E-Commerce Policy


To ensure electronic commerce activities on campus represent the University appropriately, to comply with Payment Card Industry Data Security Standards and to protect against exposure and possible theft of cardholder information that has been provided to Western Michigan University. For the purpose of this policy, e-commerce activity is defined as the processing of orders and payments over the internet.


Western Michigan University provides a centralized e-commerce software solution through a product called Touchnet Marketplace. Marketplace consists of two components: Ustores and Upay. University units and departments that transact online payments must use the secure Web payment system Marketplace for such transactions. This system has been configured to meet the Payment Card Industry Data Security Standards.

Units planning to offer online sales of goods and services can request the establishment of an online store within Ustores or a Upay account through the Cashiering Office.


Electronic publications are to follow the same University policies and standards as print publications in regards to copyright laws, fair use and intellectual property rights, and authorized use of the University's signature, seal and logos.

Western Michigan University Web and commerce sites must not use any other organization's trademarks or service marks anywhere (text on pages, metatags, etc.) unless both of the following conditions have been met:

  • The usage reflects the actual attributes of Western Michigan University products or services.
  • Advance permission has been obtained from Western Michigan University general counsel.

Western Michigan University e-commerce sites must only be used for university business and any goods or services offered for sale must be related to the department’s core mission.

All customers using the Internet to place orders must be presented with a summary of Western Michigan University's terms and conditions and must indicate that they agree to these terms and conditions.


Servers used for e-commerce must be operated in a secure fashion and include a security statement describing what security standards are in place. Units engaging in e-commerce activity must comply with the Payment Card Identification Data Security Standards.


Except as otherwise required by law, any personal data collected may not be sold or otherwise made available to other organizations, companies, or individuals without the explicit consent of the individual.

Any data collected must be explicitly described in a privacy statement accessible on the website. Any use of the data for purposes not specifically required by the order process must be described. Customers must be given the option to disable any reuse of their information.


Questions may be directed to Liana Fox at 387-2952, liana.fox@wmich.edu.


See the Cashiering Policy.