Merchant Services Transformation Project 

Merchant Services (MS) is the program that manages, supports, and mitigates risk for payments collected digitally and via credit card at Stanford. MS is currently supported through a collaboration between three distinct university groups within Business Affairs: Financial Management Services’ (FMS) Office of the Treasurer (OOT), UIT’s Information Security Office (ISO), and UIT’s Enterprise Technology (ET). MS supports over 200 department merchants across the university, most of whom offer individual products or services, have unique internal processes, and varied business needs.

Background

Merchant Services is committed to delivering the best services and solutions to meet the needs of the university while meeting the highest standards of quality, excellence and compliance. Over the past several years, in addition to the rapidly changing payment receipt landscape, the costs to run the MS program have risen significantly faster than revenue. Through new technologies and security features, MS is seeking to both reverse that trend to avoid additional downstream costs or burden on merchants, and to improve services to merchants and their customers. To better evaluate and implement the program transformation, MS embarked on a multi-year initiative with three major phases.

Phases and Status

 

Phase I

(Completed)

This phase focused on reviewing the program as it stood, then automating and streamlining  processes, for example, new technologies and workflow changes were adopted.  The results of this phase included:

  • Reduced Merchant workloads by several hours per month 
  • Achieved significant improvement ratings in program satisfaction


Phase II

(Completed)

During this phase, an external consultant (Glenbrook Partners) embarked on a multi-month project to evaluate Stanford’s payment ecosystem and deliver a series of strategic recommendations, cost/benefit analysis and proposed timelines for changes.

The Merchant Services Strategic Advisory Committee considered Glenbrook’s proposals and recommended proceeding with three unique workstreams to enhance and improve the program, which would comprise Phase III of the initiative. The initiative was approved by and is funded through the University's Systems Governance Group (SGG).

 


Phase III

(In Progress)

The three workstreams in Phase II were launched and are comprised of:

  1. Rebranding and reorganization of the Merchant Services program as a Merchant-centric support service, driven by transformation of roles and responsibilities, internal policy updates, updated processes, and governance model designed to support the new program.
  2. Assessment of payment gateway options to explore opportunities for improvement and potential alternative options in the marketplace. 
  3. Implementation to transition home-grown eCommerce payment infrastructure to Independent Software Vendors (ISVs).

Learn more about the status of this current phase below.

Current Phase: Activities and Accomplishments

Phases I and II were about exploration, strategy, & planning and Phase III is about action.

In terms of the current Phase, there have already been numerous accomplishments, including:

The internal structure of the program was changed in order to:

  • Re-align the focus to business support, consulting and partnership (see the program governance section below)
  • Re-calibrate the approach to PCI compliance and risk mitigation
  • Retire the previous Merchant Services merchants@stanford.edu mailbox and utilize Stanford Services & Support to provide transparency of the request process, minimize email and expedite fulfillment
  • FMS hired an Operations Manager (welcome Linda) to enhance support of day-to-day operations

The Merchant Services Community of Practice (CoP) was launched to create: 

  • A series of monthly meetings to discuss operational experiences and share best practices
  • A dedicated Slack channel #Merchant-Community-Forum to collaborate in between meetings and help shape the direction of MS

Next Steps

Front-End Solutions Redesign

We are in the midst of the Front-End Solutions Redesign process which include specific Merchants whose eCommerce websites that are directly impacted. In partnership with each Merchant, a plan has been built for each, checked and adjusted with the assigned technical resources, and implemented within a timeframe that works with the Merchant business needs. We anticipate some Merchants may need their migrations to occur during “low” business season in order to limit risk/impact to incoming payments. Stanford has recently signed an Enterprise-wide agreement with Stripe, and as a result we are also exploring Stripe's products and features for eCommerce. The redesign workstream is the most complex and will run from February 2021 through December 2026. The Front-End Solutions Redesign process, currently in Phase III of the project, has the longest timeline, the largest impact, and most significant ongoing cost savings.

Payment Gateway Discovery

In addition, upon completion of the Gateway discovery, we have selected two vendors: FreedomPay for transactions received at the Point-of-Sale, including expanded equipment offerings, and Cybersource (direct) for eCommerce, replacing our current relationships with Cybersource managed through Wells Fargo. This direct relationship with Cybersource should result in more streamlined support and services. Migrations to the new Gateway will occur in the FAll of 2021. We hope for these to be exclusively back-end payment processing changes, but there may be some that impact the front-end payment processes. Merchant Services will be in direct contact with Merchant groups impacted to discuss in more detail. 

Compliance Content Consolidation

Over the Fall, content on both pcicompliance.stanford.edu and Fingate will be updated. This will allow ISO and MS to update and consolidate the standards for optimizing the security of payment card transactions, and make it easier for Merchants to find all of the information they need. 

Learn More and Join the Community

More information on the progress of our MS Program Transformation Project will be provided regularly. Watch for updates.

As a result of Phase III, workstream 1, in April 2021, the Information Security Office (ISO) fully assumed the PCI compliance oversight that was previously managed by Enterprise Technology Compliance (ETC). This transition will improve work efficiencies by consolidating security and compliance support in one place by distributing responsibilities as follows:

 
 
 
 
ISO
  • Set and enforce PCI Policies according to current PCI Security Standards
  • Organize and certify the yearly PCI DSS attestation
  • Consult with Merchants on remediation for PCI incidents/findings
  • Perform quarterly security scanning
  • Perform regular PCI audits
  • Build and maintain PCI reporting metrics
  • Develop and maintain PCI incident response plan
  • Perform technical vendor assessment as part of the DRA process
  • Build and maintain PCI training content
  • Manage expenses within the program budget
  • Collaborate with CampusGuard, a cybersecurity and compliance services company, to oversee merchant compliance and requirements
 
 
ET
  • Maintain existing eCommerce redirect web pages
  • Maintain PCI VPN /remote desktop
  • Maintain the dedicated PCI network
  • Manage expenses within the program budget
 
 
 

 

 
FMS
  • Manage the MS program equipment and key program vendors
  • Manage university level program-wide projects
  • First point of contact for all merchant support requests
  • Perform ticket triage, assignments, and track support metrics
  • Facilitate program communication and governance
  • Manage expenses within the program budget
  • Principal responsibility for contracts with payment providers
  • Streamline the number of vendors in the MS ecosystem
  • Guide and support merchants in their vendor evaluation and selection
  • Provide financial reporting and reconciliation support
  • Perform monthly, quarterly, and year-end close activities
  • Oversight for the overall MS training program

Other groups who will be closely involved, include but are not limited to: Glenbrook Partners (for the Gateway Discovery), FMS’s FinLearning team (for FinGate changes and training), and FMS’s Financial Support Center (as we change support systems & processes).

Back to newsroom
arrow_upward
Back to Top