Conversations with a skeptic: Data security is top priority

As the daughter of parents who own a Montessori school, I’ve been around independent schools most of my life. I’ve spent a lot of time up close to all the things that need to be done to make sure the school runs smoothly – from tours and meal planning to handling enrollment and tuition. It’s a lot of work (though, I don’t need to tell you that).  

In particular, tuition payments have always been an arduous task. Manual tuition payments require trips to the bank, follow–ups with parents for late checks, manual reconciliations, and more. And despite the rise in popularity of online payment solutions, many small independent schools still haven’t made the leap. Why? 

So, I turned to my dad, a Ron Swansonesque man, who happens to be the co-owner of a Montessori school. He is also an expert in information systems, and an uncompromisingly honest skeptic. His opinions come from a place of industry knowledge and experience. 

Enter this Conversations with a skeptic blog series, where I’m exploring the concerns he voiced in more detail and, most importantly, challenging them head-on.  

Check out the first post in the series to where I discussed the concern about how processing fees would impact their bottom line. 

The concern: The data dangers lurking online…

I had a feeling when I initially asked my dad about why more small schools don’t take advantage of online tuition despite its popularity, data security would be one of the first things to come up. And I was right. 

He’s spent a lot of time looking at data security online – everything ranging from digital payments to his arch–nemesis, social media. (I told you he was like Ron Swanson) Anyone who has looked closely at these things is perhaps rightfully trepidatious about doing anything online.  

Data security online is an incredibly broad topic, so for this post, we’ll look specifically at the measures your system of choice should have in place to protect consumer financial data online. In other words, how do you know your parents’ cardholder data will be safe when they pay tuition online? 

The challenge: Look for a safe payment processor. 

The first thing to look for in a payment processor is Payment Card Industry Data Security Standard (PCI DSS) compliance.  

Why? In short, this compliance means they’ve put in the work to keep cardholder data safe. That means you can trust them, and your families can trust your school to take their payments online. 

What is PCI Compliance? 

PCI DSS compliance means that your payment processor meets a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. To be considered compliant, a payment processor must meet the following 12 standards: 

1. Install and maintain a firewall configuration to protect cardholder data. 
2. Do not use vendor-supplied defaults for system passwords and other security parameters. 
3. Protect stored cardholder data. 
4. Encrypt transmission of cardholder data across open, public networks. 
5. Use and regularly update anti-virus software or programs. 
6. Develop and maintain secure systems and applications. 
7. Restrict access to cardholder data by business need to know. 
8. Assign a unique ID to each person with computer access. 
9. Restrict physical access to cardholder data. 
10. Track and monitor all access to network resources and cardholder data. 
11. Regularly test security systems and processes 
12. Maintain a policy that addresses information security for all personnel. 

Cardholder data security should never be taken lightly, and it’s important to stay vigilant. Working with a payment processor that has put in the work to meet PCI compliance standards is an important first step. TuitionPay uses Diamond Mind payment processing, the only payment processor designed specifically for K-12 schools with a long history of high-security standards. 

Keep an eye out for the next installment in the Conversations with a skeptic series, where I address our resident skeptic’s concern about the resources and training needed to manage an online tuition solution. My dad doesn’t quite have a secluded cabin in the woods, but he does always have a plan.