This document contains 3 checklists for three different types of ecommerce websites permissible under University e commerce



Similar documents
IT TECHNICAL SECURITY REVIEW CHECKLISTS FOR E-COMMERCE WEBSITES

Accepting Payments Online

University Policy Accepting Credit Cards to Conduct University Business

Overview of Credit Card Payment Processing in Digital StoreFront

Achieving PCI Compliance for Your Site in Acquia Cloud

Payius. GoLive Checklist

CREDIT CARD MERCHANT PROCEDURES. Revised 01/21/2014 Prepared by: NIU Merchant Services

PCI DSS E-commerce Guidelines

MASTERCARD SECURECODE ISSUER BEST PRACTICES

InstaMember USER S GUIDE

Our 24 tips to get you trading online in 24 hours

PayEase Payment Gateway

Your gateway to card acceptance.

Merchant Card Processing Request Form

Self Assessment Questionnaire A Short course for online merchants

DalPay Internet Billing. Technical Integration Overview

Simple Integration Mobile Ready Cutting-edge Innovation

Why are we changing Security Partners?

Swedbank Payment Portal Implementation Overview

PCI Compliance Updates

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions.

Integrating Plone with E-Commerce and Relationship Management A Case Study in Integrating PloneGetPaid and Salesforce.com

Key USP s. Multiple PCI level GRC tool

Integrated Technology and Design Inc. PO Box 123 Joliet, IL (PH) (FX)

A guide for accepting online payments for Hertfordshire emarketplace Providers

How to complete the Secure Internet Site Declaration (SISD) form

How To Choose An Online Ecommerce Site

Chapter 11 E-Commerce

The McAfee SECURE TM Standard

Thursday, September 8, 11

Merchant Payment Solutions

(Discover) financial solutions for your campus

PCI DSS & 3 RD PARTY SERVICE PROVIDERS

For a full comparison of Magento Enterprise and Magento Community, visit Magento Feature List

e-commerce The beginners guide

Domain Name Considerations for your e-commerce Service

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Payment Card Industry Data Security Standard PCI-DSS #SA7D, Platform Database, Tuning & Security

CHARGE Anywhere Universal Shopping Cart

GENERAL ADMINISTRATION - SHOPPING CART

Standards for Business Processes, Paper and Electronic Processing

Merchant Payment Solutions

Finally, the Ability to Unify All Payment Points Across Campus

emerchantpay L1 PCI DSS Compliant gateway with 2048-bit SSL data encryption Business Features Business Benefits

Electronic Commerce. Chapter Overview

How To Ensure Account Information Security

Google Analytics Enhanced E-Commerce. 8 Steps for Successfully Managing an Implementation Project

Profound Outdoors Privacy Policy

University Policy Accepting and Handling Payment Cards to Conduct University Business

ecommerce Options in the Polaris ILS Ohio PUG

Application for acceptance of Payment Cards by UVa Departments (5/15 BC)

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Frequently Asked Questions

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

MAGENTO CERTIFIED SOLUTION SPECIALIST EXAM. What is the difference between Omni Channel and multichannel retailing?

POLICY SECTION 509: Electronic Financial Transaction Procedures

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Chapter 11: E-Commerce

Site Management Abandoned Shopping Cart Report Best Viewed Products Report Control multiple websites and stores from one

CyberSource Payments & Security ONE POINT OF CONTACT CAN HELP YOU HIT YOUR

D. DFA: Mississippi Department of Finance and Administration.

La règlementation VisaCard, MasterCard PCI-DSS

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

OKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE

IUPay - Web-based Payments System for Multiple Departments Cheryl L. Shifflett, AAP, CTP Office of the Treasurer Indiana University

PCI DSS: An Evolving Standard

PCI 3.0 Making Payment Security Business As Usual

Mandiri e-cash Online

University of Virginia Credit Card Requirements

Terms of Service Agreement

Appendix 1 Payment Card Industry Data Security Standards Program

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

Credit Card Handling Security Standards

Why Is Compliance with PCI DSS Important?

