Select Page

University treasurers face rapid change over the next few years thanks to the continued evolution of payment technology — and fraud. Universities now face additional challenges in keeping transactions safe as the arms race between fraud tactics and security measures continues.

As the guardians over payments operations, university treasurers face daunting challenges related to risk, security, and PCI compliance. These payments pain points are serious but not insurmountable. With the right approach — and a team of payments experts to stand behind them — treasurers can protect their universities against fraud, breaches, and noncompliance while optimizing the entire payments operation. 

Fraud Risk

Fraudsters have become more sophisticated, leveraging a vast array of attacks against universities that include phishing attempts, malware, and ransomware, and identity theft. These methods are most commonly used to access payment information stored by or passing through your network. Network security goes far beyond the sole responsibility of the treasurer; however, it is something treasurers must understand to work closely with the head of network security and minimize risk. 

If there is unencrypted payment information at any point in the university’s network, seemingly unrelated attacks can give hackers the access they need to steal that information. For example, in March 2018, 144 US universities had 31 terabytes of data, including payment information, stolen by hackers. The first step in gaining access to that data was simple, unsophisticated phishing attempts to grab login credentials from less security-aware staff. 

This — and many other similar stories — highlights the need for ongoing education and training around fraud risks within universities. With new and emerging payments touchpoints, treasurers must take steps to ensure the entire network is protected, from online payments to VoIP systems

PCI Compliance

Universities are expected to offer a diverse range of the latest and most convenient payment options while facing increasing scrutiny regarding payment security and PCI compliance. As a result, universities need to ensure the many payment methods and merchants within the university’s system are both secure and PCI compliant while remaining convenient.

Point-to-point encryption removes the need to update every system and policy, bypassing all payment information to an offsite data center before being decrypted. It also eliminates the need to maintain the security of unencrypted data at individual points of sale, vastly reducing the scope and cost of PCI compliance.


Security is one of the top payments pain points for University treasurers, especially with the growing trend towards instant payment. A payment consulting firm can help you find and implement new security methods for online, contactless, and cardless payments, such as three-factor authentication.

While many treasurers are already familiar with two-factor authentication (2FA), a method of confirming identity for payment by requiring access to a second device or account owned by the customer. The two factors are ‘something you know and ‘something you have access to.’ Three-factor authentication (3FA) is similar but adds another layer of security; ‘something you are. This usually means biometrics, such as the face or fingerprint unlocking function of modern smartphones.


University treasurers face a broad swath of complex payments pain points when it comes to fraud prevention, security, and compliance. While the right tools and technology can create a strong foundation, training those within the university ecosystem on best practices is also key. 

If you’re looking for help selecting the right tools, technologies, or approach, contact us for a free consultation. The Arrow Payments team is deeply experienced across payments fraud, security, and compliance — and we can help you optimize payments from end to end.  



Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

What to Know During the PCI DSS v4.0 Transition

What to Know During the PCI DSS v4.0 Transition

The Payment Card Industry Data Security Standard (PCI DSS) is focused on protecting cardholder data. As fraud and cybercriminals evolve, so must the standards by which organizations secure data, which is why we're in a phase of PCI DSS v4.0 Transition. The aim of the...

Understanding Real-Time Payments for Higher Ed

Understanding Real-Time Payments for Higher Ed

Real-time payments continue to gain momentum in 2022, especially as a new economic environment spurs the need for faster payments. As cross-border payments continue to gain steam, real-time payments show promise to aid those capabilities, too. The focus has long been...

What’s New in Treasury Tech?

What’s New in Treasury Tech?

Treasury departments hold a critical role in driving success for companies. Between financial planning, managing payments, and mitigating future risk, treasury departments must stay apprised of the latest technology developments to manage these responsibilities well. ...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery