In today’s changing and challenging environment, the University has seen an increasing number of requests for credit card merchant accounts for online payment applications. While it can be advantageous to accept credit card payments over the Web, it is also an area of great liability. To address this issue, the University has implemented a campus-wide e-commerce solution called Touchnet Marketplace. The Touchnet Marketplace solution offers the ability to set up a store, called “U-store,” or simply a payment processing gateway, called “U-pay.” Many departments have taken advantage of the features and usability of Touchnet Marketplace and have moved or are in the process of moving their online e-commerce solutions to Touchnet Marketplace.
With credit card fraud and identity theft on the rise, Visa and MasterCard have issued Payment Card Industry Data Security Standards (PCI DSS) that every merchant on the University campus must be in compliance with by Jan. 31, 2009, to continue to accept credit cards and avoid substantial fines and fees.
PCI DSS requires that anyone handling any credit card information should be cognizant of, familiar with and agree to adhere to the PCI DSS which can be found at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml. Please note that if you are taking credit card payments but not using e-commerce, PCI DSS still applies to you. Please review the PCI DSS requirements referenced above and be aware that anyone in your department who comes in contact with credit card information will need to verify their acceptance and adherence to PCI DSS on an annual basis. If you fall into this category, and have not yet received the attestation forms, please contact Liana Fox in cashiering at firstname.lastname@example.org.
Touchnet Marketplace provides the University with a mechanism to meet these rigorous standards. For approximately the last two years, the Office of Information Technology, Internal Audit, Accounting Services and each merchant department have been making changes to policies, network configurations, departmental procedures, etc. to obtain compliance with these standards. The University has contracted with an outside PCI consulting agency to assist with our compliance efforts.
The E-Commerce Policy, has been revised and now requires all on-line merchants to use Touchnet Marketplace. By requiring all e-commerce activity on campus to use this one compliant solution, we are limiting our risk of credit card fraud and reducing our costs associated with maintaining compliance.
Many cashiering policies and procedures have been updated to reflect the new environment and should be reviewed at http://www.wmich.edu/accounting-services/docs/ar_marketplace_request_form.pdf.