skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Policies and Security Standards  /  E-commerce Policy

E-commerce Policy

E-commerce Policy

(Web-based Credit Card Transactions)

  1. Any organization wishing to install or to continue use of e-commerce capabilities on their web sites must inform Treasury Services of their intentions. In no case is credit card information to be collected or stored on a Caltech computer without explicit prior approval from the Vice President for Business and Finance.
  2. Organizations wishing to use e-commerce on their web sites must submit a Merchant Account request form for an account with our service provider, and review Caltech's Merchant Credit Card Processing Guidelines.
  3. Caltech systems involved in e-commerce will be periodically scanned by IMSS known security vulnerabilities.
  4. As standards on the part of financial institutions for such transactions may change in the future we will periodically review this policy and revise it if necessary.

More Details

E-commerce, broadly defined, is the ability to purchase items via the web through the submission and validation of credit cards and other electronic surrogates for currency. In addition to uses such as online sales of goods and services, this technology can allow attendees to register and pay for conferences, workshops and other events online via specially designed websites.

Given the sensitive nature of credit card information, use of e-commerce technology does have some associated risks. The most serious of these is the possibility of credit card information being compromised due to the use of an insecure transaction protocol, or the capture of credit card information stored online once such transactions are completed. Many such incidents associated with commercial web sites have received coverage in the press.

In order to facilitate the use of e-commerce on campus while simultaneously providing a secure setting for such transactions, we have contracted through our bank with a third party organization to provide secure e-commerce capabilities. At the time that payment information is requested on a Caltech e-commerce website, customers are referred automatically to a secure server (housed off of the Caltech campus network) where sensitive information such as credit card numbers are entered via an encrypted connection established directly between the customer and the secure server. Payment is then collected and transferred into appropriate Institute accounts. After the online credit card transaction is completed, website visitors are automatically returned to the Caltech site they were visiting so that they can continue their session.

Fees

The service fee for a Merchant Account with our online payment processing service provider is $15 per month. There is a $.05 per-transaction fee charged for all Visa, MasterCard or American Express transactions processed. There is a one-time setup charge of up to $99 per account. In addition, the credit card companies charge a fee of between 1.5% and 3.5% of the gross transaction amount, based upon the type of card used.

For additional information about fees, or other question, contact Treasury Services.

Getting Started

To set up a Caltech website for credit card transactions, first submit a Merchant Account Request Form to Treasury Services for assistance in setting up a merchant account with Authorize.Net, our online payment processing service provider.

Next, your web developer, webmaster, and/or development team should read over Authorize.Net's online developer documentation, for technical assistance in setting up your site.