FOCUS
TouchNet Information Systems, Inc.
All episodes
Best episodes
Seasons
Top 10 FOCUS Episodes
Goodpods has curated a list of the 10 best FOCUS episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to FOCUS for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite FOCUS episode by adding your comments to the episode page.
08/02/22 • 21 min
The latest version of the Payment Card Industry Data Security Standard (PCI DSS) was recently released and higher ed institutions should start preparing to comply. Adherence to the new PCI DSS 4.0 will require colleges and universities to update how they manage PCI compliance campuswide. To outline the major points of the new standards and how to approach, FOCUS podcast invited Walid Barakat to share his expertise on the subject. Barakat is the senior vice president of IT governance, risk, and compliance at Global Payments, where he and his team are responsible for PCI compliance, merchant compliance, IT risks, and cloud business.
What is PCI DSS 4.0?
Like past standards, PCI DSS 4.0 is a set of payment security regulations for organizations (merchants) that process transactions with payments cards. Merchants are partnered with an assessor to understand the maturity level of their security and advise in ways to strengthen security programs. PCI DSS 4.0 is a complete rewrite of the existing 3.2.1 standard, created with feedback from the PCI community. Requirements have been restructured to include the intent behind them and how to validate them. With this fresh new look at security standards, the goal of PCI DSS 4.0 is to ensure security year-round.
“There are some new requirements to really drive best practices, recommendations, and enhanced accountability for organizations to maintain compliance year-round,” said Bakarat. “Not just when it's time for the assessment, or working directly with an assessor.”
What institutions can expect
The latest version of PCI standards includes clearer requirements, more testing guidance, and the opportunity for institutions to work with an assessor to tailor the validation approach to their unique environment. The new regulations place greater ownership on merchants, encouraging campuses to review their security posture to see how controls are being met.
When it comes to the timing of PCI DSS 4.0 implementation, institutions are offered a multi-phase approach. The first phase begins in March 2024 with a small set of requirements focused on defining roles and responsibilities and higher-level risk posture. This will set them up for remaining requirements that will become effective in March 2025.
Institutions will need to minimize their security profile, which can be done with multi-factor authentication (MFA). Ensuring that MFA, appropriate security controls, and firewalls are properly in place and documented minimizes the scope and threat vector for PCI assessing and overall security risk.
The PCI Council has made PCI DSS 4.0 available to the public, which means anyone who accesses the council website can easily confirm how they’ve been using documentation, see a comparison to prior standards, and see published awareness documents and FAQs.
The importance of assessors and ISAs
Barakat suggests two ways for institutions to go about processing PCI DSS 4.0 and moving towards compliance. The first is to take advantage of the time between now and 2024 to partner with the assessor to understand what the current security posture is and take their guidance under consideration. The assessor will be able to show institutions where they might need to provide additional emphasis and maturity in controls.
The second approach is training current staff members to become internal security assessors (ISAs). With an ISA, institutions are able to have someone who already knows the ins and outs of systems be trained by the PCI Council’s program to understand standards, the overall PCI process, and what is needed for reports on compliance. The council will also offer free PCI DSS 4.0 training to all ISAs, making it even easier for compliance to take place.
Final advice
Barakat’s final advice to colleges and universities is to always have defined roles and responsibilities among staff and make sure everyone is able to understand how their daily tasks add to compliance. He also advises institutions to make good use of documentation for more streamlined assessments. A transparent relationship with the assessor and listening to their guidance throughout the entire year are also key. Find additional resources on PCI DSS 4.0 here.
Looking for tips on how to build a strong PCI foundation? Download TouchNet’s PCI Explained eBook for an introduction to payment card terminology, how payments are processed, and best practices in building resources and processes vital to streamlining PCI compliance.
Special Guest: Walid Barakat.
10/31/23 • 24 min
As higher ed institutions continue to evolve to offer more cashless payment solutions, automated clearing house (ACH) payments are becoming more popular. This week, Brad Smith, senior director of industry engagement and advocacy at Nacha, joins FOCUS to discuss the benefits of ACH payments for campus transactions. Learn more about ACH payments on campus, Nacha, and efforts to update the ACH rules for better risk management in the network.
