Validated Point-to-Point Encryption (P2PE)™ Solution

Download PDF
0 downloads 21 Views 312KB Size Report
Comment
simplifies merchant efforts to comply with PCI DSS through point-to-point data encryption ... School of Law and #17-rank
CASE STUDY

Validated Point-to-Point Encryption (P2PE)™ Solution THE MERCHANT With 21,000 enrolled students across three campuses in 12 schools and colleges, Northwestern University is committed to excellent teaching, innovative research and the personal and intellectual growth of its students in a diverse academic community. Ranked #12 among USA universities, Northwestern’s 240-acre Evanston campus is home to #5-ranked Kellogg School of Management. The University’s 25-acre Chicago campus is also home to #12-ranked Pritzker School of Law and #17-ranked Feinberg School of Medicine. Northwestern’s annual operating budget is $2 billion, inclusive of $650 million in sponsored research, with an endowment of $10.5 billion. For more information please visit: http://www.northwestern.edu/about/

THE P2PE SOLUTION CardConnect (NASDAQ: CCN) is a leading processing and technology solutions provider, helping more than 65,000 businesses accept billions of dollars in transactions each year. CardConnect’s advanced payments suite is backed by the most aggressive security measures in the industry: patented tokenization and PCI-listed point-to-point encryption (P2PE). This powerful combination results in simplified efforts to comply with PCI DSS requirements and reduced transaction costs. Visit cardconnect.com for information.

THE OBJECTIVE With a mission to enhance the level of transactional data security across every payment location on Northwestern’s Evanston and Chicago campuses, CardConnect’s P2PE Solution simplified the University’s effort to comply with PCI DSS and their reconciliation processes have been sped up through automation.

Prioritizing customer data security… Why did Northwestern choose CardConnect’s P2PE solution? Partnering with CardConnect represented an opportunity for the University to enhance the level of payment security for Northwestern customers. CardConnect offers the University a proprietary point-to-point encryption (P2PE) gateway that is employed when integration occurs with any existing or new point-of-sale (POS) system on our campuses. This simplifies merchant efforts to comply with PCI DSS through point-to-point data encryption, reducing academic and administrative time spent on Self-Assessment Questionnaires (SAQs). Northwestern is able to quickly minimize data vulnerability to large numbers of locations by providing integrated P2PE/EMV-enabled equipment to securely accept in-person transactions and mail-in or phone orders.

What types of sales channels did you address with P2PE? Various Northwestern schools and units provide conference services, sales of goods and event tickets as the primary “sales channels.” Card merchants on both campuses now accept payments with secure P2PE terminals that also process transactions much faster than previous analog phone line installations. Arrow Arrow Payments, Payments a Chicago-based firm, helped us select and implement CardConnect to improve more than 50 locations with increased security of cardholder data, improved transaction speed, integration and reporting.

Why did you want to change your previous process? The needs and complexity of protecting credit card data have grown at an accelerated rate. Over the last several years, headlines in the news identify major corporations with sophisticated systems for data processing and management are being compromised. Northwestern recognizes its responsibility to our students, parents, alumni, faculty and staff to protect their sensitive financial information. Additionally, we strive to provide simple, functional and effective solutions for the University and its customers’ operational needs. Consequently, the decision to implement the latest P2PE technology across the institution, while working with our third-party service providers to upgrade their own technology, was one that required no debate.

CASE STUDY

Validated Point-to-Point Encryption (P2PE)™ Solution

Processor

Gateway

EMV +

TER MINAL

Full Transaction Management & Reconciliation Reporting Portal

Ingenico iSC 220 with CardPointe Retail Application

PCI-Certified P2PE

Tokenization Northwestern's Software VARs

Bolt P2PE

Gateway

Processor

Issuing Bank

+

Device & Gateway Integration

Ingenico iPP 320 with PANpad Application

What benefits have you realized in the time you’ve been up and running?

How did implementing this solution help with EMV rollout?

Northwestern is delivering solutions to our campus units allowing them to focus on education and research rather than on transactional data security. We have been able to replace paper-based reconciliation and reporting processes with efficient technologies that reduce errors and the amount of effort required in merchant locations on a daily basis. Every payment location on Northwestern’s Evanston and Chicago campuses has gone through a full discovery and scoping site visit process. Existing payment needs and vulnerabilities have been identified and addressed with continuous monitoring that accounts for changes in technology and security threats. We have secured more than 50 payment locations, from dining halls to the Registrar’s Office, with encryption and tokenization. On top of the security benefits, this has also made PCI DSS compliance much easier for us. New devices, integrations, online capabilities and changes to business process have allowed over 20 locations to eliminate paper forms and, perhaps most importantly, eliminated the perceived need to store physical cardholder data. Northwestern has been able to automate the reconciliation system, speeding revenue recognition, and reducing administrative time spent, while keeping the entire process centralized.

