Despite complaints lobbed and dollars lost, Georgia State’s administration has yet to initiate changes to address credit card fraud issues on campus.
Earlier in April, The Signal reported that the new string of crime was sweeping the campus. Students reported suspicious purchases, missing cards, and identity theft on university grounds.
However, two weeks later plans to review the security of campus card scanners have yet to be carried out.
Catrice Clark, a finance director at Georgia State, said that service transactions were reported to third-party vendors, who then investigated using Campus Guard, an organization that provides resources and expertise for third-party vendors in order meet PCI regulations.
Clark said that reform is ongoing, but no additional security measures have been implemented since.
“We have had Campus Guard assess the credit card merchants at the GSU Atlanta and Perimeter campuses to provide suggestions on how campus merchants can maintain PCI compliance,” Clark said.
Outsourced card security
Third-party vendors use PCI-DSS, or Payment Card Industry-Data Security Standard, to maintain standards for safe card use. Georgia State has requested these third-party vendors for proof of fulfilling PCI requirements in order to maintain contracts and potentially upgrade card security.
Some of the third-party vendors that GSU-GPC are contracted with are Southern Refreshments, Saxbys Coffee, Coke, Sodexo Food Services, and Follett Higher Education, each of which is required to meet PCI regulations.
Ren Flot, Chief Information Security Officer at Georgia State, discussed the third-party vendor compliance with PCI.
“The team working on PCI compliance is using the findings of this security assessment to continue to improve and reinforce credit card processing security at the university,” Flot said.
Merger becomes murky
The Georgia State-Georgia Perimeter College merger poses potential changes as well, according to Clark.
“As a result of the GSU-GPC consolidation, we are renewing our contracts and ensuring that the software and services used for processing transactions shall be compliant with standards established by PCI,” Clark said.
The consolidation has also instigated new methods of enforcing these standards.
“GSU has implemented an annual PCI-DSS Campus Merchant Training program. This training provides on-demand training for all students, staff and faculty. Additional training events are in the planning phase,” Clark said.
Whose problem is it?
Andrea Durojaiye, sophomore at Georgia State, said that she now rarely uses her card on campus.
“I don’t usually carry cash around with me, because of the robberies in the library and general safety,” Durojaiye said. “Now I feel like I shouldn’t even carry my wallet, because even I use my card on campus my information, money and identity is at risk.”
Many of the reported cases of credit card fraud go unresolved. Part of this problem is where the crime occurs, according to Georgia State’s Interim Police Chief Carlton Mullis.
“The problem faced with credit card fraud are the jurisdictional issues,” Mullis said. “We have jurisdiction when it started here and then follow up where it happened. If someone goes on a spree ordering things on Amazon, that’s harder to track where it occurred.”