Re: On-Campus Credit Card Transactions

[Kimberly Heimbrock <heimbrockk () NKU EDU>]

In a related question... curious to know about any .edu's that now have a dedicated PCI office and/or resources that 
work toward PCI compliance?  Seems to be a growing trend to set up a PCI office that is dedicated (and supported by 
executive leadership).  Also - how are external partners such as food service, bookstores, sports arenas, etc. 
encouraged and/or forced to comply since they are typically separate entities but are most often using university 
networks?   Thanks in advance for your replies.


Kim Heimbrock
Director, IT Policy and Compliance
Northern Kentucky University
(859) 572-5139
heimbrockk () nku edu



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christopher Hickernell
Sent: Wednesday, March 21, 2012 9:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] On-Campus Credit Card Transactions

All of our credit card machines have dedicated phone lines for processing payments.  Locations such as the book store, 
where the credit card reader is integrated into the POS, the transactions are sent through a server in a secluded 
network before being processed.  This server is maintained by the POS vendor and is not connected to the University's 
network.  Payments that are generated by Housing or Student Accounts for tuition, room, board, etc. are off-loaded to 
TouchNet for processing.  TouchNet only receives the payment details from our systems.  They are responsible for 
acquiring the CC number from the user, processing the payment, and then returning the results to our systems-so no 
credit card number is ever acquired by an on campus system and never traverses our network.

Christopher Hickernell, CCNA, MCSE
Network Support Specialist, ResNet Manager
Clarion University of Pennsylvania
Center for Computing Services
G-13 Still Hall, Clarion, PA 16214
chickernell () clarion edu<mailto:chickernell () clarion edu> | 814.393.2218

"To be a long-term success, you have to have failures.  People who are working near their limit make mistakes and take 
risk."
~Gerry McCartney, Purdue University



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert 
Yoka
Sent: Monday, March 19, 2012 6:49 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] On-Campus Credit Card Transactions

I have noticed from some of the EDUCAUSE archives that there are some institutions who have the policy of disallowing 
the storage, processing, or transmission of credit card information for any system on their network.  For those who 
have been successful with this, how are you enabling credit card transactions on-campus at places like the bookstore, 
cafes, or any other point-of-sale?

--
Robert J. Yoka
Information Security Administrator
Information Technology
York College of Pennsylvania
441 Country Club Road
York, PA 17403

Email: ryoka () ycp edu<mailto:ryoka () ycp edu>
Voice: 717-815-1784
Cell: 717-577-0737


This information is intended solely for the use of the individual to whom it is addressed.

Any review, disclosure, copying, distribution or use of this e-mail communication by

others is strictly prohibited.  If you are  not the intended recipient, please notify us

immediately by returning  this message to the sender and delete all copies.