Lakehead University Improves PCI Compliance Processes to Avoid Fines and Breaches

August 3, 2021 - Lakehead University’s road to achieving and maintaining PCI compliance was a complicated but worthwhile journey. The first experience the Canadian campus had with PCI Compliance was a request from a merchant for them to attest to their PCI certification. University officials didn’t know where to start or where to look for help. After months of researching and investigating, they had more questions than answers. Eventually, they decided to test the market with an RFP to identify a Qualified Security Assessor (QSA), a professional who validates whether institutions adhere to a set of requirements known as PCI-DSS. With their help, institutions can process, store, and transmit credit card information securely to reduce the campus’ exposure and risk of costly breaches, heavy fines, and potential brand and reputational damage. Eventually, campus officials chose a QSA.

Under the supervision of their QSA, the university identified and remedied numerous issues that could have resulted in expensive breaches and fines. “The standard in the industry went from one where every merchant took an imprint of credit cards in order to process charges against the customer accounts and moved to one where the storing of that information was subject to penalties from the Credit Card industry,” says Patrick Larin, manager of financial projects at Lakehead.

Fast-forward to 2019, and Lakehead’s QSA had just announced his retirement. The public research university would have most likely launched another RFP to find his replacement, except campus administrators had such a positive experience when implementing TouchNet’s transaction solution, they decided to explore the company’s PCI-EZ solution, a combination of software and access to PCI subject matter experts.

“In 2019, we implemented PCI EZ, and it was one of the best solution implementations that I've been a part of in my 21 years at Lakehead University," says Larin. “If one of our employees comes to us with questions that we can’t answer, we have a place where we can go to get what we need. It’s similar to having a guard dog at home that can alert you to danger. If you have PCI management, you can come up with an answer when you need it.”

The importance of integration

Another major factor that helped Lakehead University choose TouchNet was that all of the company’s solutions truly integrate with multiple ERPs, including Ellucian Colleague. As a Colleague institution, this was important functionality to Lakehead University staff.

“Many vendors will say they integrate with your ERP no matter the flavor, only to find out that what they mean is you’ll have to key in all of the transactions manually,” says Larin. “With Colleague and TouchNet, you can believe the hype that they are truly integrated.”

Learn More About Lakehead University’s PCI Compliance Journey


Revised September 29, 2021