Educational Data Breaches are On the Rise
Credit card data remains one of the biggest targets for hackers and in the educational environment, just about every segment of the university processes some sort of payment today – from the bursar’s office, to the dining hall, to the stadium, to the bookstore.
Bluefin Payment Systems provides universities, colleges and other educational organizations PCI-validated Point-to-Point Encryption (P2PE), which is designed to secure credit card data through encryption in a PCI-approved P2PE device and decryption of data in Bluefin’s hardware environment. Encrypting data within the device prevents clear-text cardholder data from reaching the university or educational organization’s system or network.
The UC San Diego Extension Story
“We were the first department on campus – and I believe the entire UC system – to implement the Bluefin P2PE solution. Based on our success, the campus is now working to roll this out to other departments, leading to compounded savings campuswide – potentially hundreds of thousands of dollars annually.”
Director, Business Affairs and Human Resources, UCSD Extenstion
Like many colleges and universities, the University of California San Diego (UCSD) Extension was concerned about the security of their student payments and the mounting requirements to remain PCI compliant as they expanded their systems. They had 20 work stations accepting walk-in and telephone payments – and each was in scope for their annual PCI SAQ C Questionnaire.
“There was a significant amount of manpower, time and effort involved to ensure our work stations and our employees were always meeting the PCI requirements,” said Daphne Pleasant, UCSD Extension Cashiering Manager.
In 2015, UCSD Extension began to explore options to reduce their PCI compliance scope and assessment. Daphne and her team attended the UC Cash and Credit Card Coordinators conference where she met the Bluefin team. “I instantly recognized that the Bluefin P2PE solution was the answer for us.”
“The P2PE Manager came with the Bluefin solution and it was something we didn’t have to create ourselves. If one of our devices becomes inactive, we can see that through the online system. And it’s perfect for PCI compliance and reporting because we can just download our reports at the end of the year.”
Cashiering Manager, UCSD Extension
Not only was the Bluefin solution PCI-validated, meaning that it could take their scope and assessment down to PCI’s 35-question SAQ P2PE-HW, but the solution was flexible enough to handle their mixed processing environment of face-to-face and call center transactions. They chose the ID Tech SREDKey, a keypad and swipe acceptance device that seamlessly connects to the work terminal laptops through a USB device.
Another selling point was Bluefin’s P2PE Manager, a 100% online management system where universities and enterprises can track device shipments, deploy or terminate devices, manage users and administrators, view P2PE transactions and manage multiple locations.