Lakehead University Improves PCI Compliance Processes to Avoid Fines and Breaches

August 3, 2021 - Lakehead University’s road to achieving and maintaining PCI compliance was a complicated but worthwhile journey. The first the Canadian campus heard of something called PCI was when they received a surprise request for them to attest to their PCI certification. University officials were not familiar with PCI and didn’t know where to start or where to look for help. After months of researching and investigating, they had more questions than answers. Eventually, they decided to test the market with an RFP to identify a Qualified Security Assessor (QSA), a professional who validates whether institutions adhere to a set of requirements known as PCI-DSS. With their help, institutions can process, store, and transmit credit card information securely to reduce the campus’ exposure and risk of costly breaches, heavy fines, and potential brand and reputational damage. Eventually, campus officials chose a QSA.

Under the supervision of their QSA, the university identified and remedied numerous issues that could have resulted in expensive breaches and fines. “I found handwritten records on both campuses from as far back as the 80’s of credit card information and expiration dates,” says Patrick Larin, manager of financial projects at Lakehead. “Personal student information was also being stored in unlocked filing cabinets in an unlocked building.”

Fast-forward to 2019, and Lakehead’s QSA had just announced his retirement. The public research university would have most likely launched another RFP to find his replacement, except campus administrators had such a positive experience when implementing TouchNet’s transaction solution, they decided to explore the company’s PCI-EZ solution, a combination of software and access to PCI subject matter experts.

“In 2019, we implemented PCI EZ, and it was one of the best solution implementations that I've been a part of in my 21 years at Lakehead University. If one of our employees comes to us with questions that we can’t answer, we have a place where we can go to get what we need. It’s similar to having a guard dog at home that can alert you to danger. If you have PCI management, you can come up with an answer when you need it.”

— Patrick Larin, Manager of Financial Projects at Lakehead University

The Importance of Integration

Another major factor that helped Larin choose TouchNet was that all of the company’s solutions truly integrate with multiple ERPs, including Ellucian Colleague. As a Colleague institution, this was important functionality to Lakehead University staff.

“Many vendors will say they integrate with your ERP no matter the flavor, only to find out that what they mean is you’ll have to key in all of the transactions manually,” says Larin. “With Colleague and TouchNet, you can believe the hype that they are truly integrated.”

Learn More About Lakehead University’s PCI Compliance Journey