System Business Officers

Expand all | Collapse all

Credit Cards

  • 1.  Credit Cards

    Posted 10-01-2018 06:58 PM

    Hello

    Three years ago, the College started to use a PeopleSoft ERP called ctcLink. While I am just an accountant, the issue the College is having is accepting credit cards at our cashiering window, there is some issue with PCI compliance and the storage of credit card information in ctcLink.  We do not have a problem with students paying their tuition and fees online, as we use a company called CyberSource, they store the information and we have been audited by our State Treasurer for PCI compliance last year and passed.

    We could accept credit cards at our cashiering window, but since we would not store credit card numbers, whenever a refund is processed, instead of refunding the amount back to the credit card that paid the student charges, our system would instead issue the student a check for the amount of the refund, a violation of Visa International rules. In addition, If Mom or Dad paid "Junior's" tuition with a credit card, and Jr. decided to drop his classes, he would be issued a refund check, and Mom or Dad may not be very happy with us, and we may have some legal exposure if the parents wanted to go after us for not refunding their credit card.

    I have been asked by College Leadership to see if there are any solutions out there that other institutions of higher education have used to solve a similar problem with taking credit cards at the cashier's window, while complying with both PCI and Visa International rules.

    It just seems to me in this day and age of the microchip and internet, there has to be a solution for this, and I do not want to have to re-invent the wheel here.

    There has to be a vendor with a product that can interface with our accounting system and a credit card machine, if you are using such a product, or know of one that might help us, I would appreciate any feedback.

    Thank you.



    ------------------------------
    Cliff Frederickson
    Director of Financial Services
    Tacoma Community College
    cfrederickson@tacomacc.edu
    ------------------------------


  • 2.  RE: Credit Cards

    Posted 10-02-2018 08:46 AM

    There are several products out there that interface with ERP systems. The one I am most familiar with is TouchNet's Cashiering software. This would allow you to accept credit cards via in-person transactions through their secured POS system. The transactions would then feed appropriately to the student account while also updating the general ledger. My institution is not currently utilizing TouchNet's Cashiering software, as we got out of the business of accepting in-person credit card transactions years ago. Instead we have setup a computer kiosk (with the necessary security measures) that students log into their student portal and can choose to pay by credit card through our third party vendor. These transactions then feed to the student account, as well as update the general ledger. Any necessary refunds due back to the student, from their credit card transactions, are then refunded to the card used.

     

    Meghan M. Carr

    Director, Cashiers Office

    University of Missouri

     

    How are we doing? Please click here to provide feedback.

     






  • 3.  RE: Credit Cards

    Posted 10-02-2018 08:49 AM
    I have used NBS in the past (Nelnet). We will be implementing OnPlanU starting with the upcoming summer semester. Refunding back to the credit card is a big plus.

    ------------------------------
    Susan Rose
    Bursar
    Rollins College
    srose@rollins.edu
    ------------------------------



  • 4.  RE: Credit Cards

    Posted 10-02-2018 09:09 PM
    Hi Susan,

    NelNet Campus Commerce integrated with Bluefin's P2PE SRED device a few months ago- in case you're still using NelNet.

    OnPlanU is also integrated with Bluefin's P2PE SRED solution. If you're going to be taking card present and not present transactions, P2PE validated solutions are definitely worth looking at for scope reduction and cost savings.

    ------------------------------
    Jane Aube
    Loan Programs & Compliance Specialist
    Middlebury College
    jaube@middlebury.edu
    ------------------------------



  • 5.  RE: Credit Cards

    Posted 10-02-2018 09:02 PM
    Hi Cliff,

    I'm not familiar with PeopleSoft, but I have a good amount of experience with PCI and various payment processing solutions.

    Middlebury has contracted with Bluefin Payment Services for their P2PE validated payment solution. We use the Bluefin credit card stand-alone terminals (PAX S500's) connected to the Bluefin payment gateway; PayConex. We have (25) locations that have these devices each connected to their own merchant accounts. Staff have logins to the PayConex payment gateway where each transaction is listed. You can refund a transaction directly from the PAX S500 if you have the original reference number OR you can log into the PayConex gateway, pull up the original transaction and refund from there. Bluefin uses tokenization (in addition to P2PE) so storing cardholder is not necessary.

    You might also consider purchasing Bluefin IDTech SRED devices (simple P2PE keypad device) that connects to the staff workstation via USB. The SRED device is used with PayConex Virtual Terminal, cards can be swiped on that instead of a PAX stand alone terminal. Example: Cashier needs to take a credit card payment either in person or on the phone, he/she logs into PayConex from their workstation, swipes or keys the card data into the SRED device and it shows in the PayConex gateway. An electronic receipt can be sent from the gateway.

    Another alternative that you may consider is using the CyberSource Virtual Terminal. CyberSource is working with Bluefin to integrate the IDTECH SRED device to the Virtual terminal. The Cashier would log into your existing CyberSource gateway account, click on Virtual terminal, swipe or key the card on the SRED device and the transaction shows in CyberSource. CyberSource is currently coding the virtual terminal to not allow card holder data entry from a workstation keyboard when the SRED device is connected.

    Middlebury utilizes only PCI SSC P2PE validated solutions for card present and card not present transactions. Utilizing P2PE validated solutions has significantly reduced our PCI scope on our campuses. We used to have dedicated workstations, for payment card data entry, on staff desks. The dedicated workstations were on a separate VLAN and locked down to only allow access to the payment gateways. This was very expensive and labor intensive for our IT and Finance staff.

    I'm happy to discuss further if you have any questions.

    Best regards,





    ------------------------------
    Jane Aube
    Loan Programs & Compliance Specialist
    Middlebury College
    jaube@middlebury.edu
    802-443-5790
    ------------------------------



  • 6.  RE: Credit Cards

    Posted 10-03-2018 11:36 AM

    Hello Cliff,


    Ask CyberSource if they have a cashier window solution and ask PeopleSoft what third-party partners they have to address the PCI weaknesses in the current system set-up or what solution do they themselves have to address the PCI weaknesses in ctcLink.  PeopleSoft has to be aware of their PCI weaknesses and should be able to provide some guidance more economical than buying new solutions.   


    We operate Ellucian Colleague and use TouchNet.  TouchNet is a partner provider with Ellucian. 


    Hope this helps,

    Pat



    Patricia Disbrow, CPA, District Comptroller

    Dallas County Community College District

    4343 IH 30

    Mesquite, TX  75150

    972-860-7946 or 7720






  • 7.  RE: Credit Cards

    Posted 10-05-2018 01:01 PM
    ​Thank you to everyone who responded to this message or emailed me directly.  We now have enough information where we are reaching out to vendors to help us with this matter.

    Cliff

    ------------------------------
    Cliff Frederickson
    Director of Financial Services
    Tacoma Community College
    cfrederickson@tacomacc.edu
    ------------------------------