PCI DSS FOR UNIVERSITIES AND COLLEGES

PCI DSS was developed as a standard of best practice for information security, safeguarding sensitive data and providing a unified method to achieve compliance to the various card scheme standards. PCI compliance is required for any business that accepts payment cards (even if the quantity of transactions is just one). Card schemes may enforce the standards with financial penalties, in extreme circumstances, the acceptance privileges of a merchant or service provider may be revoked if compromised and non-compliant.

Therefore, if your university or college is not transferring or storing data in a secure way that is compliant with the PCI DSS standard you are at risk of a non-compliance penalty.

PCI DSS AND THE EDUCATION SECTOR

Often at busy times in the academic calendar a large amount of transactions are being processed over a matter of weeks. Therefore, security solutions must be sustainable throughout these high risk times.

If your university or college uses remote interfaces or handles card details internally you will need to become PCI DSS compliant. This may require additional IT resources, software and hardware. Depending on the size of your university or college once processes are in place a security standards council qualified security assessor may need to visit on an annual basis to grant a compliant class.

HOW WPM EDUCATION CAN HELP YOU BECOME PCI DSS COMPLIANT

WPM Education is classed as a level 1 service provider under the standard and, as such, has an annual independent audit carried out to certify this compliance. WPM has been certified as compliant since March 2008 and is one of the first UK organisations providing managed services to do so.

WPM Education solutions prevent card payment data from entering a university or college environment by processing the payment data on its own fully PCI DSS compliant servers, transferring only fully encrypted data back and forth to the university or college. This removes the risk from the university or college as no card payment data is present on the university or college servers to be stolen.

Therefore, clients using WPM Education services that do not handle the card details themselves are covered by WPM Education's compliance.

HOW IT WORKS

1. Payee visits institution's website and selects to pay a fee, set up recurring billing/ payment plan or add a product or service to the institution's shopping basket.
2. Customer is seamlessly redirected to WPM Education's Secure Payment Pages.
3. The payee enters their payment details into the system. The PCI DSS risk is completely removed from the institution as no card details are submitted or stored within the institution's network.
4. WPM Education transfers the data to the credit card network and completes the transaction.
5. Result of payment is displayed to the customer.

BENEFITS:

• Increased payment data security: No cardholder data is present in the university or college server environment.
• Increased customer satisfaction: Students, parents and payers will be seamlessly transferred to WPM Education's payment pages that are branded as the university or college's main website. This increases trust in the website and provides a consistent and straightforward payee experience.
• Secure data integration with all university or college systems: WPM can securely pass data to any finance, student records, accommodation or any internal system.

HOW DO YOU BECOME PCI DSS COMPLIANT?

Many universities and colleges are becoming wiser to the risk of PCI DSS non-compliance and are undertaking procedures to ensure that all payment data collected, be it from a face to face transaction, payment over the telephone or payment submitted online, is processed and stored in a fully secure manner.

Find out more about how you can become PCI DSS compliant by visiting the Payment Card Industry Standards Council or read more about the core requirements for becoming PCI DSS compliant.