Chapter 23: Uploading Your Website to the Internet

CNET Builder.com - Business - Charge It! How to Process Online Credit Card Transactions Page 1 of 10

Implementation Guide

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

Merchant Terms of Service PINTEREST COMMERCE ADDENDUM

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS

DalPay Internet Billing. Checkout Integration Guide Recurring Billing

Merchant Account Set-up Guide

Web Site Feature and Review Guide

TOWN OF GLASTONBURY PROFESSIONAL SERVICES PROCUREMENT NOTICE REQUEST FOR PROPOSAL MERCHANT PAYMENT PROCESSING SERVICES RPGL #

Global Transport Secure ecommerce Decision Tree

New Customer Workbook

E-commerce Shopping Carts Digital Cert. Merchants

PC-DSS Compliance Strategies NDUS CIO Retreat July 27, 2011 Theresa Semmens, CISA

Big Fish ecommerce. BF Admin Module Payment Settings.doc

Chapter 19: Shopping Carts

I. Definitions. DFA: Mississippi Department of Finance and Administration.

Finance Office. Card Handling Policy

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

Sage e-businessvision and Sage Exchange

Universal ecommerce Solutions for Municipalities

Determine your objectives and target audience before planning the layout and design of your site.

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Magento Feature List. ecommerce Platform for Growth

Transcription:

Thisdocumentcontains3checklistsforthreedifferenttypesofecommercewebsitespermissibleunderUniversitye commerce policy.thesechecklistsshouldbeusedtoascertainthatcolumbia Universitywebsiteswithe commercecomponentsconformtothe University spolicy.formoreinformationaboutthisdocumentor e commercepolicyingeneralpleaseemailcreditcards@columbia.edu 1.Columbiae commercesiteshostedinsidecolumbia University...2 2.Columbiae commercesiteshostedoutsidecolumbia University...4 3.ColumbiaapplicationserviceproviderwebsiteswithanecommercecomponentthatarehostedOUTSIDEColumbia University...6 1

1.Columbiae commercesiteshostedinsidecolumbia University This checklist is for situations wherein the merchant website is hosted on the Columbia University computer network. University Policies: You should be familiar with the University's E-commerce policy and how it affects your work in this area. SSL Certificate: If your site allows registration, serves any kind of shopping cart page(s), serves forms that accept name, email address and/or other personal information, or displays subtotal/total cost of merchandise, these pages *must* be served securely using an SSL certificate. Please provide the URL for your website for us to review. Online Payment Form: Columbia's policies clearly state that no online payment forms may be served from a University server or from the University network. You must establish a relationship with an approved third-party provider of e-commerce services such as global payments, cybersource, etc. and serve your payment form(s) from their domain and their servers. Please provide either the URL for the payment page or the URL for the page on your website that contains the link that will re-direct visitors to the future payment page. Privacy Policy: Every website with an e-commerce function must contain a privacy policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your privacy policy page. Please provide the URL for the privacy policy page. 2

Refund Policy: Every website with an e-commerce function must contain a refund policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your refund policy page. Please provide the URL for the refund policy page. MID/PIN visibility: In the course of building the 3rd-party hosted payment form, the developers must make certain that CU-issued Merchant ID and/or CU vendorissued PINs are NOT visible anywhere in the source code of the form. Please provide the URL to the payment page so we may view the page source. 3