What are ACH payments?
ACH payments are direct transactions involving a bank account. Most online payments attached to a bank account number are ACH, which allows transactions to be reflected to the account in near real-time. ACH payments are popular with different merchants because of the lower fees compared to other payment methods, reliability, and security.
“If you get paid by direct deposit, you know what the ACH network is,” said Smith.
In 2022, 30 billion transactions were made through the ACH network totalling $76.7 trillion. Business-to-business payments through same-day ACH saw a 44% growth in 2022, and in the first quarter of 2023 alone, same-day ACH transactions grew by 94% compared to first quarter of 2022.
Institution implementation
As Smith explains, ACH is most practical when used for large payments. ACH may not make sense for smaller purchases like at campus stores, sporting events, or dining halls. However, opportunities exist for ACH to be used for tuition payments, payroll, and business-to-business payments for accounts receivable and accounts payable.
Nacha’s role in ACH payments
Nacha owns and manages rules for the ACH network. Merchants, also known as ACH originators, enter an originator agreement with their bank, credit union, or third party processor, like TouchNet, to follow a specific set of standards to comply with. New rules are highlighted on the Nacha website.
For institutions implementing more ACH payment options on campus, Nacha is also working on a suite of tools to help educate students, parents, and vendors on why ACH is a good option.
Avoiding fraud
According to Smith, risks for fraud in regards to ACH do not vary greatly from other payment methods. The trend now is vendor impersonation. For example, a bad actor will call a staff member acting like a vendor who needs to change banking information. Next thing you know, payments are going to the bad actor instead of the actual vendor.
To help, Nacha provides a risk framework for partners that helps merchants address fraud. The first part of the framework are strict rules to set a solid anti-fraud foundation, which now includes a provision to validate transactions without needing to give out routing and account numbers. The second part is the operating guidelines that show merchants how to apply the rules to their processes.
Nacha recently rolled out new supplemental data security requirements to ensure data is secure while it’s at rest. This means that account information is unreadable, deleted, or masked properly any time ACH data is not being used. Third party vendors also held to the same standards as ACH originators to keep security a priority.
Best practices
As previously stated, the best opportunities for institutions to use ACH to reduce costs and increase efficiencies are for tuition, payroll, and business to business with vendors.
Smith believes one of the ways to stay vigilant against fraud is to continue education on the latest trends. This can be managed with an institution’s relationship with their bank or processor and completing regular training to stay up-to-date on compliance and fraud trends. There are also different organizations that offer training to colleges and universities on the latest ACH rules, risk courses, and audit courses.
Learn more about ACH rules and alleviating risk at www.nacha.org/rules/new.
Special Guest: Brad Smith.
06/13/23 • 33 min
As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week’s episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards.
Verizon in cybersecurity?
On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant.
Data breach investigations report (DBIR)
Verizon’s most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It’s seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR’s framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments.
“We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson.
The DBIR’s findings are published annually to the public, with 2022 marking the 15th publication.
Trends
In Davidson’s observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data.
System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes.
Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption.
Protecting institutions
One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing.
Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities.
Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call.
Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security.
Resources from episode:
Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/
Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/
Contact Sean Davidson at [email protected]...
10/11/21 • 37 min
Heather welcomes David Mainenti, AVP of enrollment, finance and compliance at Long Island University. He shares his strategy for using payment plans to set students up for success.
Special Guest: David Mainenti.
Troy Leach, senior VP and engagement officer at PCI Security Standards Council gives Heather some insights about the new strategic framework that has been put into place for PCI compliance.
Special Guest: Troy Leach.
06/27/23 • 38 min
With all the high-tech innovations coming to campuses, it’s easy to overlook the need for a human factor in the spirit of transformation. Joe Abraham, operating partner at Beyond Academics, recently joined the FOCUS podcast to weigh in on how to encourage innovation by understanding teams through the lens of entrepreneurship. Abraham is also the author of Entrepreneurial DNA, which explores four entrepreneurial archetypes, and shares how each applies to higher ed. By understanding your team’s entrepreneurial DNA and build a team strategy with those strengths in mind, Abraham says we can see that the real key to innovation in higher ed is not technology, but the human factor.
