Operating Policies, said Blackboard’s Tom Bell, vice president, industry relations.
“These programs utilize the Payment Card Industry (PCI) data security standard as the foundation to assess third-party processors,” he added. “This standard ensures that all third-party processes safely and securely store, process, and transmit sensitive credit card data across their network infrastructures. This is the second year that Blackboard has achieved this milestone in the payment card industry.”
In short, universities “want to make sure the partner they’re dealing with is compliant and understands the issues,” said Mr. Bell. “We’re very serious about this.”
As more campuses move to a system that deals with people when they’re on- or off-campus, and even online, “we see more issues with dealing with e-commerce or adding funds to accounts … different ways of paying for things. Blackboard has to provide a diverse choice. Years ago, we didn’t have to worry about this,” said Mr. Bell.
“While many third-party processors are not compliant with the PCI standard, Blackboard proactively met this challenge in early 2004 to ensure all credit card transactions originating from our Web Interfaced Card Management Applications were handled in the most secure way possible,” says Mr. Bell. “Our Payment Gateway is a powerful and flexible channel for conducting cardholder-not-present electronic transactions.”
What are the certification benefits?
“Every member along the electronic payment processing channel – from card association (Visa, MasterCard, American Express, Discover) to acquirer to processor to payment gateways down to the merchant level must comply with these standards in order to accept credit card transactions online,” said Mr. Bell. “Our clients must prove to their acquirers that any processor they are affiliated with is complying with the PCI standards. In short, university credit card acquirers must ensure that the university’s credit card processor(s) are complying with the PCI directives in order to maintain compliancy with their higher-ups, the card associations. In addition to embracing the required security standards, Blackboard provides our clients with a level of confidence when they negotiate discount rates with their Merchant Services Provider.”
Added Russ Palay, Blackboard’s director of e-business and electronic payments: “Visa, MasterCard, etc. mandated it throughout the entire chain … and since we are a third party processor for credit card transactions, we have a responsibility to make sure the credit card data that is transmitted and processed adheres to the card association compliance programs that are bundled under PCI.”
“What’s driving this is customer demand,” said Ron Dinwiddie, senior director of product development for Blackboard. “Pubic and private colleges and Universities are issuing mandates requiring the highest levels of security when accepting credit cards as a form of tender. We will continue providing our clients with the highest levels of security to protect them and their constituents.”
