There are various requirements that you and your website/shopping cart (Merchant Web Service) must meet in order to integrate with ePayment Web Service.
Please note: All new and in some cases, existing merchants may be asked to undergo the Privacy Impact Assessment (PIA). For more information, please review: https://epayment.it.ubc.ca/news/privacy-information-assessment-pia
Privacy & Security:
- Merchant Web Service must be able to generate unique transaction IDs that are retained across system restarts.
- Merchant Web Service must be able to send and receive https messages, i.e Merchant Web Service must use a valid SSL. (Please not that self signed ssl certificates will not be able to connect to epayment system)
- Merchant Web Service must be able to receive, process and reply to POST messages.
- Merchant Web Service must allow ePayment to post messages to it, i.e. firewalls must be open to the ePayments servers.
Technical:
- You must provide a default item description for items to be purchased.
- You must provide a default contact email for display to the customer in case of queries regarding a payment.
- You must have your own website to redirect customer to the ePayment Web Service. (Don't have a website or shopping cart? UBC IT may be able to help!)
- You must have an account with UBC Finance in order for ePayment to generate JV entries. Please see Accounting Information.
PCI DSS:
- You or your Developer provide the IP address(es) of your Merchant Web Service for vulnerability scans. If the IP address(s) change, ePayment Support must be informed.
- You must be a UBC entity and the monies collected must be for a UBC related activity - you will need to provide a statement of business purpose. If it changes, you will need to inform ePayment Support.
- If the server for your merchant system is located outside of Canada, the website must have a privacy clause statement checkbox prior to payment checkout. Example:
5 I consent to the secure storage of my personal information outside of Canada (in the U.S.A) in accordance with the privacy policy of {ePayment Merchant} outlined at {http://insert the web address of {ePayment Merchant's} privacy policy}.