Skip to Main Content

Policy Title: E-Commerce and Online Transactions

Boise State University Policy #6170
Effective Date: July 1, 2014

To facilitate the University’s use of E-Commerce, while ensuring the safeguarding of funds and sensitive information.

Additional Authority:
Payment Card Industry Data Security Standards (PCI DDS)
University Policy #2000 (Bookstore Operations)
University Policy #6120 (Payment Card Acceptance)
University Policy #6200 (Bank Accounts)
University Policy #6270 (Disposal of University property)
University Policy #12020 (Exclusion from Campus)

This policy applies to all employees, student clubs/groups, departments, divisions or subdivisions of the University which intend on conducting transactions online for any products, services or events.

Responsible Party:
Vice President for Finance and Administration 426-1200
Treasury and Real Estate Services 426-2079

Electronic Commerce (E-Commerce) – A business transaction that uses electronic means. It usually includes the Internet, but can include any electronic interaction, including automated phone banks, touch screen kiosks, debit/credit cards or automated teller machines (ATMs).

Payment Card Industry Data Security Standard (PCI DSS) – A consolidated standard from the major credit card issuers detailing merchant requirements when accepting credit/debit cards. The requirements include network, security, and monitoring components, among others


  • I. Policy Statement
  • This policy ensures the campus community understands how to appropriately use E-Commerce to facilitate the University’s mission, while following all applicable policies, laws and best practices.
  • The University views E-Commerce as a natural extension of the business already conducted by the University. It encourages colleges and auxiliary units to use E-Commerce to improve service to students, faculty, staff, and the public, and to reduce the cost of providing these services.
  • II. Policy Details
    • A. All on-line fundraising activities must be coordinated through University Advancement.
    • B. Departments and individuals engaging in on-line transactions on behalf of the University should use the University’s official E-Commerce software package. Any system other than official University E-Commerce packages must be approved by the Treasury Department for compliance with the PCI DDS. Instructions for using the E-commerce software package may be found at (insert link).
      • 1. Departments and individuals may create an online web storefront for their customers to access. Uses for this type of storefront consist of conference registrations, invoices, etc…Departments may:
        • a) Customize their storefronts to have their desired look and feel within University brand standards.
        • b) Add inventoried items that will be sold through their storefront (registration fees, seats or tickets, dinners, artwork, etc…)
        • c) Collect store-specific data from customers such as name and email of a conference attendee. This information can then be displayed on a receipt and will be available on storefront sales reports.
      • 2. The University E-Commerce coordinator is available to help create the storefront if enough time is allotted before the store is activated. In some cases, the E-Commerce coordinator may be able to manage the stores on behalf of the group or department.
    • C. Any E-Commerce package which accepts payments must adhere to the requirements of University Policy #6120 Payment Card Acceptance.
    • D. Individuals and departments may not create a unique department bank account or merchant services account for E-Commerce, nor any account which mimics such functionality. See University policy #6200 for details regarding university bank accounts.
    • E. The University Bookstore has certain exclusive selling privileges. For more information see University Policy #2000, Bookstore Operations. Review University Policy #2000 to ensure any proposed E-Commerce activity does not conflict with this policy. Any questions about potential conflicts should be addressed with the Bookstore and its management for a complete review.
    • F. Some transactions may require the collection of sales tax. Individuals should contact the Tax Reporting Department for information about the applicability of sales tax and how to collect sales tax.
    • G. In most instances, departments may not use E-Commerce for the sale or disposal of University assets. See University Policy #6270 for details or contact Fixed Assets and Inventory Control.
  • III. Policy Non-Compliance
  • Violation of any portion of this policy may result in disciplinary action. Incidents will be evaluated on a case by case basis and may result in the following sanctions up to:
    • A. Exclusion or expulsion, in the case of students as outlined in the Student Code of Conduct, or
    • B. Exclusion or dismissal from employment, in the case of faculty and staff, or
    • C. Exclusion from campus, in the case of the public.