E-Commerce Questions and Answers
- I've never heard of "e-commerce procedures." What are they?
- E-commerce procedures have been created to establish a process for developing new e-commerce applications at the University of Missouri. The procedures were developed as a joint effort by the UM Treasurer's Office and several areas in the Division of IT: Information Security and Accounts Management (ISAM); Application Services; Marketing, Planning and Training; and Systems and Operations. The procedures explain how to request an e-commerce application, who is involved in the process, what information is given to and received from the requesting department, and the security guidelines that must be followed.
- What is the University's solution for payment processing?
- QuikPAY features include setup of authorized users, email for payment notification and when a new bill is ready to view, creation of payment profiles, and payment history. QuikPAY is a Payment Card Industry Data Security Standard (PCI DSS) compliant system.
- What is QuikPAY?
QuikPAY is an application that is marketed by Nelnet Business Solutions (NBS). QuikPAY:
- accepts credit card and check payments,
- creates payment profiles so the user doesn't have to re-enter credit card or checking account information every time a payment is made, and
- allows for setup of authorized users for some applications, and contains payment history reports.
The University started using QuikPAY in 2005 to accept payments for Student Account payments.
- Who is Nelnet?
- "Nelnet" is Nelnet Business Solutions (NBS). They are the vendor who owns QuikPAY, the application that the University uses to process credit card and check payments on the internet. For more information about Nelnet, consult their web site.
- What departments currently use QuikPAY?
As of 4/1/07, QuikPAY is currently the e-commerce solution for:
- Student account payments at all four campuses
- Admissions application fees at MU, UMKC and UMSL
- MU enrollment fees
- UMSL Optometry Admissions application fees
- MU and MST Alumni Giving
- MU Residential Life application and contract fees
- MU Summer Welcome payments
- MU IT Training
- UMKC School of Dentistry
- Can I use a vendor e-commerce solution other than QuikPAY?
- If you plan to use a vendor solution other than QuikPAY for e-commerce processing, the Treasurer's Office will inform you of the information you must obtain from the vendor. Please indicate on the e-commerce service request form that you would like to use a vendor-purchased e-commerce solution. The Treasurer's Office will have final approval if your selected vendor meets the University's requirements to provide e-commerce service.
- What is a front-end application?
- A front-end application is the "front door" for the user. The user signs in to the front-end application and performs the tasks pertinent to the business function for the application. For example, if the business function for the application is to sell merchandise, then the front-end application displays a catalog, allows the user to place item selections in a shopping cart, calculates costs, and stores shipping information. The front-end application needs to accept payment for the merchandise, but that has to be done in a secure environment, so it passes control to another application that accepts the credit card or check information. The University uses QuikPAY as the application that processes the payment. QuikPAY lets the front-end application know whether the transaction was successful so the status can be recorded in the front-end application tables.
- Do I have to develop my own front-end application?
The front-end application can be developed internally using technical staff in your department or in the Division of Information Technology, or you can purchase an application that meets your functional business needs.
If you plan to develop a front-end application, please contact the Division of Information Technology for assistance. If you plan to use a vendor-purchased front-end application, contact between the vendors for your application and the payment processing application will be coordinated by the Treasurer's Office and the Division of IT E-Commerce team. Please indicate on the e-commerce service request form that you would like to use a vendor-purchased front-end application.
- What are the security guidelines for developing a front-end e-commerce application?
- Production deployment will be contingent upon successful audit of the application by ISAM. ISAM is conducting University-wide audits until the campuses have certified auditors to provide the service. Departments will be charged for the initial and annual audits.
- What is a Merchant Account ID?
- In order to accept credit card payments, either from a physical store or a store on the Internet, you need to have a merchant account id assigned by an acquiring financial institution. This is a requirement for physical stores as well as stores on the Internet. An acquiring financial institution contracts with merchants to enable them to accept credit card transactions. In order to take credit card payments over the web using your browser and secure server technology (SSL) you will need a merchant credit card account ("Merchant Account") that is specifically meant for Internet-based transactions. You may already have a merchant ID for handling your phone/fax and email orders, but you'll need a new one to do e-commerce business. Commerce Bank is the University's financial institution, so they'll assign the merchant account for applications that use QuikPAY. If you purchase an application that includes a payment processing option other than QuikPAY, it is possible that the vendor of that application will acquire the merchant id for you. The acquiring financial institution records the daily credit card sales for your merchant account and transfers that information to the University for posting to your PeopleSoft Financials General Ledger account. When implementation of your application is underway, the e-commerce team will ask you for the information that is needed to request a merchant account id.
- What is ISAM?
- Information Security and Accounts Management (ISAM) is the unit responsible for protecting MU's technology resources. They do this by providing resource protection strategies and guidelines, identity and account management and professional response to cyber attacks.
- Who is the e-commerce team?
- The e-commerce team comprises the University system staff in the Division of IT and the Treasurer's Office. The e-commerce team is responsible for the management, deployment, security, and support of University e-commerce services.
- What is an e-check payment?
- An e-check payment is made using funds in a checking or savings account from an online e-commerce service. The payment can be made from a web application where the checking or savings account and routing number are typed in, or by swiping a debit card on a card reader.
- What is an e-credit payment?
- An e-credit payment is a charge made to a credit card from an online e-commerce service. The payment can be made from a web application where the card number and expiration date are entered, or by swiping a credit card in a card reader.
- What is e-commerce?
- E-commerce is the buying and selling of goods and services, and the transfer of funds, over the internet using credit cards, debit cards, or checking accounts.
- What is PCI DSS?
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
- How do I request a new e-commerce application?
- Fill out the e-commerce service request form. It will be submitted to the e-commerce team when you submit the form.
- What happens after I submit the request form?
- The University of Missouri E-Commerce Procedures outlines the steps to implement an e-commerce solution using QuikPAY for a front-end application developed in-house or purchased. If you purchase an application that includes both the front-end and payment processing applications, make that indication on the form, and someone from the e-commerce team will contact you after they receive the form.