I recently found myself thinking that it was just two years ago when PA-DSS (Payment Application Data Security Standard) became “real” for many colleges and universities. Sure, the PCI standard was already in place. But it really hit home for many campuses when ERP vendors began changing the way their systems handled credit card payments.
The ensuing concern and confusion around PA-DSS was actually the reason I started my Toughey Talks Payments email blog. Big change normally brings big confusion and my goal was to add clarity (and a dash of sanity) to the PCI discussion. (See "Change Happens," "Does The Gray Matter?," or "There’s a Pony In There Somewhere.")
Two years later, I think it’s safe to say we can all see more clearly now. As it turns out, the PA-DSS initiative was a good thing, although it did cause some pain. Colleges and universities that adopted a “Move the (Pay) Button” strategy have taken the right steps to eliminate their ERP software from the rigors of PCI assessments. Move the Button is all about reducing your PCI scope by centralizing payment capabilities through a unified commerce management system. What’s more, as it helps you reduce risk, it also streamlines business systems and cuts operating costs.
Today, the Move The Button movement is still moving forward; what started as an ERP focus is now going campuswide. We know the job of data security is never done. It requires a dynamic process and ongoing vigilance to maintain compliance and guard against data breaches. One thing I know for sure is that we’re in much better shape today than just two short years ago. Congratulations on the great effort.