Arrow Payments Working with the Arrow Payments team, Northwestern continues to integrate and influence third-party software providers and realize the full benefits of P2PE and EMV technology.

What would you say to other companies that might be thinking of implementing a P2PE solution? For higher education institutions, P2PE can be incredibly helpful in securing vulnerable cardholder data and protecting campuses from a data breach. For those universities with diverse merchant communities, such as Northwestern, implementing P2PE can be a challenge since each operational unit may establish unique methods for processing payments that have become integrated into their operational workflow. Taking time to discover the process merchants use to currently accept payments and building a team of partners, vendors and experts will allow you to better determine how to best transition these merchants to P2PE solutions.

Maximize Security. Simplify Compliance. Point-to-Point Encryption (P2PE) is a trademark of PCI Security Standards Council.

Validated P2PE Solution Providers can be found on the PCI website at: http://www.pcisecuritystandards.org/p2pe

Payment Card Industry Security Standards Council, LLC www.pcisecuritystandards.org

Suggest Documents

Validated Point-to-Point Encryption (P2PE)™ Solution - Arrow Payments

Validated Point-to-Point Encryption (P2PE)™ Solution - Arrow Payments
Read more
Point-to-Point Encryption (P2PE) - PCI Security Standards Council

Point-to-Point Encryption (P2PE) - PCI Security Standards Council
Read more
P2PE Hardware/Hybrid Solution Requirements and Testing Procedures

P2PE Hardware/Hybrid Solution Requirements and Testing Procedures
Read more
P2PE Hardware/Hybrid Solution Requirements and Testing Procedures

P2PE Hardware/Hybrid Solution Requirements and Testing Procedures
Read more
ESG Solution Showcase: Commvault Announces a Validated ...

ESG Solution Showcase: Commvault Announces a Validated ...
Read more
P2PE - PCI Security Standards Council

P2PE - PCI Security Standards Council
Read more
THE MASYC GROUP HomeBuilder Sales Solution Validated ... - Oracle

THE MASYC GROUP HomeBuilder Sales Solution Validated ... - Oracle
Read more
Solution Brief: Commvault- Validated Reference Design Program for ...

Solution Brief: Commvault- Validated Reference Design Program for ...
Read more
THE MASYC GROUP HomeBuilder Sales Solution Validated ... - Oracle

THE MASYC GROUP HomeBuilder Sales Solution Validated ... - Oracle
Read more
Transparent Data Encryption- Solution for Security of Database Contents

Transparent Data Encryption- Solution for Security of Database Contents
Read more
validated

validated
Read more
ViPNet VPN as the Encryption Solution for IP Video Surveillance

ViPNet VPN as the Encryption Solution for IP Video Surveillance
Read more
Transparent Data Encryption- Solution for Security of Database ...

Transparent Data Encryption- Solution for Security of Database ...
Read more
A Specific Encryption Solution for Data Warehouses - Semantic Scholar

A Specific Encryption Solution for Data Warehouses - Semantic Scholar
Read more
Exact solution to simultaneous intensity and phase encryption with a ...

Exact solution to simultaneous intensity and phase encryption with a ...
Read more
Transparent Data Encryption- Solution for Security of Database ...

Transparent Data Encryption- Solution for Security of Database ...
Read more
A Biometrics Based Security Solution for Encryption and ... - IEEE Xplore

A Biometrics Based Security Solution for Encryption and ... - IEEE Xplore
Read more
formatcontrolling encryption using datatypepreserving encryption

formatcontrolling encryption using datatypepreserving encryption
Read more
Feasibility Study of Eband mmWave for Gigabit pointtopoint Wireless ...

Feasibility Study of Eband mmWave for Gigabit pointtopoint Wireless ...
Read more
Validated simultaneous multicomponent spectrophotometric ...

Validated simultaneous multicomponent spectrophotometric ...
Read more
Validated Polygraph Techniques

Validated Polygraph Techniques
Read more
Efficient Hybrid Encryption from ID-Based Encryption

Efficient Hybrid Encryption from ID-Based Encryption
Read more
Validated and comparative ele

Validated and comparative ele
Read more
Validated Therapies - CiteSeerX

Validated Therapies - CiteSeerX
Read more