Re: Experience with HigherOne or TouchNet for payment processing?

[David Curry <david.curry () NEWSCHOOL EDU>]

We just ordered new Ingenico ISC250 POS devices from TouchNet. They're
supported by Cashiering 6.0 and above, and implement point-to-point
encryption (P2PE), which lets you remove the Cashiering PCs from your PCI
scope.

There's currently some issue with the PCI SSC being behind on the
certification of P2PE solutions, but that will supposedly be worked out
soon. Since we're probably going to wait until we go to TouchNet 6.5 this
fall to deploy the new POS devices, the backlog doesn't (we hope) really
affect us.

--Dave




--

*DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY

*THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry () newschool edu



On Mon, Jun 24, 2013 at 11:25 AM, Bohlk, Christopher J. <cbohlk () pace edu>wrote:

>  Hi Jim and All,****
>
> ** **
>
> Are you running the Touchnet payment stations on a dedicated desktop
> machine that only serves to process credit card transactions?  Do those
> staff members using Touchnet to process credit cards have a separate, 2ndmachine to conduct all other daily work 
> including, email, access to other
> systems, and web browsing?****
>
> ** **
>
> Thanks,****
>
> Chris  ****
>
> ** **
>
> Chris Bohlk, CISSP, C|EH****
>
> Pace University****
>
> Information Security Officer****
>
> Information Technology Services (ITS)****
>
> 235 Elm Road, West Hall 212A****
>
> Briarcliff Manor, NY 10510****
>
> (914)923-2649  Office****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Mayne, Jim
> *Sent:* Friday, June 21, 2013 4:58 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Experience with HigherOne or TouchNet for
> payment processing?****
>
> ** **
>
> TCU has used Touchnet for several years and has standardized on their
> services. Our Financial Services folks are very happy and we require all
> applications to be “Touchnet Ready” partners (except of course Paciolan L
> ).****
>
> ** **
>
> Jim****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Walther, Benjamin J.
> *Sent:* Wednesday, June 19, 2013 3:05 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Experience with HigherOne or TouchNet for payment
> processing?****
>
> ** **
>
> We’re evaluating vendors for use as third party payment processing, with a
> goal off keeping PCI requirements as low as possible.****
>
> Towards that end, does anyone have experience with HigherOne’s or
> TouchNet’s payment processing service, as a former or current client? Does
> not have to be security-centric, though that is a concern. How does their
> service fare in terms of security practices, reliability, availability,
> support, etc? Any changes over time?****
>
> No responses will be quoted or attributed (unless specifically asked to
> be). This is an informal poll, not part of an RFP or any other
> documentation. Even just a quick “we use them and rarely think about it”
> would be much appreciated.****
>
> Ben Walther****
>
> Information Security Operations, Tufts University****
>
> (617) 627-2640****
>
> ** **