2.Columbiae commercesiteshostedoutsidecolumbia University This checklist is for situations wherein the merchant website is developed by a Columbia employee or a vendor hired by a Columbia employee, but hosted somewhere outside the Columbia network. University Policies: You should be familiar with the University's E- commerce policy and how it affects your work in this area. If your website is being hosted at a PCI-compliant hosting facility on PCI-compliant infrastructure you will be permitted to keep your payment page(s) integrated with your website (see item 4 below.) In this case, you will need to procure written documentation from your website hosting vendor that all the requirements of PCI-DSS compliance are met for your website. If your 3rd-party hosting vendor is not providing PCI-compliant hosting, then you will need to separate your payment page(s) from the rest of your website as explained below. SSL Certificate: If your site allows registration, serves any kind of shopping cart page(s), serves forms that accept name, email address and/or other personal information, or displays subtotal/total cost of merchandise, these pages *must* be served securely using an SSL certificate. Please provide the URL for your website for us to review. Online Payment Form: Columbia's policies clearly state that no online payment forms may be served from a University server, from the University network or from non-pci-compliant 3rd-party servers or infrastructure. If your 3rd-party hosting vendor provides written documentation that your 4

site is being hosted on PCI-compliant infrastructure, then you may elect to keep your online payment form integrated with the rest of your website. If not, you must establish a relationship with an approved third-party provider of e-commerce services such as global payments, cybersource, etc. and serve your payment form(s) from their domain and their servers. Please provide either the URL for the payment page or the URL for the page on your website that contains the link that will re-direct visitors to the future payment page hosted on an approved vendor's PCI-compliant web infrastructure. Privacy Policy: Every website with an e-commerce function must contain a privacy policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your privacy policy page. Please provide the URL for the privacy policy page. Refund Policy: Every website with an e-commerce function must contain a refund policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your refund policy page. Please provide the URL for the refund policy page. MID/PIN visibility: In the course of building the payment form (whether it's integrated with your website or hosted by an approved PCI-compliant vendor), the developers must make certain that CU-issued Merchant ID and/or CU vendor-issued PINs are NOT visible anywhere in the source code of the form. Please provide the URL to the payment page so we may view the page source. 5

3.ColumbiaapplicationserviceproviderwebsiteswithanecommercecomponentthatarehostedOUTSIDEColumbia University This checklist is for situations wherein a Columbia merchant is using a 3rdparty web-based application service provider and the website is hosted outside the Columbia network. University E-Commerce policy: You should be familiar with the University s E-commerce policy and how it affects your work in this area. Your vendor, the provider of the web-based application/service that you are contracting them for must provide written documentation that their application, and the infrastructure which serves it, meets all aspects of PCI- DSS compliance. You should do this *BEFORE* you sign an agreement to contract services from them. If your website application service provider *cannot* or *will not* provide written documentation that their application and the infrastructure which serves it meets all aspects of PCI-DSS compliance, then you will need to separate your payment page(s) from the rest of your website as explained below. SSL Certificate: If your web application allows or requires registration, serves any kind of shopping cart page(s), serves forms that accept name, email address and/or other personal information, or displays subtotal/total cost of merchandise, these pages *must* be served securely using an SSL certificate. Please provide the URL for your website for us to review. Online Payment Form: Columbia's policies clearly state that no online payment forms may be served from a University server, from the University network or from non-pci-compliant 3rd-party servers or infrastructure. If your 3rd-party application service provider does not provide written documentation that all aspects of your web application are PCI-compliant and hosted on PCI-compliant infrastructure, you must establish a relationship with an approved third-party provider of e-commerce services 6

such as global payments, cybersource, etc. and serve the payment form(s) of your web application/service from their domain and their servers. Please provide either the URL for the payment page or the URL for the page on your website that contains the link that will re-direct visitors to the future payment page hosted on an approved vendor's PCI-compliant web infrastructure. Privacy Policy: Every website with an e-commerce function must contain a privacy policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your privacy policy page. Please provide the URL for the privacy policy page. Refund Policy: Every website with an e-commerce function must contain a refund policy page and links to that page from throughout the site. In order to receive a *MID*, you must provide the URL to your refund policy page. Please provide the URL for the refund policy page. MID/PIN visibility: In the course of building the payment form (whether it's integrated with your website or hosted by an approved PCI-compliant vendor), the developers must make certain that CU-issued Merchant ID and/or CU vendor-issued PINs are NOT visible anywhere in the source code of the form. Please provide the URL to the payment page so we may view the page source. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information