Transcript Purdue-pay

Lyle Janney
[email protected]
Doug Kanwischer
[email protected]
Information Technology Enterprise Applications
(ITEA)
Purdue University
Copyright Statement
• Copyright Lyle Janney and Doug Kanwischer ,
2002. This work is the intellectual property of the
author. Permission is granted for this material to
be shared for non-commercial, educational
purposes, provided that this copyright appears
on the reproduced materials and notice is given
that the copying is by permission of the author.
To disseminate otherwise or to republish
requires written permission from the author.
The Discussion
Background
• SSINFO
• Ecommerce
The Project
•
•
•
•
Parts is parts
Who’s paying (for who): SSINFO
Money in our pocket: Ecommerce
Giving credit where its due
Picture: Today and Tomorrow
SSINFO Background
• Electronic Student Services since 1990
• On the Web since 1998
• 2 or 3 upgrades to functionality each year
• Primary service to West Lafayette campus
students
SSINFO Application
Features
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Academic History
Transcript Request
CODO Papers Request
Class Schedule
Grades
Course Tutors
Exam Schedule
Progress Report
"What If" Progress Reports
Aid Status
Encumbrances
Tuition & Fee Info
Fee/Housing Credits
Housing Fee Info
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Student Loans
Tax Credit
Addresses & Phones
Emergency Contact Info
Demographic Info
Change My Password
Manage Account Access
SCC Concert Ticket Times
Athletic Tickets
Voting/Elections
Surveys
Off Campus Housing
Student Job Postings
Student Organizations
Other University Services
Connected to by SSINFO
•
•
•
•
•
Graduate Student Database
Purdue Directory Search
Purdue Web Search
Student Web Email
Boiler Volunteer Network
• Online Course Information
• University Schedule of
Classes
• University Final Exam
Schedules
• University Evening Exam
Schedules
SSINFO Infrastructure
Round-robin load
distribution assigns
each connection to one
of the SSINFO web
application servers
Student accesses
SSINFO using a
web browser from
home, dorm room,
lab, kiosk, etc.
SIS database server
is the store-house
for all the student
information
SSINFO Infrastructure
Data that still must be
synchronized with
legacy systems passes
through the Distributed
Processing Environment
(DPE) on a nightly basis
SIS database server is
the authoritative source
for some student data,
but not all
IBM
Mainframe is still the
source for Registration,
Bursar, Financial Aid and
other student information
SSINFO Usage
Nearly 40,000 students have used SSINFO this semester
Most used features include:
•
•
•
•
•
•
•
•
•
Course Schedules
Exam Schedules
Academic History
Financial Aid
Tuition & Fees
Progress Reports
Student Job Listings
Student loans
Link to Student Web Email
Ecommerce Background
Driver
• Added service
• Increased Investment funds
Scope
• Strictly a “plug-in”
• Uses only Perl, PL/SQL (Oracle), SQL, C
• VISA Security Requirements
Ecommerce Background
Show Me the Money
Millions
300
250
200
150
100
50
0
is e
s
En
ter
pr
iar
y
Re
nta
ls
Au
x il
ce
s,
Gi
fts
,S
erv
i
Sa
l es
Stu
de
nt
F
ee
s
Actual
Potential
Ecommerce Background
Use of credit cards
•
•
•
•
Applications
Cost
Customer service
Versus Automated Clearing House (ACH)
transactions
Purdue-pay
The Project
Allow ACH payments
• Tuition
• Deferred Fees
• Housing
Generous Relatives
Leveraging existing functionality
Purdue-pay
Assembling the Parts
Purdue-pay
Assembling the Parts
Purdue-pay
Bill Presentment
SSINFO provides access to current student
billing information for:
• Tuition & Fees
• Deferred Fees
• Housing Fees
Purdue-pay
Cross-system Communication
Tuition & Fees, Deferred Fees, and Housing Fees
data is kept up to date on SSINFO by:
• The data is extracted from the Bursar and Housing
systems on the mainframe every weeknight
• The extracted data is converted to transaction format
• The transactions are loaded into the SIS Database
Purdue-pay
Considerations
Students don’t pay all
their bills themselves!
• Allowing access for 3rd
party payers
• Student record privacy
(FERPA)
• Student and 3rd party
payer bank account
privacy
Purdue-pay
3rd Party Payer Setup
All SSINFO users need to use their own account.
