Secure IT! Newsletter
The Newsletter of the Information Security Group | ISG@brown.edu
Archive Edition: September, 2006
Archives Home Page

 

Connie Sadler
by Connie Sadler, Dir. of IT Security, CIS

E-Commerce @ Brown: Taking Care of Business...Online

Main Entry: e-com·merce
Pronunciation: 'E-"kä-(")m&rs
Function: noun
Usage: often attributive
: commerce conducted via the Internet (from Merriam-Webster Online)

A growing percentage of business is transacted on the web. According to the US Census Bureau of the Department of Commerce, the estimate of U.S. adjusted retail e-commerce sales for the second quarter of 2006 was $26.3 billion, an increase of roughly 23.0% from the second quarter of 2005, and accounting for 2.5% of total sales.

Computer with cable spelling out the word "Web"Departments at Brown are also beginning to sell their wares over the web -- including tickets to arts and sporting events, conference registrations, and educational products -- and like the rest of the industry, Brown will ensure that online purchases and the confidential information used to make them are protected and that third-party providers handling credit card information are compliant with PCI-DSS Standards (PCI (Payment Card Industry)) Data Security Standards).

Brown's E-Commerce Committee was formed to address the issues and opportunities related to University e-commerce activity, and to review and recommend solutions for processing credit card (CC) and debit (ACH) transactions via the web. The committee, which includes members from Financial Services, CIS, Internal Audit, and the Office of General Counsel, selected TouchNet as Brown's vendor to provide a hosted solution that offers both a secure "Payment Gateway" for handling both CC and ACH transactions and a "Marketplace" component for building basic storefronts. TouchNet is also a SunGard "Banner" partner.

Credit cardsThe E-Commerce Committee also crafted policies and procedures for secure handling of online purchasing at Brown, which include the following:

  • All e-commerce activity must be reviewed and approved by the committee.
  • Credit card numbers must not be stored on Brown-owned or managed hardware.
  • This policy applies to any department associated with the University that conducts business through credit card transactions or is responsible for developing and maintaining a University website to conduct business transactions which gather credit card information.
  • Departments may accept credit cards with the prior approval of the Department Head and the E-Commerce Oversight Committee.
  • Only VISA, MasterCard, Discover, and American Express credit cards are currently accepted.

Last month, Campus Compact brought the pilot phase of Brown's E-Commerce initiative to a successful close when its online registration site went live. The next TouchNet user expected to "go live" will be PAUR - for Parent's Weekend registration. Many more implementations are expected during the upcoming months.

Stay tuned for an announcement of a Brown E-Commerce web site!