Beyond Academics
As Abraham explains, Beyond Academics operates in three parts. The first is research and development into what the future holds for higher ed and how entrepreneurial behavior will affect the college enterprise. From the conclusions found in this research, Beyond Academics consults campuses in need of help developing and executing new strategies.
“What we try and teach schools is look, figure out who you are, who are your people, and let's build strategy around you. Rather than trying to be someone you're not,” says Abraham.
The final component of the operation is finding innovative tech companies to invest in and bring into Beyond Academics’ partner program to advocate for in the ed-tech space.
Entrepreneurial DNA
In Abraham’s book, he uses the BOSI model to categorize the four types of entrepreneurial DNA present across all people. This breaks down into having builder, opportunist, specialist, or innovator traits. He applies the BOSI model across institutions to gain a better picture of higher ed’s entrepreneurial makeup.
Builders are focused on scaling a business fast and account for around 15% of staff in higher ed. Success for them is measured by infrastructure — which when applied to higher ed, could mean payroll and available square-footage on campus.
Opportunists make up around 6% of people in higher ed and are money motivated. They tend to take high risks for high rewards and are natural promoters for what they are passionate about.
Specialists are the most common in higher ed and found in 58% of staff. They are experts at what they do, consistent, and work hard to build a reputation for their institution. Specialists are the opposite of opportunists.
Lastly are innovators, who are driven by a mission or purpose and the inverse of builders. They want to change their industry and see how their work impacts people. Innovators make up 21% of higher ed staff.
DNA for greatness
There are three principles for how a campus’ entrepreneurial makeup can be applied to strategy: individually, at a team/management level, and institutionally. Communication is key to create success at all levels. Abraham finds that grouping opposite DNA types can create a balance of behaviors in team dynamics. Each type has its strengths, which can be the perfect complement to another type’s weaknesses.
Know your archetype
Abraham’s BOSI assessment is available for free, or for a small fee for team use. With these DNA types, institutions can learn how to set their teams up for success, which in turn will set a solid foundation for encouraging innovation.
Learn more about BOSI here: https://www.youtube.com/watch?v=_gYe7KlqFMo
Get a copy of Entrepreneurial DNA here: https://www.amazon.com/Entrepreneurial-DNA-Strengths-Successful-Business/dp/0071754512
Special Guest: Joe Abraham.
10/17/23 • 30 min
On this episode of FOCUS, Doug Vanderpoel joins from Mount Holyoke College to share insights into how his institution uses the TouchNet OneCard Campus ID system to enhance the campus experience. From student ID management to ensuring campus safety and smart data monitoring, Mount Holyoke College has developed numerous unique and innovative uses for their OneCard system.
Mount Holyoke College
Mount Holyoke College, the oldest women’s college in the U.S., was established in 1837 in South Hadley, Massachusetts. It is home to over 2,000 students and 80 major buildings across the campus’ 800 acres. The college is a longtime TouchNet client, having implemented nearly every solution offered in the past 25 years. Most notable is the OneCard system, which Mount Holyoke has tailored to meet a wide range of needs.
An Integrated Campus ID Program
OneCard simplifies the student experience on campus. Students at Mount Holyoke use OneCard for their student ID, access to dorms and other campus buildings, meal plan swipes in the dining hall, tickets to events, vending, tracking packages, and even for POS transactions.
After the school got the initial functions of OneCard up and running, they sought more ways to integrate it into campus life. Most recently, they’ve partnered with USEFULL, a TouchNet Ready Partner, to provide reusable takeout containers in the dining hall, which are monitored and paid for through OneCard. The campus also has 24/7 coffee machines that are integrated with OneCard, so students can use their ID for payment. Faculty can even use their IDs to activate the institution’s gas and fuel stations to fill up the institution’s fleet vehicles.
Integrated safety measures
The safety of students is paramount to Mount Holyoke College, as is evident in the measures they take to monitor access to dorms and buildings with OneCard. Mount Holyoke uses the system to grant or deny access to specific areas of the campus at any given time based on predetermined criteria, and on case-by-case situations if needed. When the school hosts conferences, attendees are given limited access with a visitor ID through OneCard for entry to the dining hall, presentation areas, and on-campus lodging accommodations for the duration of the conference.
