Project Name: Touchnet Payment Gateway Application

Project Charter

Prepared by: Stephen A. Vieira

Date issued: April 27, 2009

Project Name: TouchNet Payment Gateway Application

Project Number: 200910-MIS - P2

Project Overview:

During the spring of 2009, SunGard HE announced that they would no longer be supporting the Java application being used for credit card processing through Banner. This action was obviously based around compliance issues (both PCI-DSS and PA-DSS) that SunGard HE had decided to remove themselves from the position of Banner software having to be PA-DSS compliant.

As a result, CCRI is forced to find another solution for processing credit cards online. This solution must be compliant (both PA-DSs and PCI-DSS) and should be supported closely by SunGard HE as a third party vendor. The vendor that has provided the payment gateway for CCRI for several years has been TouchNet. TouchNet is both PA-DSS and PSI-DSS compliant and works closely with SunGard HE for all upgrades and modifications made in the administrative database.

Maintaining the credit card processing through Banner is essential for our student population, for the bursar’s office and for the collection of receivables. This means a link-out from Banner to a PA-DSS certified payment application to handle all credit card payment processing. It requires and change in contract with TouchNet, upgraded software and an upgrade to Banner. A second phase of this project would be the physical move of the payment gateway service to a “hosted” secure environment off campus, which would mean CCRI would no longer have a payment server in-house and therefore eliminate questions about compliance and credit card handling by CCRI for this purpose.

Project Requirements:

Move all payment data out of SunGard HE Banner.

Link out to a PA-DSS certified payment application.

Lockdown all highly sensitive payment data in a PCI DSS compliant data center.

TouchNet Bill+Payment setup to use the TouchNet Payment Gateway to process payment transactions and to post payments to the Banner database in real time.

Test self-service web applications, used at CCRI, where payments may be entered such as Student Tuition, Admissions Application Fees, Transcript Request Fees, and Graduation Application Fees.

Test the user interface, a “Pay Now” button, which comes BEFORE any payment card data entry is required.

Test the seamlessly link to the PA-DSS compliant TouchNet Bill+Payment Client to enter payment data without logging on again.

Tailor Bill+Payment screens to match a CCRI’s web page branding.

Test the user interface for multiple payment options, including credit card, electronic check, or PIN-less debit.

Test that user payments are posted to the Banner database in real time before the user returns to Banner applications.

Stakeholders signoff on test results indicating quality assurance
Release and user guides will be reviewed for possible changes
Release and user guides will be reviewed for new features
Training documentation will be updated
User documentation will be updated
Users will be trained on new features
Production Banner and database software are upgraded and operate as expected

The upgrade does not result in degradation of system and application performance
Planned new functionality operates as expected

Assigned Project Manager, Authority and Responsibility:

Bob Shea – Sponsor, VP Business & Finance

Carl Toft – Sponsor, Controller

Bortie Teh – Coordinator, Manager Systems Development

Organization, Authority and Stakeholders:

DBA –Brian Walsh

Admissions – Terri Kless

Financial Aid – Christine Jenkins

Finance – Carl Toft

Bursar – Dennis Grassini

Marketing & Communications – Rich Coren

Coordination Areas / Primary Duties
Bursar’s Office / Test user interface and links to payment gateway
Enrollment Services / Test user interface for self-service capabilities, needed training
Student Services / Proper training for informing students
MIS / Working with vendor on install; test and Production
Marketing & Communications / Documentation and communications plans
Vendor / Installation, quality of service; movement of server to host site
SunGard HE / Collaboration in event of issues
CIO / Funding and resource allocation

Constraints:

Had to go back out to State Purchasing 2nd time
No Finance updates until install of payment gateway
Compliance due by July 1, 2010

Assumptions:

Sole source guarantees fast State Purchasing process
Vendor has resources available to make this happen quickly
All interfaces operate as described without exception

Summary resources, Budget and Milestone Schedule Estimates:

Milestone / Target Date or Number of
From Approval
Waiting on State Purchasing / unknown

Initial Risk Assessment:

The major risk areas identified to date are given below along with a comment on a possible mitigation strategy (to be expanded in more detail during the detailed project planning).

Major Risk / Possible Mitigation
Time constraint / Cannot get bid out of State Purchasing on a timely basis
Time constraint / Won’t get scheduled resource in time for July 1, 2010
Time constraint / Self-service web site not compliant by July 1, 2010
Vendor contract / Issues with contract again holding up the purchase order, work
Resource challenge / Other projects keeping IT from dedicating time to the project
Vendor replacement / Deciding on another vendor based upon contract problems again

Project Charter Approval and Acceptance:

The signatures below indicate the undersigned have read and agreed to the contents of this Project Charter and have thus given approval and acceptance for this project to be initiated.

Approval: Project Sponsor/Owner / Date
Acceptance: ITS Supervisor / Date

Confidential Page 2 Wednesday, April 21, 2010