• About
• Accounts
• Cable & Video
• Computing Services
• Computing Sites
• E-Mail
• Enterprise Applications
• Hardware
• Help
• Hosting/File Storage
• ID Cards
• IT Security
• IT Training
• Network Services
• Policies
• Printing
• Research Computing
• Software
• Telecom Services

E-Commerce Questions and Answers

E-commerce procedures have been created to establish a process for developing new e-commerce applications at the University of Missouri. The procedures were developed as a joint effort by the UM Treasurer's Office and several areas in the Division of IT: Information Security and Accounts Management (ISAM); Application Services; Marketing, Planning and Training; and Systems and Operations. The procedures explain how to request an e-commerce application, who is involved in the process, what information is given to and received from the requesting department, and the security guidelines that must be followed.

What is the University's solution for payment processing?

QuikPAY features include setup of authorized users, email for payment notification and when a new bill is ready to view, creation of payment profiles, and payment history. QuikPAY is a Payment Card Industry Data Security Standard (PCI DSS) compliant system.

What is QuikPAY?

QuikPAY is an application that is marketed by NelNet Business Solutions (NBS). QuikPAY accepts credit card and check payments, creates payment profiles so the user doesn't have to re-enter credit card or checking account information every time a payment is made, allows for setup of authorized users for some applications, and contains payment history reports. The University started using QuikPAY in 2005 to accept payments for Student Account payments.

Who is NelNet?

"NelNet" is NelNet Business Solutions. We sometimes refer to them as NBS. They are the vendor who owns QuikPAY, the application that the University uses to process credit card and check payments on the internet. For more information about NelNet, consult their web site.

Is QuikPAY currently being used?

As of 4/1/07, QuikPAY is currently the e-commerce solution for:

• Student account payments at all four campuses
• Admissions application fees at MU, UMKC and UMSL
• MU enrollment fees
• UMSL Optometry Admissions application fees
• MU and MST Alumni Giving
• MU Residential Life application and contract fees
• MU Summer Welcome payments
• MU IT Training
• UMKC School of Dentistry

Can I use a vendor e-commerce solution other than QuikPAY?

If you plan to use a vendor solution other than QuikPAY for e-commerce processing, the Treasurer's Office will inform you of the information you must obtain from the vendor. Please indicate on the e-commerce service request form that you would like to use a vendor-purchased e-commerce solution.

What is a front-end application?

A front-end application is the "front door" for the user. The user signs in to the front-end application and performs the tasks pertinent to the business function for the application. For example, if the business function for the application is to sell merchandise, then the front-end application displays a catalog, allows the user to place item selections in a shopping cart, calculates costs, and stores shipping information. The front-end application needs to accept payment for the merchandise, but that has to be done in a secure environment, so it passes control to another application that accepts the credit card or check information. The University uses QuikPAY as the application that processes the payment. QuikPAY lets the front-end application know whether the transaction was successful so the status can be recorded in the front-end application tables.

Do I have to develop my own front-end application?

The front-end application can be developed internally using technical staff in your department or in the campus Information Technology (IT) department, or you can purchase an application that meets your functional business needs.

If you plan to develop a front-end application, please contact your campus Information Technology department for assistance. If you plan to use a vendor-purchased front-end application, contact between the vendors for your application and the payment processing application will be coordinated by the Treasurer's Office and the Division of IT E-Commerce team. Please indicate on the e-commerce service request form that you would like to use a vendor-purchased front-end application.

What are the security guidelines for developing a front-end e-commerce application?

The ISAM group has written an e-commerce security guide that provides guidance in securing e-commerce systems. All e-commerce applications will be required to meet the guidelines in this security guide. Production deployment will be contingent upon successful audit of the application by ISAM. ISAM is conducting audits University-wide until the campuses have certified auditors to provide the service. Departments will be charged for the initial and annual audits.

What is a Merchant Account ID?

In order to accept credit card payments, either from a physical store or a store on the Internet, you need to have a merchant account id assigned by an acquiring financial institution. This is a requirement for physical stores as well as stores on the Internet. An acquiring financial institution contracts with merchants to enable them to accept credit card transactions. In order to take credit card payments over the web using your browser and secure server technology (SSL) you will need a merchant credit card account ("Merchant Account") that is specifically meant for Internet-based transactions. You may already have a merchant ID for handling your phone/fax and email orders, but you'll need a new one to do e-commerce business. Commerce Bank is the University's financial institution, so they'll assign the merchant account for applications that use QuikPAY. If you purchase an application that includes a payment processing option other than QuikPAY, it is possible that the vendor of that application will acquire the merchant id for you. The acquiring financial institution records the daily credit card sales for your merchant account and transfers that information to the University for posting to your PeopleSoft Financials General Ledger account. When implementation of your application is underway, the e-commerce team will ask you for the information that is needed to request a merchant account id.

What is ISAM?

Information Security and Accounts Management (ISAM) is the unit responsible for protecting MU's technology resources. They do this by providing resource protection strategies and guidelines, identity and account management and professional response to cyber attacks.

Who is the e-commerce team?

The e-commerce team are University system staff in the Division of IT. The E-commerce department is responsible for the management, deployment, security and support of University e-commerce services.

What is an e-check payment?

An e-check payment is made using funds in a checking or savings account from an online e-commerce service. The payment can be made from a web application where the checking or savings account and routing number are type in, or by swiping a debit card on a card reader.

What is an e-credit payment?

An e-credit payment is a charge made to a credit card from an online e-commerce service. The payment can be made from a web application where the card number and expiration date are entered, or by swiping a credit card in a card reader.

What is e-commerce?

E-commerce is the buying and selling of goods and services, and the transfer of funds, over the internet using credit cards, debit cards, or checking accounts.

What is PCI DSS?

Credit card companies have collaborated to create a single set of industry requirements, called the Payment Card Industry (PCI) Data Security Standard (DSS), for consumer data protection. The PCI Data Security Standard clearly defined credit card payment processing requirements, compliance criteria and validation processes. Failure to comply with the PCI Data Security Standard may result in substantial fines and potential loss of e-commerce privileges.

By following the standardized, industry-wide procedures of PCI DSS, organizations can:

• Protect their customer's personal data
• Boost customer confidence through a higher level of data security
• Insulate themselves from financial losses

How do I request a new e-commerce application?

Fill out the e-commerce service request form. It will be emailed to the University Treasurer's Office when you submit the form.

What happens after I submit the request form?

The University of Missouri E-Commerce Procedures outlines the steps to implement an e-commerce solution using QuikPAY for a front-end application developed in-house or purchased. If you purchase an application that includes both the front-end and payment processing applications, make that indication on the form, and the Treasurer's Office will call you after they receive the form.