1 / 28

Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough?

Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough?. Paul Aries, RVP, Nelnet Business Solutions Ann Holland, Associate Dean Business Affairs Hopkinsville Community College. Introductions Background Issues Solutions Questions. Agenda.

michelle-dillard
Télécharger la présentation

Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough? Paul Aries, RVP, Nelnet Business Solutions Ann Holland, Associate Dean Business Affairs Hopkinsville Community College

  2. Introductions Background Issues Solutions Questions Agenda

  3. State system for 16 community and technical colleges – 67 Campus locations 100,000+ students 600 credit degree certificate programs Hopkinsville Community College 3755 Students 2 Campus locations offering courses at 6 sites Kentucky Community & Technical College System (KCTCS)

  4. About Nelnet Business Solutions Focused on Higher Education Built for education by education Over 800 college and universities 30 years combined experience in education Leading provider of payment plans and campus commerce On the PCI Standards Council PCI Level 1 compliant service provider NACHA compliant service provider Red Flag compliant service provider Serving KCTCS since 2002

  5. Higher education is unique Higher education makes up about 15% of the published internet space* Higher education networks Are LARGE and COMPLEX Traditionally “open” for collaboration Application security is not a critical part of doing business * Source: Indiana University Higher Education Challenges Session ID 0926

  6. Many groups, organizations and departments want to offer credit card and check payments to their customers, but they all have Different needs Resource limitations Lack of payment processing knowledge Commerce is complex, risky, and involves many different groups Who is in charge? Is there a defined process? Reduction in Budgets Higher Education Challenges Session ID 0926

  7. Invoicing Process • Paper is Expensive • Printed, folded, sealed, postage • Paper/folder jams • Cut/paste international student invoices for emails • Address issues • Returned mail • Email is open source network • Costly to develop • ERP Functionality? Session ID 0926

  8. Payment Card Industry Data Security Standards (PCI- DSS) came into effect Compliance was a major concern Collecting card information on ERP No centralized control over credit card processing Merchant fees Do not know what departments were doing Universities are not in the payment processing business We are in the business of education, not payments Issues with Payment Processing Session ID 0926

  9. Timing (compliance) Cost for paper checks Staffing and manhours Printed, folded, sealed, postage Address issues Returned mail Refunds

  10. Labor intensive Managing enrollment process High call volume – questions Follow-up on missed payments Technology/Resources The costs associated with credit card processing Compliance with regulations (PCI, NACHA and Red Flag) Challenges in Managing Payment Plans

  11. Low Collections/high receivables Payment decisions for students Poor student services Long lines & waiting Lack of Functionality in ERP system Changes, Changes, Changes! Reconciliation Colleges and Universities are not in the payment processing business Challenges in Managing Payment Plans

  12. Reduce services – not offer services What are your options?

  13. What are your options? • Do nothing-suffer along– accept risk • Poor student services • Frustrated staff • Hope there are no problems

  14. What are your options? • Throw money at it!!! • Increase staffing • Develop technology internally

  15. Solution = Outsource

  16. Save Money Programs not available without third party (Convenience fee) Generate income Outsource the work and still generate income Increasing affordability & payment flexibility Reduce workload on staff Provide better customer service Utilize Proven Technology Integration with ERP Reputation Advantages of Outsourcing

  17. What can they do now… what can they do later? Keeping up with the industry Keeping up with compliance Transfer Compliance Risk Present – compliant systems Future – vendor will keep up on future regulations Red Flag PCI Advantages of Outsourcing

  18. Establish a strategic partnership where there is: A shared risk / reward An alignment of goals and vision A defined resolution process Highly engaged project management and customer support Create a Partnership

  19. Outsourcing Business Processes Look for: Functionality Technology Ability to deliver Vision Service / Support Cost References Accountability

  20. Strategies for Compliance Accept the risk Mitigate the risk Avoid the risk Transfer the risk Session ID 0926

  21. Do you really need the data? Eliminate non-compliant systems Evaluate co-sourcing partnerships Avoid the risk Avoiding Risk Session ID 0926

  22. Transfer the risk Transferring the Risk • User sent to PCI-compliant service provider • Card data managed by service provider • Consolidated payment processing • Consolidated reporting • Centralized management .EDU PCI-Compliant Service Provider Business App Commerce Server & Payment Apps Transfer of user Transfer of user Business App Session ID 0926

  23. Is sensitive data stored securely? credit card, banking and personal information Is sensitive data stored in your ERP? Do you change vendor supplied passwords? Do you have defined procedures for accepting credit card payments? Do you manage your own direct deposit of refunds? Do you complete a Self Assessment Questionnaire annually? Who is responsible & do they know what they are looking for? Are you Vulnerable? Session ID 0926

  24. Cost of non-compliance is more expensive than compliance! $100,000 minimum fine from each card association Cost to notify the victims Cost to replace the cards ($10/card) Cost for any fraudulent transactions Forensics from a QSA Level 1 certification Why Should I Care? Session ID 0926

  25. Seamless integration to a schools ERP Fully hosted solution (ASP) Ability to deliver additional services beyond hosted payment screens eBilling Payment Plans Authorized third party access Student Refunds Potential to reduce and avoid interchange rates Cashiering Reduction of PCI scope for your institution Benefits of Using NBS

  26. Summary • Regulatory Compliance has become more critical, more time consuming, more expensive • Leverage NACHA compliant ACH processing • Eliminate paper checks – convert to ACH/Check 21 at point of sale • Utilize role-based access and security • Extensive audit trail • Improve staff efficiency & reduce workload • Improved Customer Service

  27. Summary Higher education IS unique PCI compliance is NOT optional You are always one change control away from being out of compliance Reduce scope by removing credit card and banking from your systems Non-compliance is more expensive than compliance Compliance is a journey not a destination Outsourcing to the right partner can be the way to go! Session ID 0926 27

  28. Paul Aries, Regional Vice President Nelnet Business Solutions paul.aries@nelnet.net 800-811-1079 Ann Holland Associate Dean, Business Affairs Hopkinsville Community College Ann.holland@kctcs.edu (270)707-3724 Thank You!

More Related