Credit card card processing app saves the U time and money
UIT's University Support Services (USS) recently deployed a single University Credit Card Processing (UCCP) application for online transactions that's expected to save significant money and administrative effort.
A decade ago, the landscape of online credit card processing at the University was wide open, according to Marc Thompson, software design engineer in USS.
Income Accounting established online credit card processing at the University in 2002, starting with tuition payments. Within a couple of years, more than a dozen University units were building their own credit card processing and shopping cart applications.
"It was a security challenge and difficult to manage," Thompson said.
Compounding the maintenance and security headache, each custom application fell into Payment Card Industry Data Security Standard (PCI DSS) scope.
Any organization that allows customers to purchase products or services with a credit card places it in PCI DSS scope, and each "in scope" application required the University to pay thousands of dollars in annual bank and credit card company mandated audits and PCI penetration tests. Penetration tests are designed to exploit security weaknesses in a given system or application.
Hired out to third parties and charged back to the individual departments, these expensive and resource-intensive requirements reaped few rewards.
In early 2015, Thompson approached UIT's Finance Department with the idea of consolidating all of the disparate applications into one, on a single secure network. The single application would continue to use the University's payment management system platform CyberSource. Finance and IT governance signed off on the proposal. Beta testing began this past March and the UCCP application went live in April.
Since the launch, the application – currently used by more than 200 active online store fronts – has processed more than 51,000 receipts.
"The savings aren't just the dollars spent in [penetration] testing, we’re talking about resources, too," said Product Manager Jan Lovett.
The UCCP application allows Income Accounting to view purchase histories and payment receipts while no longer relying on a developer to do simple tasks like adding a new user to the system.
"With one click, they can activate an account," Thompson said.
Administrators have assumed content management responsibilities as well, such as changing the wording of post-purchase emails sent to customers or swapping out header images that appear on the confirmation page.
"From an Income Accounting standpoint, the administration is a whole lot easier and administrators have more real-time data than they had in the past," Thompson said.
Previously, if a card was denied, it wasn’t clear why. Thanks to real-time PeopleSoft data, administrators can now identify the cause, i.e., the credit card expired or the purchase exceeded the credit limit. Administrators can also export and analyze a variety of reports, while end users can view same-day purchase receipts.
Lovett said the UCCP application wouldn't have been possible without the collaboration of several groups in UIT, including USS's Content Management and Usability Team, and University partners like Income Accounting.
"It really was a big team effort," Lovett said.
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.