eCommerce Payment Acceptance Project launches

    August 20, 2020

    Summary

    The University is launching the eCommerce Payment Acceptance at Yale project (Project ePAY) to drive the implementation and management of an e-commerce platform for the University. The purpose of this project is to standardize credit card payment acceptance, processing, and reporting across the University to meet Payment Card Industry Data Security Standards (PCI DSS).

    Details

    Departments currently accepting credit card payments are required to meet credit card acceptance standards mandated by the Payment Card Industry Data Security Standards (PCI DSS). Compliance reporting and administration can be effort and time-intensive for the individual departments and the University. These efforts are compounded by a current e-commerce landscape of up to 300 Merchant ID’s and different credit card processing systems across the University.

    As our credit card transactions increase, our PCI DSS compliance requirements will become more complex. Compliance with PCI DSS is critical to our ability to accept credit card payments. Last year many of your departments participated in discovery meetings led by Mercator, an outside consultant. From this discovery, we learned that we needed to consolidate and standardize our e-commerce platform to ensure the University has a scalable, efficient, and compliant payment acceptance solution that will meet its current and future needs.

    Underway since July 2020, and continuing over the next 18-24 months, Project ePAY will develop and implement an e-commerce platform that is PCI DSS compliant and meets departments’ credit card processing needs. To support this project, the University has engaged TouchNet, a leading provider of integrated, comprehensive, and secure e-commerce solutions for colleges and universities. For all departments and business operations (not using EPIC), we will leverage TouchNet’s Marketplace product to build our e-commerce platform. TouchNet will work with the project team to develop solutions that will:

    • standardize hardware and software solutions across the University
    • simplify our cardholder data environment to achieve a state of continuous PCI compliance, avoiding future increases in administrative requirements
    • enhance accurate reporting in Workday where transaction details can be reported by COA
    • strengthen the Yale brand by improving the customer experience at point-of-sale
    • improve support capability for the departments’ credit card processing needs
    • streamline the process for departments needing one-time or ongoing credit card processing

    For departments using EPIC, including Yale Medicine, the project team will collaborate with Yale New Haven Health (YNHHS) to:

    • Establish EPIC credit card payment processing procedures
    • Implement software that will reduce applicable PCI DSS compliance controls for their call centers

    The University will also soon be announcing an E-Commerce Manager that will:

    • Coordinate PCI DSS compliance efforts across departments, IT, Finance and TouchNet
    • Provide e-commerce support to departments
    • Serve as a liaison between the University and YNHHS for all PCI DSS compliance issues

    The project team will work with each department to assess their credit card processing environment, deploy a solution tailored to their needs, and determine the timing for their deployment. While the project plan is still being finalized, we expect the phases to deploy as follows:

    • October 2020– December 2020
      • Departments who have volunteered and are currently without an eCommerce or credit card acceptance capability
    • January 2021– December 2021
      • Departments that currently have or need an eCommerce solution
    • July 2021 -June 2022
      • Departments with or needing Point-of-Sale solution

    We will work with your department to determine the best time period for your department. Please email ePAY@yale.edu if you would like to volunteer for earlier deployment timing or to identify any timeframe we need to avoid in deploying the new solution for your department.

    FAQs

    My department currently accepts credit card payments, but needs a new system or upgrade; who do I contact?

    Departments that are considering a new solution must contact ePAY@yale.edu as soon as possible before selecting a new system or finalizing any agreements. Our objective is to standardize credit card hardware and software; therefore, deployment of the TouchNet solution to your department will be within the scope of this project.

    My department does not currently have credit card processing capability but needs (or will need) a solution, who do I contact?

    Any department needing one-time or ongoing credit card processing should contact ePAY@yale.edu.

    Questions about the Project?

    Contact ePAY@yale.edu with any questions regarding this project.