University treasurers face rapid change over the next few years thanks to the continued evolution of payment technology — and fraud. Universities now face additional challenges in keeping transactions safe as the arms race between fraud tactics and security measures continues.
As the guardians over payments operations, university treasurers face daunting challenges related to risk, security, and PCI compliance. These payments pain points are serious but not insurmountable. With the right approach — and a team of payments experts to stand behind them — treasurers can protect their universities against fraud, breaches, and noncompliance while optimizing the entire payments operation.
Fraudsters have become more sophisticated, leveraging a vast array of attacks against universities that include phishing attempts, malware, and ransomware, and identity theft. These methods are most commonly used to access payment information stored by or passing through your network. Network security goes far beyond the sole responsibility of the treasurer; however, it is something treasurers must understand to work closely with the head of network security and minimize risk.
If there is unencrypted payment information at any point in the university’s network, seemingly unrelated attacks can give hackers the access they need to steal that information. For example, in March 2018, 144 US universities had 31 terabytes of data, including payment information, stolen by hackers. The first step in gaining access to that data was simple, unsophisticated phishing attempts to grab login credentials from less security-aware staff.
This — and many other similar stories — highlights the need for ongoing education and training around fraud risks within universities. With new and emerging payments touchpoints, treasurers must take steps to ensure the entire network is protected, from online payments to VoIP systems.
Universities are expected to offer a diverse range of the latest and most convenient payment options while facing increasing scrutiny regarding payment security and PCI compliance. As a result, universities need to ensure the many payment methods and merchants within the university’s system are both secure and PCI compliant while remaining convenient.
Point-to-point encryption removes the need to update every system and policy, bypassing all payment information to an offsite data center before being decrypted. It also eliminates the need to maintain the security of unencrypted data at individual points of sale, vastly reducing the scope and cost of PCI compliance.
Security is one of the top payments pain points for University treasurers, especially with the growing trend towards instant payment. A payment consulting firm can help you find and implement new security methods for online, contactless, and cardless payments, such as three-factor authentication.
While many treasurers are already familiar with two-factor authentication (2FA), a method of confirming identity for payment by requiring access to a second device or account owned by the customer. The two factors are ‘something you know and ‘something you have access to.’ Three-factor authentication (3FA) is similar but adds another layer of security; ‘something you are. This usually means biometrics, such as the face or fingerprint unlocking function of modern smartphones.
University treasurers face a broad swath of complex payments pain points when it comes to fraud prevention, security, and compliance. While the right tools and technology can create a strong foundation, training those within the university ecosystem on best practices is also key.
If you’re looking for help selecting the right tools, technologies, or approach, contact us for a free consultation. The Arrow Payments team is deeply experienced across payments fraud, security, and compliance — and we can help you optimize payments from end to end.