With schools looking at services such as online communication and parent payment systems, what security issues do they need to understand and how can they reassure parents that they provide a safe and secure service? Martin Temple offers his advice
The importance of effective communication has been outlined time and time again in research findings, government strategy and Ofsted targets. To help students meet their potential, it is important to develop a strong channel of communication with each family.
In a relatively short space of time, technology has become ubiquitous throughout everyday life, which is why many schools have already embraced email and text messaging systems as an effective way to help improve communication with parents.
Alongside the move to electronic communication, schools are also looking at collecting payments electronically. According to the UK Payments Council, cash was replaced in 2010 by the card as the preferred payment method. This need has seen the growth of systems that enable parents to pay for things like school dinners and trips online or even via their mobile.
For schools, taking payments this way can reduce administrative workload, the need to count, securely store and bank cash, as well as improving the speed and ease of transactions between home and school.
However, when schools are evaluating these services it is important they understand the financial requirements and regulatory compliance behind these systems – as well as the important aspects of data protection and risk minimisation associated with using them.
Moving to collecting payments online can be quite daunting for those new to it, so how can you decide which system best fits your needs and those of your parents? Here are four key factors to consider.
Data protection
Data protection is an issue encountered by every organisation that stores and uses personal data. In a school, every staff member that handles data needs to be aware of their responsibilities surrounding data protection.
According to the Information Commissioner’s office, if you process or store information about identifiable, living people you are legally obliged to protect that information. In school, parents are often asked to complete a form to collect, for example, email addresses or mobile number, which is then held in the school management information system.
If you are then passing this data on to a third party system to use for communicating and/or collecting payments from your parents, the important question to ask is – do you have permission from your parents to pass the data on? If the answer is no or not sure, the school could be in breach of the Data Protection Act.
Remember, just because your provider is data protection-registered, does not mean they have the authority to use data passed to them; it is the school’s responsibility to obtain this.
However, when it comes to dealing with credit or debit card details, it is then not just an issue of data protection, it is an issue of controlling and minimising the potential risk of fraud, theft or misuse of this data – and this will apply whether schools are physically handling card details or not. Responsible service providers will train, help and advise you on what you need to do to reduce the potential for problems.
Financial accreditation
Suppliers of online payment services to schools will use a separate system known as a payment gateway and it is this service that parents enter their card details into for the payment to be processed.
These “gateways” must all be independently verified as PCI DSS (payment card industry data security standards) compliant and demonstrate that the services being used to pay for a trip or buy lunch is both safe and secure. PCI DSS compliance is proof that the organisation has taken steps to ensure that cardholder data remains safe electronically and physically.
Financial process and stability
Any school using an online payment service will need access to a merchant account. This is an account used to channel payments made by credit/debit cards to the school bank account. There are two types of distribution model:
1. Parents make payments online which are then paid via the school’s own merchant account directly into the school’s bank account; the school then distributes the funds to their different suppliers.
2. The school’s payment system provides the merchant account and automatically manages the distribution of funds for the school to its suppliers.
Choosing the best model for your school will depend on factors such as how many suppliers you have and the volume of payments you take. Schools should consider which method is most appropriate and ask questions of potential suppliers to make sure you get the right system.
As part of a school’s evaluation process you should ensure that potential providers are financially sound – to help make sure payments made by parents are not at risk.
Ask for a set of accounts and get a credit check to see what shape they are in before you sign with anyone – and if the service is being provided via your local authority, do not assume they have done that either.
• Martin Temple is operations director at ParentMail.
In a relatively short space of time, technology has become ubiquitous throughout everyday life, which is why many schools have already embraced email and text messaging systems as an effective way to help improve communication with parents.
Alongside the move to electronic communication, schools are also looking at collecting payments electronically. According to the UK Payments Council, cash was replaced in 2010 by the card as the preferred payment method. This need has seen the growth of systems that enable parents to pay for things like school dinners and trips online or even via their mobile.
For schools, taking payments this way can reduce administrative workload, the need to count, securely store and bank cash, as well as improving the speed and ease of transactions between home and school.
However, when schools are evaluating these services it is important they understand the financial requirements and regulatory compliance behind these systems – as well as the important aspects of data protection and risk minimisation associated with using them.
Moving to collecting payments online can be quite daunting for those new to it, so how can you decide which system best fits your needs and those of your parents? Here are four key factors to consider.
Data protection
Data protection is an issue encountered by every organisation that stores and uses personal data. In a school, every staff member that handles data needs to be aware of their responsibilities surrounding data protection.
According to the Information Commissioner’s office, if you process or store information about identifiable, living people you are legally obliged to protect that information. In school, parents are often asked to complete a form to collect, for example, email addresses or mobile number, which is then held in the school management information system.
If you are then passing this data on to a third party system to use for communicating and/or collecting payments from your parents, the important question to ask is – do you have permission from your parents to pass the data on? If the answer is no or not sure, the school could be in breach of the Data Protection Act.
Remember, just because your provider is data protection-registered, does not mean they have the authority to use data passed to them; it is the school’s responsibility to obtain this.
However, when it comes to dealing with credit or debit card details, it is then not just an issue of data protection, it is an issue of controlling and minimising the potential risk of fraud, theft or misuse of this data – and this will apply whether schools are physically handling card details or not. Responsible service providers will train, help and advise you on what you need to do to reduce the potential for problems.
Financial accreditation
Suppliers of online payment services to schools will use a separate system known as a payment gateway and it is this service that parents enter their card details into for the payment to be processed.
These “gateways” must all be independently verified as PCI DSS (payment card industry data security standards) compliant and demonstrate that the services being used to pay for a trip or buy lunch is both safe and secure. PCI DSS compliance is proof that the organisation has taken steps to ensure that cardholder data remains safe electronically and physically.
Financial process and stability
Any school using an online payment service will need access to a merchant account. This is an account used to channel payments made by credit/debit cards to the school bank account. There are two types of distribution model:
1. Parents make payments online which are then paid via the school’s own merchant account directly into the school’s bank account; the school then distributes the funds to their different suppliers.
2. The school’s payment system provides the merchant account and automatically manages the distribution of funds for the school to its suppliers.
Choosing the best model for your school will depend on factors such as how many suppliers you have and the volume of payments you take. Schools should consider which method is most appropriate and ask questions of potential suppliers to make sure you get the right system.
As part of a school’s evaluation process you should ensure that potential providers are financially sound – to help make sure payments made by parents are not at risk.
Ask for a set of accounts and get a credit check to see what shape they are in before you sign with anyone – and if the service is being provided via your local authority, do not assume they have done that either.
• Martin Temple is operations director at ParentMail.