People wishing to pay student bills on SSINFO
must create an account providing:
•
•
•
•
•
Full name
Home Street Address
Basic Demographic Information
Email address
Password and Password Reminder
They are assigned generated account ID
Purdue-pay
3rd Party Payer
Authorization Handshake
3rd party payer
requests access
to pay student
bills for a specific
student by ID
Student grants
access to pay
student bills to a
specific 3rd party
payer by ID
3rd party payer may
then view and pay
student bills
Purdue-pay
Separation of Payer Info
• The student and all authorized payers can
view pending payments
• Only the individual making a particular
payment may modify or delete that
payment
Purdue-pay
SSINFO link to Ecommerce
When a user elects to pay online, SSINFO sends the
following to Ecommerce via URL query parameters:
•
•
•
•
•
•
•
User Account ID
Student ID
Payment Type and Academic Session
Amount due, Minimum & Maximum payment allowed
Due Date & latest payment date allowed
User Authentication and Authorization data
Return URL
Purdue-pay
Ecommerce Challenges
Financial Institution selection
• Flexible system
• Reasonable contract
Terms of Use
General statements for increased reusability
All legal action limited to local code and courts
Purdue-pay
Ecommerce Challenges
Cross-environment communication
• Mainframe
• UNIX
• Win32
National Automated Clearing House Association
(NACHA) (www.nacha.org)
Who?
What?
Standards
ACH transactions
Authorization
Purdue-pay
Ecommerce Challenges
Data Security
• Secure Socket Layer over HTTP (https vs. http)
• Application timeouts
• Encryption
– Account/routing numbers
– Authorization
– File exchanges with financial institution
Purdue-pay
Ecommerce Design
Template Structure
• Central scripts
• Personalized libraries
• Custom HTML
Payment-side
• Triad Organization
– Owner
– Account
– Payment
• Owner’s financial institution
• Unique Ids for accounts and payments
Purdue-pay
Ecommerce Design
Administrative-side
•
•
•
•
Purdue central authentication system
Query screens for the Triad
Audit Logs and Error Logs
Account and Owner lockout feature
Purdue-pay
Ecommerce Design
Daily Extractions
• Database extraction
• Pretty Good Privacy (PGP) encryption
• GnuPG – Privacy Guard
• File Transfer Protocol (FTP)
• Update Ecommerce database with received files
• Financial Institution maintains account/routing
numbers
Purdue-pay
Ecommerce Extraction
Payment and Account File
Transaction, Return, Account File
Database Server
Financial Institution
Purdue-pay
Ecommerce Reconciliation
Bursar’s Office
•
•
•
•
Purdue-pay administrative site queries
Bursar system totals
Financial Institution Confirmation Reports
Investments Daily Reporting
Accounting
• Weekly sweep of funds
• Documents for General Ledger
Purdue-pay
Bursar System
Leverage Existing Processes
• Current lockbox provider
• Harvest from Bursar to SIS
Purdue-pay
The Big Picture
Purdue-pay
•
•
•
•
•
Lessons Learned
More returns than expected
Paper invoice vs. SSINFO display
Netscape Browser privacy
Account types – what is a “regular” account?
Extraction Process
– Failure points
• FTP
• PGP
• Database/Server connectivity
Purdue-pay
Lessons Learned
• Insufficient Fund Difficulty (NSFs)
–
–
–
–
Redepositing to match lockbox
Payment credit – debit – credit
Result: Paperwork mess
Change to single deposit to match other electronic
commerce
• Banking Travails
– Processing problems
• Double billing
• Corrupt encryption
Purdue-pay
Statistics
Inception on March 25, 2002
1,000 hits in each of first three weeks
Have received payments every business day
since inception
To date, payments exceed $5 million
No advertising done until September 6, 2000
Purdue-pay
Statistics (as of September 30, 2002)
Owners:
Number of registered owners:
Repeat users, since inception:
Number of 3rd party payers:
Number of owners paying for 2+ students:
Number of students paid for by 2+ owners:
Number of owners with 2+ accounts:
3773
936
249
27
12
121
Accounts:
Number of accounts:
Number of rejected accounts:
2856
69
(2.4%)
Purdue-pay
Statistics (as of September 12, 2002)
Payments:
Number of completed payments:
4366
Number of 3rd party payments:
166 (3.8%)
Number of returns:
96
(2.2%)
Tuition payments, Fall 2002:
1506
(6.6% of all tuition payments to Purdue University)
Tuition payments, since inception:
2282
Housing payments, since inception:
1607
Deferred payments, since inception:
477
Payments by repeat users, since inception: 2073 (48%)
Post-dated payments, since inception:
255 (5.8%)
Purdue-pay
Questions?