Events

Connect with us at the following upcoming events:

Conferences

April 16-17

CS5

San Diego, CA

April 28-30

EDUCAUSE Cybersecurity and Privacy Professionals Conference (CPPC)

Anaheim, CA

May 3-6

TPA 2026

Hyatt Regency Savannah in Savannah, Georgia

Rethinking the PCI Attestation Cycle for Merchant Success
May 4 | 2:45 – 3:45 p.m.

Speakers:

  • Matt Schafer, Director, Treasury Operations, Indiana University
  • Laura Allison, Project Management Product Lead, CampusGuard

PCI attestation is a critical component of maintaining compliance and protecting payment data, but how often should you do it? This session explores two approaches: Indiana University’s monthly attestation cycle, designed to reduce the level of effort, accommodate merchant busy seasons, and improve focus, and the traditional annual cycle favored for simplicity. Learn the pros and cons of each, hear real-world lessons, and walk away with practical strategies to optimize your attestation process for your organization’s unique needs.

From Checkout to Compromise: Guarding Higher Ed Against E-Skimming Threats
May 5 | 8:15 – 9:15 a.m.

Speakers:

  • Kevin Doar, Director, Office of Merchant Services, University of Washington
  • David Gundrum, JD, CISA, CISSP, QSA, Senior Security Advisor, CampusGuard

As colleges and universities expand their digital payment experiences, the risks associated with e-skimming attacks continue to rise. Cybercriminals are increasingly targeting higher ed websites with malicious scripts designed to silently capture payment card data, putting students, families, and institutions at significant financial and reputational risk. This session explores the vulnerabilities and tactics attackers use to bypass common security controls, how UW evaluated, implemented, and optimized one solution to secure its payment ecosystem, and recommended incident-response actions when a compromise occurs.

View the agenda

Live Demos

April 8

EDUCAUSE Demo Day | Identity Verification and Fraud Services

9:00 am - 3:30 pm CST

As cyberthreats grow more sophisticated, higher education institutions face increasing risks from fraudulent digital activity across a wide range of applications, including financial aid, vendor onboarding, research grants, and internal systems access. Cybersecurity solutions that detect and prevent fraudulent applications are essential to protecting institutional data, resources, and reputation.

Join us for several live, 45-minute, rapid-fire sessions as our corporate solutions providers showcase their fraud detection technologies. Explore how advanced analytics, identity verification, and behavioral monitoring are being used to identify suspicious activity, prevent breaches, and ensure compliance. Learn how integrating these tools into your broader cybersecurity strategy can safeguard institutional integrity.

Webinars

March 4

Decentralized and Vulnerable: Why Higher Ed Is the Perfect Target for Modern E-Skimming

1:00 pm - 2:00 pm CST

Many higher education institutions still haven’t addressed e-skimming or fully met the PCI DSS compliance requirements, while others believe their strengthened controls, such as CSP, SRI, and payment‑page monitoring, put them in a stronger position than they actually are. Attackers, however, haven’t stood still.

Modern e-skimming campaigns are engineered to bypass these defenses, leaving institutions unknowingly exposed across systems that often fall outside traditional PCI or security focus.

For higher education, this risk is magnified by the sheer diversity of online transaction paths: Tuition and fee payments, online bookstores, athletic ticketing, performing arts and campus events, alumni giving and donation platforms, and department-level microsites.

Each represents a separate entry point for attackers, often built by different teams, vendors, or third parties, and often sharing scripts across the broader digital ecosystem.

We’ll examine how modern campaigns exploit trusted services, abuse tag managers, and move upstream of checkout, creating blind spots that disproportionately affect decentralized environments like higher education.

We’ll cover:

  • Why e-skimming continues to accelerate, with dozens of active campaigns targeting tens of thousands of sites across multiple platforms & geographies
  • How attackers bypass CSP, SRI, & PCI DSS 4.0.1-aligned controls, including abuse of “trusted” services & allowlisted scripts
  • Why focusing only on the payment page misses real risk across the full path to checkout, including donation flows, ticketing, & account creation
  • The limits of iFrame hardening & payment outsourcing, & what responsibility remains with the institution
  • Practical ways to validate that controls actually prevent data exfiltration, not just detect changes after the fact

Learn where real risk exists today, why traditional approaches fall short, & how to move forward with confidence across every online payment & donation experience.

April 8

TPA Webinar: Beyond the PCI Compliance Checklist: Building Stronger Payment Security

2:00 pm - 3:00 pm CST

Speakers:

  • Kyle Smith, CISA, CISSP, QSA, Security Advisor
  • Allison Zwaschka, PCIP, Customer Relationship Manager

Meeting PCI DSS requirements is an important first step, but passing an audit doesn’t guarantee your campus payment systems are truly secure. In this webinar, we’ll explore the gaps that often exist beyond the Cardholder Data Environment (CDE), including third-party vendors, rogue scripts, shadow IT, and operational blind spots. Attendees will learn practical strategies to move beyond compliance checklists and build a robust, year-round payment security program that protects students, staff, and institutional data.

Registration will open March 12.