All online payment processors, such as the likes of PayPal, are regulated by the relevant governing bodies to ensure security and protection to their consumers, and school online payment providers should be no different. We all know the importance of secure online payments, but what measures should providers have in place to ensure payment security for UK schools?
There are several regulatory bodies and frameworks that you should look for in your online payment provider. We explain why the likes of; the Financial Conduct Authority (FCA), PSD2 framework, PCI DSS compliance, and ISO 27001 are important for your school’s online payment platform.
What is the Financial Conduct Authority (FCA)?
The Financial Conduct Authority (FCA) is a UK financial regulatory body that oversees 56,000 financial services firms and financial markets. They are responsible for ‘securing protection for consumers; to protect and enhance the integrity of the UK financial system, and to promote effective competition in the interests of consumers.’
Why is FCA regulation important for schools?
Most importantly for schools, an online payment platform that is regulated by the FCA, means that parents are protected under the FCA. Currently, consumers of businesses that are not regulated by the FCA do not have recourse to the Financial Ombudsman Service, an independent dispute settlement service. Think of this assurance like booking a holiday that is ‘ATOL’ protected, you wouldn’t risk booking your holiday without it - just like you shouldn’t risk your schools’ online payments by partnering with an unregulated supplier.
In addition to security concerns, companies that are not regulated by the FCA are not obliged to conform to their regulatory framework, which means they do not comply with the process standard for dealing with online payments. This is where the Payment Services Directive (PSD2) comes in.
PSD2 - Protection for parents
The Payment Services Directive is a European directive, brought into place to ‘improve consumer protection, and make payments safer and more secure.’ It means that all FCA registered businesses have been audited to fully comply with PSD2 standards, ensuring the highest level of security and protection for consumers.
Furthermore, as the FCA is an ‘independent public body funded by the firms it regulates, by charging them fees’, this ultimately means that unregulated companies are skipping out on the FCA charge whilst offering very little security over their online payments.
Christopher Woolard, Executive Director of Strategy and Competition at the FCA, said:
"PSD2 builds on this by giving consumers more choice around how they manage their payments and bank accounts. It also brings in some important protections for consumers and seeks to increase the security of payments."
PCI DSS Compliance
The PCI Security Standards Council was founded by American Express, Discover, JCB International, MasterCard, and Visa Inc. The council 'maintains, evolves, and promotes Payment Card Industry standards for the safety of cardholder data across the globe.'
Maintaining payment security is a serious business and it is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards. For schools, the highest level of compliance is Level 1 PCI DSS, which assures that your online payment provider has implemented the necessary standards to offer a secure payment solution.
What to look for in your online payments’ provider
A handy checklist for schools
- FCA Regulated
- Conforms to PSD2 framework
- PCI DSS Compliant
- ISO 27001 Accredited
- TLS 1.2 encryption enabled
- Cyber essentials certified
iPayimpact: Your trusted online payments platform
At CRB Cunninghams we take payment security very seriously, and that is why our online payments platform is both FCA regulated and Level 1 PCI DSS compliant. Our company also holds the QMS ISO 27001 to give our schools peace of mind knowing that our in-house family of products integrate seamlessly and are fully compliant with GDPR and the Data Protection Act.
Commercial Director of CRB Cunninghams, David Paylor had this to say:
“Our customers are at the forefront of what we do at CRB Cunninghams, and that’s why we are determined to offer schools the highest level of security. I would encourage all schools in the UK to be mindful of a supplier’s credentials when looking for an online payment provider, and I would advise asking any supplier to prove their GDPR process especially when 3rd party integrations are involved.”
iPayimpact is our online payment module that is packed with features to manage all school income, reduce physical cash handling, and integrate seamlessly with our cashless systems. There are no setup fees, licence fees, or charges per pupil to use the software.
Ultimate partner protection
CRB Cunninghams are part of the Jonas Software (UK) Group and ultimately backed by Constellation Software Inc, a publicly listed company (PLC) on the Toronto Stock Exchange. Governed by a PLC means that CRB Cunninghams are fully audited to PLC standards, another level of security, and backing for our customers.
Jonas Software is an 80+ strong group of companies that provide software and services to over 20 distinct vertical markets. They are a ‘Buy and Hold Forever’ company and invest in people, customers and technology with the vision to be the market leader in every sector.