ParentPay offers web-based payment services, financial management, and meal allowance software to schools, as well as, regional authorities within the UK and universities globally.
ParentPay maintains its own Data Processor status and upholds its own Data Protection Act registration. Lynne Taylor, the CEO and Founder of ParentPay, conducted in-depth study on data privacy in schools and used their expertise to provide advisory consultations to schools and LEAs on the subject. ParentPay provides the school with the software license, but does not access or use the data, earning the school a DPA registration as a data process.
As ParentPay does not access or use data for parents or students, the school can use ParentPay without having to amend its DP statement because the goal of using data at the school, which is to manage students’ administration, stays the same. They are free to choose whether to activate their account or begin online payments for their parents.
The stages and considerations listed below are crucial when it comes to payment procedures and security measures for parent pay:
- Registration – Parents must first register on the website of their child’s school or other organisation in order to use Parent Pay.
- Account management – The parents will next have access to their accounts, including login information that will let them control how much money they spend.
- Payment Options – In order to make payments, parents must add payment options like credit cards, debit cards, or direct debit to their account.
- Payment Instructions – After payment options have been provided, parents can make payments by choosing the product or service they wish to purchase and entering the desired amount.
- Confirmation: After the payment has been processed, the parents will get an email and a message of confirmation.
Security precautions To Be Considered
The ParentPay website is located in a safe data centre that has earned the coveted ISO 27001 certification, an international standard in information security management. Since this certification is difficult to obtain, it inspires trust in the solution’s dependability, accessibility, and safety.
The goal of ISO 27001 is to ensure that appropriate and proportionate security policies are chosen to protect information assets and foster trust among interested parties.
Only encrypted data traffic routed through a Virtual Private Network and two-factor authentication using a password and certificate are permitted access to the website’s management (VPN).
- Payment information is encrypted before being sent over the internet to prevent unwanted parties from viewing it.
- When making a payment, parents must authenticate their account and supply accurate payment information.
- Payment Card Industry Data Security Standards (PCI DSS) compliance is a requirement for payment service providers in order to protect payment cardholder data.
- Fraud detection – To spot and stop fraudulent payment activity, payment providers should have fraud detection systems in place.
- Make that the Parent Pay website has an SSL certificate. This adds an extra degree of protection for parents using the service by encrypting data as it is transported over the internet.
- Parent Pay educate its employees on best cybersecurity practices, including how to protect sensitive data, how to identify phishing attempts, and how to use secure passwords.
Parent pay can be a safe and secure way for parents to pay for their child’s school-related fees and costs if these precautions are taken.
Additionally, ParentPay Group’s team of security experts is dedicated to protecting the privacy, security, and accessibility of information by making sure that it complies with all applicable laws and regulations, including ISO27001, PCI-DSS, and GDPR, and by responding to customer and employee concerns.
To respond quickly to any security-related emergencies that may arise, a designated member of the security team is on call around-the-clock. Please use the following information to get in touch with ParentPay’s Data Protection Officer (DPO): [email protected].