E-Commerce and Online Transactions (Policy 6170)
University Policy 6170
Treasury and Real Estate Services, (208) 426-2079
Scope and Audience
This policy applies to all employees, student clubs/groups, departments, divisions or subdivisions of the University which intend on conducting transactions online for any products, services or events.
- Payment Card Industry Data Security Standards (PCI DDS)
- University Policy 2000 (Bookstore Operations)
- University Policy 6120 (Payment Card Acceptance)
- University Policy 6200 (Bank Accounts)
- University Policy 6270 (Disposal of University property)
- University Policy 12020 (Exclusion from Campus)
1. Policy Purpose
To facilitate the University’s use of E-Commerce, while ensuring the safeguarding of funds and sensitive information.
2. Policy Statement
This policy ensures the campus community understands how to appropriately use E-Commerce to facilitate the University’s mission, while following all applicable policies, laws and best practices.
The University views E-Commerce as a natural extension of the business already conducted by the University. It encourages colleges and auxiliary units to use E-Commerce to improve service to students, faculty, staff, and the public, and to reduce the cost of providing these services.
3.1 Electronic Commerce (E-Commerce)
A business transaction that uses electronic means. It usually includes the Internet, but can include any electronic interaction, including automated phone banks, touch screen kiosks, debit/credit cards or automated teller machines (ATMs).
3.2 Payment Card Industry Data Security Standard (PCI DSS)
A consolidated standard from the major credit card issuers detailing merchant requirements when accepting credit/debit cards. The requirements include network, security, and monitoring components, among others.
4. Responsibilities and Procedures
All online fundraising activities must be coordinated through University Advancement.
4.1.1 University’s Official E-Commerce Package
Departments and individuals engaging in online transactions on behalf of the University should use the University’s official E-Commerce software package. Any system other than official University E-Commerce packages must be approved by the Treasury Department for compliance with the PCI DDS.
4.1.2 Online Web Storefront
Departments and individuals may create an online web storefront for their customers to access. Uses for this type of storefront consist of conference registrations, invoices, etc. Departments may:
a. Customize their storefronts to have their desired look and feel within University brand standards.
b. Add inventoried items that will be sold through their storefront (registration fees, seats or tickets, dinners, artwork, etc.).
c. Collect store-specific data from customers such as name and email of a conference attendee. This information can then be displayed on a receipt and will be available on storefront sales reports.
4.1.3 University E-Commerce Coordinator
The University E-Commerce coordinator is available to help create the storefront if enough time is allotted before the store is activated. In some cases, the E-Commerce coordinator may be able to manage the stores on behalf of the group or department.
4.1.4 Accepting Payments through E-Commerce Package
Any E-Commerce package which accepts payments must adhere to the requirements of University Policy 6120 (Payment Card Acceptance).
4.1.5 Unique Department Bank Accounts or Merchant Services Accounts
Individuals and departments may not create a unique department bank account or merchant services account for E-Commerce, nor any account which mimics such functionality. See University Policy 6200 (Bank Accounts) for details regarding university bank accounts.
4.1.6 University Bookstore
The University Bookstore has certain exclusive selling privileges. For more information see University Policy 2000 (Bookstore Operations). Review University Policy 2000 (Bookstore Operations) to ensure any proposed E-Commerce activity does not conflict with this policy. Any questions about potential conflicts should be addressed with the Bookstore and its management for a complete review.
4.1.7 Collection of Sales Tax
Some transactions may require the collection of sales tax. Individuals should contact the Tax Reporting Department for information about the applicability of sales tax and how to collect sales tax.
4.1.8 Sale or Disposal of University Assets Using E-Commerce
In most instances, departments may not use E-Commerce for the sale or disposal of University assets. See University Policy 6270 (Control of University Equipment and Materials) for details or contact Fixed Assets and Inventory Control.
4.2 Policy Non-Compliance
Violation of any portion of this policy may result in disciplinary action. Incidents will be evaluated on a case by case basis and may result in the following sanctions up to:
a. Exclusion or expulsion, in the case of students as outlined in University Policy 2020 (Student Code of Conduct), or
b. Exclusion or dismissal from employment, in the case of faculty and staff, or
c. Exclusion from campus, in the case of the public.
5. Related Information
University Policy 2020 (Student Code of Conduct)