Congratulations! Your chair, dean or director has asked you to organise an event for your department such as a conference, workshop or fundraising luncheon! All of a sudden, you will be exposed to the joys of booking room space, dealing with catering, and – best of all – organising the means to accept payment for registration! These are the opportunities of which you dreamed when you started work at Carleton!
The best route if you need to accept payments is to make use of the CU Ecommerce service provided by ITS. We offer an easy and good value solution to allow you to accept payments for registrations (or for selling goods or services) while enabling you to collect all kinds of information about the purchaser, from their email address to their accessibility requirements and any dietary restrictions.
That is great – but the question on everyone’s lips is: does CU Ecommerce help the university meet its PCI DSS compliance obligations?
Meet its what now? I hear you cry. Maybe a little background info would be helpful here.
The Powerful Beast that is PCI
All payments using credit and debit cards are governed by the Payment Card Industry (PCI). This organisation is a powerful beast, you will be shocked to hear.
Card payments in Canada alone account for over 20 billion payments, transacting $9 trillion per annum. PCI is understandably keen on regulations and best practices when it comes to safe and secure use of payment cards, and it maintains these rules and practices in a protocol called the Data Security Standard (the DSS). If you are a merchant this means you have to abide by what it says you have to do in order to accept secure payments. If the university breaches the DSS rules it opens itself up to fines of over $100,000 per month.
Taming the Beast
ITS and the Business Office takes this very seriously, and therefore one of the big advantages of engaging the CU ecommerce service, is that we dedicate a lot of time to ensuring the service is PCI DSS compliant. How do we do that? Glad you asked! We:
- analyse the regulations and apply them to the technical solution we provide,
- draw on expertise from the ITS Security department
- work with the Business Office on ways to remain PCI compliant (The Business Office now employs a fulltime PCI Compliance Officer)
- meet regularly with consultants who allow us to understand what we need to do to keep credit card payments safe and secure, and
- (perhaps most importantly) provide a solution that directs your customers to a 3rd party secure gateway, trusted and inspected by PCI, where users enter their credit card details.
The service offers many other benefits
- It is super secure. Carleton and its employees never have access to the payment card number or its security code. This information is only ever input by the user on the 3rd party secure gateway we employ. This is the ideal scenario.
- It is an extremely cost effective solution. As well as paying the credit card fees of 1.76% and the secure gateway fee of $0.16 per transaction, the only other cost is the ITS fee of $100 per ecommerce event per year. As well as paying for maintaining the web servers where the ecommerce pages are hosted, this money covers the extra fees you are obliged to pay as a merchant – for example, registration with E-xact, and ‘Interchange’ fees*
- No reconciliation for you! We reconcile payments with the Business Office on your behalf. You may not know but the university has a policy which enshrines the obligation of anyone accepting a credit card payment to reconcile that payment on the next working day with the Business Office. This is so that when the payment comes into the university as part of a big pot of money from the clearing bank every week, Carleton knows whose money is whose and can pay it out to your department. So as part of our service, instead of you having to prepare an account spreadsheet every morning to send to the Business Office, our Financial Officer does this for you. That alone, surely, is worth $100!
Bear in mind also that this system allows you to seamlessly integrate your payments with the university’s chosen clearing bank, Chase Paymentech – something that off-the-rack [MR1] third party services cannot manage for you (which basically means you cannot use services like PayPal or EventBrite).
If you are interested in using the CU Ecommerce service, please contact the ITS Service Desk or complete the form on this page. We would love to hear from you.
==
*What are “Interchange” fees? Any credit card that employs an incentive scheme such as Aeroplan points, Air Miles, or a percentage cash-back, passes along the cost of that scheme to the merchant – that is to say: you. But these fees are included in the $100 fee we charge, even if they exceed that amount!