Mount Holyoke has also connected various sensors with the Master Security Monitor feature of OneCard to detect irregularities at sensitive places on campus. The system alerts campus staff when emergency showers and eyewash stations are used in labs, sensors are tripped in the art museum, and even when there is unexpected motion around the on-campus horse stables.
Additionally, Mount Holyoke has connected panic buttons to the system as well for students and faculty to contact public safety in the case of emergencies. These panic buttons are also placed across campus in areas like the HR department, cash POS locations, practice rooms in the music department and more. If a button is pressed, public safety is notified immediately to respond to the location.
OneCard as a data source
The OneCard system is constantly gathering data, which Mount Holyoke decided to put to work in making informed decisions. It has given valuable insights into student behavior surrounding meal plans, dining hours, and dormitory capacity. The integration of the system with POS systems also aids in tracking popular food items, easing the product ordering process. Additionally, the ability to generate reports on dormitory usage and visitor patterns helps optimize campus resources.
The key to implementation
Having the right partner can make all the difference when setting up a system like OneCard. Listening to your teams and being communicative is one of the easiest ways to gain faculty and student adoption.
“Just build good relationships and listen to people's issues and problems and know your system and understand that you can have an effect on that,” said Vanderpoel.
As Mount Holyoke stands to prove, OneCard can be used in countless ways across campus. With the right approach and the right team, your institution can unlock the full potential of technology to enhance the overall student experience.
Special Guest: Doug Vanderpoel.
During this week’s episode of FOCUS, Fredderick Simmons discusses how Portland Community College (PCC) is bringing together siloed services to create a powerful one-stop shop for student success. Simmons is the Student Account Services Manager, overseeing PCC’s relationships with Ellucian Banner and TouchNet. Since PCC’s recent administrative reorganization, the school has put bettering student services at the top of their priorities with the “One Together, Together One” model. Simmons shares insights on the model and what steps PCC has taken towards greater student success.
Unified for better student services
Portland Community College serves students across four campuses in the Portland area. Until recently, each campus operated under its own president and budget, reporting to the district president. To create a unified student experience, PCC restructured to bring the four campuses under the leadership of one president, currently Dr. Adrien Bennings.
PCC has since adopted a “One Together, Together One” model to re-engage and reshape their community. The initiative takes an all-hands-on-deck approach to support student success, extending to all departments, including student accounts services, financial aid, enrollment, and more.
“You want to make sure that students are prepared in the classroom, and it's our job and our responsibility to make sure that they are financially settled outside of the classroom,” says Simmons.
On-site flex schedule
Part of PCC’s new ideology extends to staffing. The institution wanted to find a way to serve students the best they could, while allowing faculty to have a hybrid work environment when possible. The answer came in the form of on-site flex scheduling, which uses account service data to identify three peak weeks each semester where students need increased on-campus faculty presence. The data showed the days and weeks that saw the most in-person student visits and made it possible for PCC to confidently maintain in-person office hours Monday-Thursday, while being remote-only on Fridays. Students are able to have their questions answered in person when they need it most, while faculty can enjoy a hybrid workplace outside of those three weeks.
Zoom Rooms
Staying true to PCC’s new model, the way the institution communicated with students in need of help also needed an all-hands-on-deck update. As Simmons puts it, students want instant service. With Zoom Rooms, students can reach out to chat during business hours for immediate aid. Account service providers can then get on a Zoom call with students or transfer them to another department without having to start over with the chat’s archive function.
A resource beyond payments
The student accounts team at PCC is also focused on serving students beyond taking payments. Simmons shared their vision is to be more involved during student orientation to provide educational resources on financial management skills by coaching students on budgeting and financial responsibility. Additionally, he hopes to better serve their ESOL students by considering the makeup of the student population while staffing the department.
