Project: Payment Card Industry Compliance Total 95

This system is now in production. Although this project is essentially complete, it will remain open to accommodate for applications that still need to transition.

Massey will partner with BNZ so that online card transactions can be handled inside BNZ’s secure environment, which removes the risk of Massey processing, storing or even seeing card details. 

How will this affect customer experience?

  • It should only add a few extra seconds to the online transaction process.
  • The customer will be transferred to BNZ to make the payment, then returned to the original site.
  • We are avoiding any significant changes to processes, work practices and customer experience.

Overview of progress

100%

Getting connected with BNZ

Outcome: A new interface connects applications used at Massey University and affiliated organisations with BNZ.

100%

Interface development

Outcome: The new interface can carry out all required tasks such as reporting, incomplete transaction monitoring, refund acknowledgement, and batch files for TechOne.

100%

Administration portal

Outcome: Administrators can use an ordinary web browser to carry out tasks such reporting, responding to incomplete transactions, and issuing refunds and receipt copies.

Who has transitioned?

The following applications or business units will transition to using the secure BNZ environment for online card transactions. Not all transitions will be managed by ITS. 

Massey Buyline will continue to be available to access historical information until 5 November 2017, and will accept new transactions until 5 November 2016 from applications that have not yet transitioned.

Yes

Shado

Core Massey application

Transition managed by: PCI Compliance project

 

Yes

SMS

Core Massey application

Transition managed by: SSS Unit

Yes

MyMassey

Core Massey application

Transition managed by: PCI Compliance project

Yes

The Massey University Press

Transition managed by: College of Creative Arts


Not transitioned

Alumni

Transition managed by: Alumni

Not transitioned

Space Between

Transition managed by: College of Creative Arts

Not transitioned

Ako Aotearoa

Transition managed by: Ako Aotearoa

 

A more detailed account

Why are we doing this work?

Massey University has been audited and found non-compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) for certain business processes and IT systems. PCI DSS compliance is mandatory for Massey University to continue accepting credit card payments. 

What are we doing?

Massey University has software (Massey Buyline) that negotiates credit card payments directly with BNZ systems. Although a large number of technical and other factors come into play, the key to providing PCI DSS compliance is to move this negotiation from Massey to BNZ.

The software replacing Massey Buyline has a technical interface similar enough to Massey Buyline to avoid the need for complex customisation of every Massey application that accepts card payments. The new system, the Credit Card Payment Orchestration System (CCPOS), passes the entire credit card portion of a payment to BNZ, sidestepping most of the considerable technical difficulties of achieving PCI DSS compliance.

What will change?

Most changes will only be of relevance to Massey Treasury, while the National Contact Centre and Accounts Receivable Students using CCPOS to access functions previously provided by Massey Buyline.

Persons making payments are unlikely to notice anything unusual, as the payment process is very similar to those used by countless e-commerce sites on the Internet.

The image below is an indicative representation of what is changing, including screen captures of the Massey Buyline and CCPOS payment pages. Please be aware that the payment pages are from test systems and small differences may exist compared with the ‘live’ systems.

PCI Compliance - changes

 

Contact the ITS Service Desk

Phone 06-356-9099 ext. 82111 (preferred method)

7:45am - 5pm, Monday to Friday
(excluding Public and University holidays)

Out-of-hours Support


AskIT Self-Service to log a request online (staff)

Email Service.Desk@massey.ac.nz

Full contact details


Other ITS Information

IT Services Dashboard (staff)

Forms

FAQs

Policies

ITS Site Tree


Your Feedback

Please email your comments, suggestions or complaints to us at: Service.Desk@massey.ac.nz.

Massey Contact Centre Mon - Fri 8:30am to 5:00pm 0800 MASSEY (+64 6 350 5701) TXT 5222 contact@massey.ac.nz Web chat Staff Alumni News Māori @ Massey