This page contains a Flash digital edition of a book.
MANAGING ICT Online payment advice


Many schools are moving to online, school-to- home payment


systems. What must they consider about the security of such services?Martin Temple offers his advice


moving away from taking cash and cheque payments from parents, looking at alternative online systems instead. However, when dealing with people’s money,


F


schools mist ensure they are protecting parents and therefore themselves. There are three important factors in doing this.


Data Protection


All staff who deal with information – from databases to personnel records – need to be aware of the legislation surrounding data protection. In order to send messages and collect payments


from parents, schools or the systems need to gain particular details from them, which typically include names, email addresses and telephone numbers. These


or the majority of schools and parents, technology is now omnipresent across every aspect of everyday life, which is why many schools have already embraced email and text messaging systems to help improve how they communicate with parents.


As well as communication, some schools are


might be collected through an online form or an email asking parents to submit their details. The important question here is once you have


these details are you allowed by law to pass them on for a third party – such as the school communication provider – to use? For example, Mrs Taylor, parent of John in year


9, submits her email address to her son’s school by completing the school’s data collection form. The school records these details and then passes the email address on to its communication service provider so that it can be used for contacting Mrs Taylor about her son’s school activities. In this example, the process of passing the contact


details on is questionable when looking at data protection. If Mrs Taylor has not explicitly given permission, schools could be in breach of the Data Protection Act. The key here of course is gaining the approval to


use parents’ details directly from the parent – and some systems do this for schools. Schools can also check whether their chosen system


is data protection-registered in its own right – this shows that although they have the data they will not use it inappropriately and that they understand the implications of the Data Protection Act.


Financial accreditation


With recent data security breaches such as at CitiGroup, Sony and Lush, the security of card data is high profile. Today, those involved in collecting or recording


payment card details – including hardware/device manufacturers, software developers, as well as banks, service providers and merchants – must continually focus on safeguarding payment card data. You may have heard or seen PCI compliance


mentioned by many online companies. The PCI DSS (payment card industry data security standards) defines security policies and processes that ensure online payments are handled in a secure manner. PCI accreditation for online payments is akin to


drivers requiring a licence to drive a car. Without it, companies cannot collect and process card details,


which means that any system that collects and processes card payments on a school’s behalf must be PCI DSS- compliant. However, do not assume that security ends there.


Once the transaction has been processed through an accredited PCI DSS gateway, where does the money go and how is it safeguarded and allocated? To ensure that your money is sent to the right financial provider, and not a dodgy hacked website, it is important (but not mandatory) for companies behind the systems to be certified too.


Regulatory compliance


There are essentially two models that can be used to process payments: • Schools collect payments themselves, and these are paid directly into the school bank account (their system enables schools to process payments directly).


• The school’s chosen system collects parent payments on the school’s behalf and then distributes these funds to the school’s suppliers, such as the local authority, catering company etc. To give a practical example, a parent might purchase


a ticket online for the school concert (organised by the PTA) then a uniform item from the school shop (provided by the school), and then top-up their child’s dinner money (a catering company). With the first model, the school collects all payments


and then divides these out between the appropriate parties themselves using online banking, writing cheques or by making a BACS transfer. With model two, their chosen system would collect the money in one transaction and automatically allocate it to each supplier/group accordingly. Being involved directly in the flow of funds (model


two) means registering with the likes of HM Revenue and Customs and the Financial Services Authority (FSA) for payment processing and anti-money laundering compliance. This ensures companies and staff know how to spot money laundering, how to report it, and operate in a manner acceptable and understood by the FSA.


Once systems handle money directly for schools,


they need approval as a small payments institute (the term refers to the number of transactions not the value as they can handle very large payments). Tests and background checks are carried out on company directors, to ensure schools’ money is being transferred appropriately and legitimately. In this way, schools can be sure money is secure and their money is getting to where it needs to.


SecEd


• Martin Temple is operations director at ParentMail, a UK school-to-home communication and payment service.


Even better for schools… and even better for parents


ParentMail’s award winning, parental engagement service takes school-to-home communications to a whole new level.


Email Text


Payment Collection


School Dinners and Register


Tickets and Events


Consent Manager


Trips E-Shop


Absence Reporting


Calendar Subscriptions Fees and


With a single ParentMail accountparents can receive messages, calendar notifi cations, give consent and make payments to their school, nursery and every other club their children attend – all from their mobile or computer.


ParentMail 2, it changes everything.


Call us now for a demonstration on 0844 356 0000.


SecEd • May 3 2012


www.parentmail.co.uk


info@parentmail.co.uk Tel: 0844 356 0000


11


@


Free App for parents


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16