Data breaches are a threat to any industry, but did you know that the education sector is regarded as the least secure industry with the highest amount of vulnerabilities present?
With massive amounts of data collected and stored in various campus locations, the challenge to secure every endpoint is daunting. Students, faculty, alumni, donors, and administration all provide sensitive information that include personal identifiable information (PII), personal health information (PHI) and financial data. As the pandemic ushered in remote learning, an influx of internet-connected devices and new cashless payment options across campus, higher ed has become a growing target for cybercriminals.
As we prepare for the The Payments Academy Conference in May, we review the security technologies that can help mitigate the effects of a data breach in higher education, including PCI-validated point-to-point encryption (P2PE) and tokenization to devalue data.
Data breaches continue to rise in higher education, and for good reason. According to the IBM/Ponemon Cost of a Data Breach report, the average cost per breach in higher education rose to $3.86 million, with the cost per record reaching $245 on the black market. Not surprisingly, Verizon’s 2022 Data Breach investigation report revealed that 95% of cybersecurity occurrences are inspired by the possibility of financial gain – up from 70% in 2018.
On top of being a massive target for hackers, higher education has one of the slowest recovery times following an attack.
Higher education reported the slowest recovery across all sectors with 9% of respondents reporting a recovery period of 3-6 months, more than double the global average of 4%. 31% of higher education respondents took 1-3 months to recover, again almost double the global average of 16%. Overall, 40% in higher education took over a month to recover compared to the global average of 20% – with an average remediation cost of $1.42 million. (Sophos, 2022).
Higher education has a unique challenge in the fight against cyber attacks. With a multitude of users – faculty, students, alumni, etc. – institutions must use modern technologies to protect their personal and payment data within their digital ecosystem.
The Role of P2PE and Devaluing the Data in Campus Payments
When considering how to protect sensitive data in any organization – particularly lucrative payment data – there are two security paths that colleges and universities can consider: Defend the Data or Devalue the Data. With the Defend the Data approach, educational institutions can build stronger, higher, and more expensive walls of security around their systems and data.
With the Devalue the Data approach, educational institutions employ security technology to devalue the cardholder data before it reaches their point-of-sale (POS) systems, rendering the data useless to hackers if it is exposed.
PCI-validated P2PE and tokenization are examples of technologies that embody the Devalue the Data approach. Bluefin devalues all data, at the point-of-sale (POS) and online using a combination of encryption and tokenization, ensuring that your data is worthless to hackers in the event of a breach or compromise.
Bluefin’s P2PE and tokenization solutions encrypt credit and debit card data at the Point of Interaction (POI) in a PCI approved P2PE device and decryption is done only in an approved Bluefin Hardware Security Module (HSM) located outside of the university’s payment environment. Our solutions prevent clear-text cardholder data from being present in a university’s system or network where it could be accessible in the event of a data breach.
P2PE and Tokenization Secures Credit Card Information throughout the University Environment
Bluefin’s POS P2PE products are a perfect solution for in-person tuition, book and supply payments. Bluefin provides secure P2PE payment processing through our PayConex™ Gateway or through our network of Decryptx® partners for in-person payments utilizing PCI-validated P2PE POS terminals.
Athletics and Ticketing
Athletics are a significant source of revenue for colleges and universities. Bluefin provides P2PE solutions for every mode of stadium and theater payments, from mobile to countertop to advance purchase of tickets online. And we also have the widest network of ticketing software providers that have integrated to our P2PE solution.
The Development Office
Development offices do everything from accepting donations through their call center to enabling alumni payments online. Bluefin provides call center solutions with our ID Tech P2PE SREDKey 2 keypad device and secure E-commerce processing with payment iFrame and tokenization.
Bluefin’s PCI-validated P2PE solutions provide the highest level of security and flexibility for your dining establishments, including mobile devices such as the BBPOS Wisepad3, and PAX A920 / A920 Pro. And our P2PE kiosk solutions are ideal for reloading meal and purchase cards.
Universities and colleges can also have their own clinics and hospitals. And there are a variety of ways that patients can make payments on campus – from over the phone to a countertop payment, paying online, to even mobile. Bluefin has partnered with healthcare software providers, such as Epic Systems, OnPlan Health and Phreesia, to provide our PCI-validated P2PE solution through these platforms.