All online payment processors, such as PayPal, are regulated by the relevant governing bodies to ensure security and protection to their consumers, and school online payment providers should be no different.

We all know the importance of secure online payments, but what measures should providers have to ensure payment security for UK schools?

Look for several regulatory bodies and frameworks in your online payment provider. We're explaining why the likes of; the Financial Conduct Authority (FCA), PSD2 framework, PCI DSS compliance, and ISO 27001 are essential for your school's online payment platform.

What is the Financial Conduct Authority (FCA)?

The Financial Conduct Authority (FCA) is a UK financial regulatory body that oversees 56,000 financial services firms and financial markets. They are responsible for securing protection for consumers, protecting and enhancing the integrity of the UK financial system, and promoting effective competition in the interests of consumers.


Why is FCA regulation necessary for schools?

Most importantly for schools, an FCA-regulated online payment platform means that parents remain protected under the FCA. Currently, business consumers that the FCA does not regulate do not have recourse to the Financial Ombudsman Service, an independent dispute settlement service.

Think of this assurance as booking a holiday that is ATOL protected. You wouldn’t risk booking your holiday without it, just like you should not risk your school's online payments by partnering with an unregulated supplier.

In addition to security concerns, companies not regulated by the FCA are not obliged to conform to their regulatory framework, which means they do not comply with the process standard for dealing with online payments, which is where the Payment Services Directive (PSD2) comes in.

PSD2 - Protection for parents

The Payment Services Directive is a European directive brought to ‘improve consumer protection, and make payments safer and more secure.’ It means that all FCA registered businesses have been audited to fully comply with PSD2 standards, ensuring the highest level of security and protection for consumers.

Christopher Woolard, Executive Director of Strategy and Competition at the FCA, said:
"PSD2 builds on this by giving consumers more choice around how they manage their payments and bank accounts. It also brings in some important protections for consumers and seeks to increase the security of payments."


PCI DSS Compliance

American Express, Discover, JCB International, MasterCard, and Visa Inc. founded the PCI Security Standards Council. The council 'maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe.'

Maintaining payment security is a serious business, and it is vital that every entity responsible for cardholder data security diligently follows the PCI Data Security Standards. The highest level of compliance for schools is Level 1 PCI DSS, assuring that your online payment provider implements the necessary standards to offer a secure payment solution.

What to look for in your online payment provider

A handy checklist for schools

  • FCA Regulated
  • Conforms to PSD2 framework
  • PCI DSS Compliant
  • ISO 27001 Accredited
  • TLS 1.2 encryption enabled
  • Cyber essentials certified


iPayimpact: Your trusted online payments platform

At CRB Cunninghams, we take payment security very seriously, and that is why our online payment platform is both FCA regulated and Level 1 PCI DSS compliant. Our company also holds the QMS ISO 27001 to give our schools peace of mind knowing that our in-house family of products integrate seamlessly and are fully compliant with GDPR and the Data Protection Act.

Commercial Director of CRB Cunninghams, David Paylor, said:
“Our customers are at the forefront of what we do at CRB Cunninghams, and that’s why we are determined to offer schools the highest level of security.

I would encourage all schools in the UK to be mindful of a supplier’s credentials when looking for an online payment provider, and I would advise asking any supplier to prove their GDPR process, especially when 3rd party integrations are involved.”

iPayimpact, our online payment module, is packed with features to manage all school income, reduce physical cash handling, and integrate seamlessly with our cashless systems. There are no setup fees, licence fees, or charges per pupil to use the software.


Ultimate partner protection

CRB Cunninghams are part of the Jonas Software (UK) Group and ultimately backed by Constellation Software Inc, a publicly listed company (PLC) on the Toronto Stock Exchange. Governed by a PLC means that CRB Cunninghams are fully audited to PLC standards, another level of security, and backing for our customers.

Jonas Software is an 80+ strong group of companies that provide software and services to over 20 distinct vertical markets. They are a ‘Buy and Hold Forever’ company and invest in people, customers and technology with the vision to be the market leader in every sector.