Looking forward
As PCC continues to evolve their one-stop shop, Simmons is also excited about implementing TouchNet’s newest solution, Student Account Advisor. This tool will further advance the one-stop shop mentality in the Answer Center by retrieving student account data regardless of which department it’s stored in, so staff can have all the information they need to advise students successfully. Simmons believes the tool will break down barriers that both students and faculty experience, creating a better process.
Simmons also shared what’s next for the institution. Currently, the enrollment and orientation processes are being re-imagined to be more hands-on so students have more access to staff. Overall, Simmons says the school wants to be more mindful of the population they serve and strategize how to eliminate barriers in enrollment so more students can have the experience of “One Together, Together One.”
Special Guest: Fredderick Simmons.
05/16/23 • 32 min
This week on FOCUS, we’re joined by Rob Sparks, Senior Vice President of Corporate Strategy and Partnerships at Anthology, to discuss how creating intelligent experiences can support student success. Sparks is responsible for supporting Anthology’s corporate and global strategies, identifying new opportunities, overseeing their integrated partner ecosystem, and computer information science (CIS) market penetration. With more than 25 years of experience in the higher ed tech industry, he shares the mission of Anthology, how they create more intuitive solutions with data, the keys to successful partnerships, and upcoming trends in the ed-tech industry.
Inside Anthology
Anthology strives to create an infinite world of learning without boundaries through data-informed higher ed experiences. The company offers enterprise-level technology including student information systems (SIS), customer relationship management (CRM), learning management systems (LMS), and more to 150 million users in more than 80 countries. After combining with LMS provider Blackboard last year, Anthology is now integrated with 370 campuses worldwide. Anthology’s key to creating this inspiring new world of education is putting the learner at the center of the experience, then giving instructors and administrators the tools and insights necessary to empower the learners they serve in their community.
Data-driven experiences
At Anthology’s user conference last year, the company launched the concept of intelligent experience. Their goal is to find an efficient way to monitor the success of students by finding moments of intervention or interaction for at-risk students. With the integrations between their LMS, Blackboard Learn, and their CRM known as Anthology Reach, the data tied to students would be able to notify instructors of missed assignments and allow them to help the student get back on track.
“The definition of an intelligent experience is finding ways to use data to actually optimize on creating an action or an outcome that changes the behavior and the experience for the individuals involved,” says Sparks.
This data-driven experience also extends into student financials and the ability to provide informed predictions for student progression and retention based on student records. The data highlights critical factors that impact the likelihood of individuals succeeding.
Creating successful partnerships
Sparks shares that the key to Anthology’s success in building partnerships with campus service providers is their ability to facilitate an open ecosystem that allows institutions to have choice. This open ecosystem creates more impactful and effective solutions through a multi-tiered approach — providing partners with the proper tools, resources and support to optimize integration.
In relation to the success of Anthology’s partnership with TouchNet, Sparks gives credit to open communication. The approach was to engage as early and often, looking up to each other as a trusted advisors. This dedication to engagement creates a more entrepreneurial relationship, where both companies can be focused on accelerating growth together.
Next in ed-tech
This July, Anthology is holding their Anthology Together conference in Nashville. There, institutions can learn about how to build successful partnerships to be a unified front to take on the challenges facing the ed-tech industry. Details can be found at https://www2.anthology.com/together
Special Guest: Rob Sparks.
11/03/20 • 38 min
Lindsay Wayt, NACUBO’s director of analytics. We’ll be discussing the ways higher education institutions can use data to help them pave the way to a successful future.
Special Guest: Lindsay Wayt.
Show more best episodes
Show more best episodes
FAQ
How many episodes does FOCUS have?
FOCUS currently has 52 episodes available.
What topics does FOCUS cover?
The podcast is about Higher Education, Security, Compliance, Podcasts, Technology and Education.
What is the most popular episode on FOCUS?
The episode title 'Episode 706: Extending Student Success Beyond the Student Finance Office' is the most popular.
What is the average episode length on FOCUS?
The average episode length on FOCUS is 29 minutes.
How often are episodes of FOCUS released?
Episodes of FOCUS are typically released every 14 days.
When was the first episode of FOCUS?
The first episode of FOCUS was released on Jan 21, 2020.
Show more FAQ
Show more FAQ