Site Map Online Directory
  Search Information Technology   Northwestern University  
YOU ARE HERE > HomePolicies and GuidelinesE-Commerce
Additional Information

Policies and Guidelines

E-Commerce Policy

Audience:

All members of the Northwestern Community and users of the University network.

Definition:

Accepting charge cards on University Web sites.

Policy Statement:

The Internet is continuing to change the way business is conducted between the University and its customers, as well as between the departments and the University's centralized business and computer services. The University's customer services and internal Financial and IT departmental support infrastructure is adapting to this changing environment. The most common recent request is to accept credit card payments over the Web. The following guidelines highlight the most critical issue in providing this service, to ensure that the trusted relationship between Northwestern and its customers is conducted in the most secure, confidential and reliable method possible.

Background Issues:

Requirements

All eCommerce Web designs must either be wholly hosted by Northwestern University resources, or wholly hosted (including the banking relationship) outside of the University through a contractual relationship with a separate corporation. It is not permissible to use University banking resources with an application hosted outside Northwestern University's network (NUNet). The Controller's Office will review all proposed eCommerce applications and refer any proposed contracts to the Office of General Counsel.

The school/unit business administrator must review the business case and technical requirements to assess the budget and administrative impact due to eCommerce activities. The associated startup and recurring costs include, but are not limited to fees for credit card transactions, hosting services or equipment costs (NUIT or outside host), HTML and database application development and maintenance, (24/7) customer support cost increases, the resources to implement and maintain merchant equipment, and the accounting support to do reconciliation.

Centrally managed revenues, such as gifts, grants and tuition are the responsibility of special central administrative units. No school or department-based application may solicit or record gifts to the University, grants from sponsors, or tuition for credit courses. (Evaluation of tuition payment options for units already taking credit cards will be handled separately from this policy.)

University Relations reserves the right to review Web content at any time.

Generally, only authorized cash collection units may request to become a charge card Web merchant. An application packet is available from the Office of the Bursar, (847) 491-5343.

Departmental Web Development and Hosting

All development, maintenance and support of the Web application are the responsibility of the department. For departments that choose to host their Web application on their own Merchant Server, the Office of the Controller and NUIT will review the system for compliance with guidelines for Web applications that are wholly hosted by Northwestern University. This review will include, but is not limited to, the storage of charge card numbers, data collection, system security, physical security, disaster recovery, reporting, reconciliation, privacy policies and auditability. All Merchant Servers hosting eCommerce activity utilizing the NU Payment Server must be on the University's network.

NU Information Technology Services

ITCS (Information Technology Computing Services) offers optional Web application hosting services on a central Merchant Server. The departmental Web application must run on NT 4.0 or higher, use IIS for Web services, and use Microsoft SQL Server for database services. Backups, system maintenance and upgrades are included. All other development, maintenance, and support are the responsibility of the department. Costs are $960.00 annually for 200 MB disk space with 6 GB monthly network traffic, or $1,440.00 annually for 300 MB disk and 9 GB monthly network traffic.

ITCS will provide charge card transaction services through the Payment Server for departmental merchants at no cost. All eCommerce Web applications hosted on campus must use this payment server.

For more information about NU services for Web application development, contact Dana Nielsen, Director of NUIT Computing Services, at d-nielsen@northwestern.edu.

Original Issue Date:

July 2002

Revision Dates:

July 2002

Last Updated: 30 May 2007