University of St Andrews a successful journey to PCI DSS compliance

roller-coaster-2St Andrews, founded in 1413, is Scotland’s first university and the third oldest in the English speaking world. Over six centuries it has established a reputation as one of Europe’s leading and most distinctive centres for teaching and research.

As the planning for their 600th Anniversary celebrations gets underway, they are now contemplating and planning for a future worthy of their past, whilst taking time to reflect on the changing environment they inhabit, on the role of universities in the digital age and a globalised economy.

Dr Louise Richardson, Principal and Vice-Chancellor, explains: “as teachers we will reflect on how best to prepare our students to respond to the ethical and practical dilemmas posed by the dizzying pace of technological change. As an institution, we will reflect on how best to position ourselves to compete in a global market without losing our essential local character”

The importance of reliable and flexible payment methods

Eric Gillespie, Finance Operations Director, says: “Our current student body comprises around 7,500 students of which some 5,000 are undergraduates, including several hundred visiting students. The majority of our students are from the UK but almost 30% come from international backgrounds and altogether represent over 100 countries. The university has a responsibility to provide consistently flexible and reliable payment methods. All payments are essentially made online through the WPM Education (WPM) system for tuition and accommodation fees, sports centre subscriptions, library charges and print credits.  Selecting partners that share our vision is essential to our success.”

Why we chose Barclaycard

Eric Gillespie, who has been with the organisation for 25 years, explains his needs and reasons for choosing Barclaycard and WPM as a preferred suppliers.

“We are responsible for providing our students with quick, easy and efficient methods of payment, which ultimately impacts on our own service levels. We need to ensure that our students and staff are provided with the best possible standard of service across the university.”

“Barclaycard has a long standing reputation for providing top level card payment processing services and thought leadership in supporting businesses with the Payment Card Industry Data Security Standard (PCI DSS). WPM was one of the first European e–payment service providers to achieve enterprise–wide PCI DSS accreditation back in 2008 and provides online payment services to over 90 UK universities and colleges. The University of St Andrews looked to both organisations for assistance in the development and deployment of their payment systems and enterprise security policies.”

Benefits to the University

Since implementing WPM and Barclaycard’s card payment processing services, the university has witnessed substantial benefits. These include:

• Ease of administration: management information tools allow treasury and finance staff to access details about transactions on request, quickly and efficiently.

• Increased customer service: WPM Education’s bespoke online payment solutions improve customer service and increase efficiency in a way that is easy to implement with minimal impact on staff.

• Increased revenue and improved cash flow: WPM provides the university with the tools to expand their product and service offering whilst dramatically reducing the costs associated with processing payments online.

• Barclaycard’s ability to deal with queries promptly, their helpfulness and flexibility has clearly demonstrated their ethos as a supportive acquiring bank.

• The dedicated support of a personal Relationship Manager, in addition to day to day assistance from Barclaycard’s client support and Payment Security teams.

Keeping card payments secure

With over 45% of payments taken by card, The University of St Andrews needs to be confident that payments are processed in a timely, responsible and secure way. In addition, The University of St Andrews decided to stop offering Direct Debits in favour of recurring transactions because of the greater flexibility and control that these offer.

Furthermore, and because of The University of St Andrews’ international recognition, 66% of online transactions now support Dynamic Currency Conversion (DCC), benefiting The University of St Andrews and students alike.

Impressive Customer service

The University of St Andrews has been impressed not only with Barclaycard’s high-level of experience in card payment processing and payment security, but also with their high level of customer service and their constant endeavour to always to provide a solution. As Eric Gillespie explains: “Being one of the first organisations to implement Software as a Service (SaaS) jointly with WPM and Barclaycard, the PCI DSS journey did not start as an easy one. The support that Barclaycard provided with the development of our security policy was invaluable and their work in partnership with WPM led to the recognition that the SaaS model, as deployed by WPM, was recognised in the industry, leading to The University of St Andrews (and all WPM customers) not being asked to perform network vulnerability scans, thus simplifying their compliance efforts.”

“The benefits we enjoy as a result of using WPM and Barclaycard’s payment processing systems, combined with the high standard of service provided, make them the ideal payment partners. Barclaycard and WPM are always proactive, continually helping us to enhance our payment offering, and ensuring our compliance with industry standards.”

Eric Gillespie concludes: “Barclaycard and WPM really understand the issues faced by organisations operating in the education sector, and have a firm grasp of the challenges we face. Barclaycard has been immensely helpful in making sure that our card payment services meet strict industry standards such as PCI DSS (Payment Card Industry Data Security Standard), which in turn means that we can continue to provide safe and secure payment services for our students. I would thoroughly recommend both Barclaycard and WPM to anyone looking for a similar service in the education sector. We believe that all organisations should be security conscious and protect the information entrusted to them.”

Neira Jones, Head of Payment Security, Barclaycard comments: “The onus is continually on organisations to provide high levels of security to their customers. Becoming PCI DSS compliant and embedding an information security culture within an organisation will give businesses a competitive edge over other organisations and in the coming months we will be working with more of our clients to assist them in reaching compliance standards as well as deploying new technologies that help secure the payment value chain.”

Barclaycard   Tel: 0844 8116666   www.barclaycard.co.uk/pcidss