- Mission, Vision, & Values
- Staff Directory
- Business Centers
- Contact Us
Being a web merchant allows your customers to make purchases through your online storefront. There will be no face-to-face interaction. An example of this type of transaction is making a purchase on-line from an e-retailer like Amazon.com.
Accepting credit cards creates legal and financial risk for merchants. It also requires substantial compliance activities. Consider the risks and responsibilities associated with accepting credit cards before moving forward.
OSU uses TouchNet Marketplace to offer web based storefronts to OSU merchants. TouchNet provides two different storefront options; the uStore and the uPay site.
The uStore is the less technical of the two options. It can be setup completely in TouchNet and does not require a lot of technical knowledge. The e-commerce team is familiar with uStores and will be able to assist you whenever you need help.
Examples of uStores currently in use at OSU can be found in the Oregon State University Marketplace.
A uPay site allows you to develop the store front yourself or use third party developers. This front end website can then link to TouchNet's uPay site for secure payment processing. This option gives you a lot more customization options but it is much more technical to implement. The e-commerce team will not be able to help you with third party or campus developed front ends for the uPay site.
An example of a simple Drupal front end that ties into a uPay site can be found here. You will enter the uPay site and leave the drupal front end once you click the "Click Here To Pay" button.
Please contact the eCommerce team to discuss the right option for you and request access to TouchNet.
Every merchant on campus needs to acquire a merchant ID (MID). Your uStore or uPay site must be ready for production orders before a MID will be issued by the payment processor.
Once you have access to TouchNet you will be provided with the necessary documentation to help you build a uStore or set up a uPay site. You will also have access to a testing environment which is to be used for the initial setup and testing of the uStore or uPay sites. If you are using a third party to host your front end website for your uPay site you need to submit a firewall opening request. TouchNet needs to open their firewall to the IP address used by the front-end web pages or web application so information can be passed back and forth between TouchNet and the front-end. This needs to happen for both the Test and Production TouchNet instances. Information will not pass from and to your front-end until this occurs. Standard processing time is 3 – 5 business days. Please submit this request through the TouchNet Firewall Exception webform.
When you are ready to move your uStore or uPay site to TouchNet’s Production instance, you will re-create in Production the site you built in Test. Once you have built a working prototype of your web store in the TouchNet Production instance, you need to fill out a New Merchant Application. This form will ask you for links to your functional website. When ready to submit the New Merchant Application please visit the New Merchant Application website to submit your application.
It is important to note that before the processor will approve the New Merchant Credit Card Processing Application, they will actually attempt a trial order. Before submitting the New Merchant Credit Card Processing Application, the Production site needs to be set up such that the underwriters can start the purchase process and get all the way to the payment screen. The links listed on the application for Return and Refund Policy, Privacy, Statement Delivery Methods and Time Frame, and Transaction Page must work and be the production links.
From the date the New Merchant Credit Card Processing Application is submitted, it will be 4-6 weeks until payments can be taken from customers assuming that everything goes smoothly. Below you can see the steps the application has to go through before you can start to take payments.
Please review the Oregon State Treasury Best Practices Training Presentation. This document gives you a good understanding about accepting credit cards and what to look out for.
Develop policies and procedures for credit card acceptance, using the PCI DSS Questions and Expected Testing in SAQ A. These policies and procedures will be submitted as evidence with your yearly PCI DSS SAQ document.
If any cardholder data will be written down, purchase a cross-cut or micro-cut shredder for disposal of cardholder data. A locked shredding bin is not sufficient. If you are unsure what to purchase, here is a suggestion.
Once you are doing business online you are responsible to continuously assess your operations and fix any vulnerability which could potentially cause a credit card data breach. This is part of the PCI compliance requirements. For more information on what you have to do throughout the year to stay PCI compliant please visit the PCI Compliance for OSU Credit Card Merchants website.
The list of PCI DSS SAQ A requirements can be found in the SAQ A document. You are responsible for on-going compliance with all of these requirements. Some of these requirements are:
TouchNet is affected by Banner downtimes. During Banner outages, TouchNet Marketplace uStore and uPay sites will function normally with the exception of general ledger (Banner) updates. For most uStores and uPay sites, TouchNet automatically performs a general ledger (Banner) update for each transaction. This will fail while Banner is down. This does not mean the transaction itself has failed. It means data could not be transferred to the general ledger system after the transaction was processed. You will need to monitor and resolve TouchNet G/L Exceptions for your merchant. You will not receive the funds related to these transactions until you repost the GL exceptions.
Q1. Who answers questions about your Point of Sale transactions (products, orders, payments, credit card transactions, refunds)?
Q2. Who makes the merchant’s deposits?
Q3. Who tests the Web Merchant site to make sure it works?
Q4. How will I be trained?
Q5. Will there be potential downtimes?