Educause Security Discussion
mailing list archives
Re: Experience with HigherOne or TouchNet for payment processing?
From: "Bohlk, Christopher J." <cbohlk () PACE EDU>
Date: Mon, 24 Jun 2013 15:25:35 +0000
Hi Jim and All,
Are you running the Touchnet payment stations on a dedicated desktop machine that only serves to process credit card
transactions? Do those staff members using Touchnet to process credit cards have a separate, 2nd machine to conduct
all other daily work including, email, access to other systems, and web browsing?
Chris Bohlk, CISSP, C|EH
Information Security Officer
Information Technology Services (ITS)
235 Elm Road, West Hall 212A
Briarcliff Manor, NY 10510
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mayne,
Sent: Friday, June 21, 2013 4:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Experience with HigherOne or TouchNet for payment processing?
TCU has used Touchnet for several years and has standardized on their services. Our Financial Services folks are very
happy and we require all applications to be "Touchnet Ready" partners (except of course Paciolan :().
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Walther,
Sent: Wednesday, June 19, 2013 3:05 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Experience with HigherOne or TouchNet for payment processing?
We're evaluating vendors for use as third party payment processing, with a goal off keeping PCI requirements as low as
Towards that end, does anyone have experience with HigherOne's or TouchNet's payment processing service, as a former or
current client? Does not have to be security-centric, though that is a concern. How does their service fare in terms of
security practices, reliability, availability, support, etc? Any changes over time?
No responses will be quoted or attributed (unless specifically asked to be). This is an informal poll, not part of an
RFP or any other documentation. Even just a quick "we use them and rarely think about it" would be much appreciated.
Information Security Operations, Tufts University