With higher education records going for $245 on the black market, it’s no surprise that data breaches in this industry are on the rise. A 2017 study conducted by the Ponemon Institute found that the cost of a data breach in U.S. education is higher than the cost in other countries. And Ed Tech reports that the number of lost, stolen or compromised data records went up 164% in the first six months of 2017 compared to the last half of 2016, with educational data breaches accounting for 13% of all data breaches.
These records are favored by cyber thieves because universities typically have a lot of information about their students, including social security numbers, driver license numbers, and birth dates. Having all of this information about one person, in one place, makes universities a very tempting target for hackers.
Now more than ever it’s important for universities and colleges to protect their data. There are two security paths that colleges and universities can take in the fight against data breaches: Defend the Data or Devalue the Data. With the Defend the Data approach, educational institutions build stronger, higher, and more expensive walls of security around their systems and data.
With the Devalue the Data approach, educational institutions employ security technology to devalue the cardholder data before it reaches their point-of-sale (POS) systems, rendering the data useless to hackers if it is exposed.
PCI-validated P2PE Helps Secure Campus Payments
PCI-validated Point-to-Point Encryption (P2PE) is an ideal technology to devalue payment data. Bluefin’s P2PE solutions encrypt credit and debit card data at the Point of Interaction (POI) in a PCI approved P2PE device and decryption is done only in an approved Bluefin Hardware Security Module (HSM) located outside of the university’s payment environment. Our solutions prevent clear-text cardholder data from being present in a university’s system or network where it could be accessible in the event of a data breach.
There are a variety of ways that P2PE can secure your campus payments:
-
Bursar’s Office
Bluefin’s retail POS P2PE products are a perfect solution for in-person tuition, book and supply payments. Bluefin provides secure P2PE payment processing through our PayConex™ Gateway or through our network of Decryptx® partners for in-person payments utilizing PCI-validated P2PE POS terminals.
-
Athletics and Ticketing
Athletics are a significant source of revenue for colleges and universities. Bluefin provides P2PE solutions for every mode of stadium and theater payments, from mobile to countertop to advance purchase of tickets online. And we also have the widest network of ticketing software providers that have integrated to our P2PE solution.
-
Development Office
Development offices do everything from accepting donations through their call center to enabling alumni payments online. Bluefin provides call center solutions with our ID Tech P2PE SREDKey keypad device and secure E-commerce processing with payment iFrame and tokenization.
-
Dining
Bluefin’s PCI-validated P2PE solutions provide the highest level of security and flexibility for your dining establishments, from processing via an iPad or iPhone to a full POS solution with register, printer and barcode scanner. And our P2PE kiosk solution is ideal for reloading meal and purchase cards.
-
Health Clinics/Hospitals
Universities and colleges can also have their own clinics and hospitals. And there are a variety of ways that patients can make payments on campus– from over the phone to a countertop payment, paying online, to even mobile. Bluefin has partnered with healthcare software providers, such as Epic Systems, OnPlan Health and Phreesia, to provide our PCI-validated P2PE solution through these platforms.
-
Parking
We have all of your parking on campus needs covered with our unattended devices from manufacturers including ID Tech and Ingenico, including the ID Tech Spectrum Pro, ID Tech Augusta and the Ingenico iUC285.
The UCSD Extension Story
Bluefin serves more than 300 educational institutions, including The University of California San Diego (UCSD) Extension, and in 2016, we published our first educational case study on their implementation. Like many colleges and universities, UCSD Extension was concerned about the security of their student payments and the mounting requirements to remain PCI compliant as they expanded their systems. They had 20 work stations accepting walk-in and telephone payments – and each was in scope for their annual PCI SAQ C Questionnaire.
“There was a significant amount of manpower, time and effort involved to ensure our work stations and our employees were always meeting the PCI requirements,” said Daphne Pleasant, UCSD Extension Cashiering Manager.
In 2015, UCSD Extension began to explore options to reduce their PCI compliance scope and assessment. Daphne and her team attended the UC Cash and Credit Card Coordinators conference where she met the Bluefin team. “I instantly recognized that the Bluefin P2PE solution was the answer for us.”
Not only was the Bluefin solution PCI-validated, meaning that it could take their scope and assessment down to PCI’s 33-question SAQ P2PE-HW, but the solution was flexible enough to handle their mixed processing environment of face-to-face and call center transactions. Another selling point was Bluefin’s P2PE Manager, a 100% online management system where universities and enterprises can track device shipments, deploy or terminate devices, manage users and administrators, view P2PE transactions and manage multiple locations.
As a result of the implementation, UCSD saved $60,000 in PCI penetration scanning/testing resulting from a reduction in PCI scope to the SAQ P2PE-HW and were able to reduce their IT infrastructure and staff.
Learn More about PCI-Validated P2PE for Your Organization
We have several resources for colleges and universities that provide greater detail on PCI-validated P2PE on our Media page, including our cases studies, our white papers and also our webinars hosted by Chief Strategy Officer, Ruston Miles. Our 2017 webinar for higher education provides a detailed overview on the state of data breaches, current payment security technologies, the role of PCI-validated P2PE in protecting card data, validated vs. non-validated solutions, and the scope reduction and cost savings of PCI P2PE. Specifically, it covers:
- The current state of payment security
- How malware operates to steal credit card data
- The role of EMV (chip cards), Tokenization and P2PE
- The origin of PCI-validated P2PE and how it differs from non-validated solutions
- PCI-validated P2PE scope reduction and cost benefits
- UC San Diego Case Study
- Bluefin P2PE Education Partners
You can also contact us for more information on our solutions for education.