Learning Center
Plans & pricing Sign in
Sign Out

Mitigating Risk and Improving Efficiency with Third Party Vendors


									  Mitigating Risk and Improving
Efficiency with Third Party Vendors
    – When is enough… enough?
             Paul Aries, RVP, Nelnet Business Solutions
           Ann Holland, Associate Dean Business Affairs
                         Hopkinsville Community College
» Introductions
» Background
» Issues
» Solutions
» Questions
   Kentucky Community & Technical
       College System (KCTCS)
• State system for 16 community and
  technical colleges – 67 Campus locations
• 100,000+ students
• 600 credit degree certificate programs
• Hopkinsville Community College
  – 3755 Students
  – 2 Campus locations offering courses at 6 sites
About Nelnet Business Solutions
 • Focused on Higher Education
    – Built for education by education
 • Over 800 college and universities
 • 30 years combined experience in education
 • Leading provider of payment plans and campus
 • On the PCI Standards Council
 • PCI Level 1 compliant service provider
 • NACHA compliant service provider
 • Red Flag compliant service provider
 • Serving KCTCS since 2002
            Higher Education Challenges
     • Higher education is unique

     • Higher education makes up about 15% of the
       published internet space*

     • Higher education networks
       – Are LARGE and COMPLEX
       – Traditionally “open” for collaboration
       – Application security is not a critical part of
         doing business

Session ID 0926
            Higher Education Challenges
• Many groups, organizations and departments
  want to offer credit card and check payments to
  their customers, but they all have
   – Different needs
   – Resource limitations
   – Lack of payment processing knowledge
• Commerce is complex, risky, and involves many
  different groups
   – Who is in charge?
   – Is there a defined process?
• Reduction in Budgets

Session ID 0926
                   Invoicing Process
      •Paper is Expensive
            – Printed, folded, sealed, postage
            – Paper/folder jams
            – Cut/paste international student invoices for
            – Address issues
            – Returned mail
      •Email is open source network
      •Costly to develop
      •ERP Functionality?

Session ID 0926
  Issues with Payment Processing
• Payment Card Industry Data Security
  Standards (PCI- DSS) came into effect
  – Compliance was a major concern
  – Collecting card information on ERP
  – No centralized control over credit card
  – Merchant fees
  – Do not know what departments were doing
  – Universities are not in the payment processing
  – We are in the business of education, not

  Session ID 0926
• Timing (compliance)
• Cost for paper checks
• Staffing and manhours
  – Printed, folded, sealed, postage
  – Address issues
  – Returned mail
Challenges in Managing Payment Plans
    • Labor intensive
      – Managing enrollment process
      – High call volume – questions
      – Follow-up on missed payments
    • Technology/Resources
    • The costs associated with credit card
    • Compliance with regulations (PCI,
      NACHA and Red Flag)
Challenges in Managing Payment Plans
 • Low Collections/high receivables
     – Payment decisions for students
 • Poor student services
     – Long lines & waiting
 •   Lack of Functionality in ERP system
 •   Changes, Changes, Changes!
 •   Reconciliation
 •   Colleges and Universities are not in the
     payment processing business
         What are your options?
• Reduce services – not offer services
       What are your options?
•Do nothing-suffer along– accept risk
  •Poor student services
  •Frustrated staff
  •Hope there are no problems
   What are your options?
•Throw money at it!!!
  •Increase staffing
  •Develop technology internally
Solution = Outsource
      Advantages of Outsourcing

• Save Money
    – Programs not available without third party (Convenience fee)
• Generate income
    – Outsource the work and still generate income
•   Increasing affordability & payment flexibility
•   Reduce workload on staff
•   Provide better customer service
•   Utilize Proven Technology
•   Integration with ERP
•   Reputation
       Advantages of Outsourcing
• What can they do now… what can they do later?
  – Keeping up with the industry
  – Keeping up with compliance
• Transfer Compliance Risk
  – Present – compliant systems
  – Future – vendor will keep up on future regulations
     • Red Flag
     • PCI
         Create a Partnership

Establish a strategic partnership where there is:
• A shared risk / reward
• An alignment of goals and vision
• A defined resolution process
• Highly engaged project management and
  customer support
 Outsourcing Business Processes
Look for:
    • Functionality
    • Technology
    • Ability to deliver
    • Vision
    • Service / Support
    • Cost
    • References
    • Accountability
         Strategies for Compliance

                  Accept     Mitigate
                  the risk   the risk

                   Avoid     Transfer
                  the risk   the risk

Session ID 0926
                   Avoiding Risk    Avoid
                                   the risk

Do you really need the data?

Eliminate non-compliant systems

Evaluate co-sourcing partnerships

 Session ID 0926
                  Transferring the Risk                              Transfer
                   • User sent to PCI-compliant service provider
                                                                     the risk
                   • Card data managed by service provider
                   • Consolidated payment processing
                   • Consolidated reporting
                   • Centralized management
                                                         Service Provider

                                                               Commerce Server
                                                                Payment Apps

Session ID 0926
                   Are you Vulnerable?
• Is sensitive data stored securely?
   – credit card, banking and personal information
• Is sensitive data stored in your ERP?
• Do you change vendor supplied passwords?
• Do you have defined procedures for accepting
  credit card payments?
• Do you manage your own direct deposit of
• Do you complete a Self Assessment
  Questionnaire annually?
   – Who is responsible & do they know what they are looking for?

 Session ID 0926
                    Why Should I Care?
• Cost of non-compliance is more expensive than
   – $100,000 minimum fine from each card
   – Cost to notify the victims
   – Cost to replace the cards ($10/card)
   – Cost for any fraudulent transactions
   – Forensics from a QSA
   – Level 1 certification

  Session ID 0926
          Benefits of Using NBS
• Seamless integration to a schools ERP
• Fully hosted solution (ASP)
• Ability to deliver additional services beyond
  hosted payment screens
   – eBilling
   –   Payment Plans
   –   Authorized third party access
   –   Student Refunds
   –   Potential to reduce and avoid interchange rates
   –   Cashiering
• Reduction of PCI scope for your institution
• Regulatory Compliance has become more
  critical, more time consuming, more expensive
• Leverage NACHA compliant ACH processing
• Eliminate paper checks – convert to
  ACH/Check 21 at point of sale
• Utilize role-based access and security
• Extensive audit trail
• Improve staff efficiency & reduce workload
• Improved Customer Service
• Higher education IS unique
• PCI compliance is NOT optional
• You are always one change control away from
  being out of compliance
• Reduce scope by removing credit card and
  banking from your systems
• Non-compliance is more expensive than
• Compliance is a journey not a destination
• Outsourcing to the right partner can be the way
  to go!

 Session ID 0926                                    27
      Thank You!
           Paul Aries,
    Regional Vice President
   Nelnet Business Solutions

          Ann Holland
Associate Dean, Business Affairs
Hopkinsville Community College

To top