Merchant Services Transformation Project

The Merchant Services (MS) Program manages, supports, and mitigates risk for payments collected digitally and via credit card at Stanford. MS is currently supported through a collaboration between three distinct university groups within Business Affairs: Financial Management Services’ (FMS) Office of the Treasurer (OOT), UIT’s Information Security Office (ISO), and UIT’s Enterprise Technology (ET). MS supports over 200 department merchants across the university, most of whom offer individual products or services, have unique internal processes, and varied business needs. (updated 2/1/24)

Background

Merchant Services is committed to delivering the best services and solutions to meet the needs of the university while meeting the highest standards of quality, excellence and compliance. Over the past several years, in addition to the rapidly changing payment receipt landscape, the costs to run the MS program have risen significantly faster than revenue. Through new technologies and security features, MS is seeking to both reverse that trend to avoid additional downstream costs or burden on merchants, and to improve services to merchants and their customers. To better evaluate and implement the program transformation, MS embarked on a multi-year initiative with three major phases.

Phases and Status

Phase I (Completed)	This phase focused on reviewing the program as it stood, then automating and streamlining processes, for example, new technologies and workflow changes were adopted. The results of this phase included: Reduced Merchant workloads by several hours per month Achieved significant improvement ratings in program satisfaction
Phase II (Completed)	During this phase, an external consultant (Glenbrook Partners) embarked on a multi-month project to evaluate Stanford’s payment ecosystem and deliver a series of strategic recommendations, cost/benefit analysis and proposed timelines for changes. The Merchant Services Strategic Advisory Committee considered Glenbrook’s proposals and recommended proceeding with three unique workstreams to enhance and improve the program, which would comprise Phase III of the initiative. The initiative was approved by and is funded through the university's Systems Governance Group (SGG).
Phase III (In Progress)	The three workstreams were launched and are comprised of: (Complete) Rebranding and reorganization of the Merchant Services program as a Merchant-centric support service, driven by transformation of roles and responsibilities, internal policy updates, updated processes, and governance model designed to support the new program. (Complete) Assessment of payment gateway options to explore opportunities for improvement and potential alternative options in the marketplace. (Underway) Implementation to transition home-grown e-commerce payment infrastructure to Independent Software Vendors (ISVs). The redesign workstream is the most complex and will run from February 2021 through December 2026. Learn more about the status of this current phase below.

Activities and Accomplishments

Phases I and II were about exploration, strategy, & planning and Phase III is about action. In terms of the current Phase, there have already been numerous accomplishments, including:

Program Structure

The internal structure of the program was changed in order to:

Re-align the focus to business support, consulting and partnership
Re-calibrate the approach to PCI compliance and risk mitigation
Retire the previous Merchant Services merchants@stanford.edu mailbox and utilize Stanford Services & Support to provide transparency of the request process, minimize email and expedite fulfillment
Hire an Operations Manager to enhance support of day-to-day operations
Partner with Rich Boltizar of Boltizar Consulting LLC based in Idaho by providing services as Program Manager/Business Architect for Merchant Services to drive forward the various initiatives of the Transformation Project.
Establish the Merchant Services Community of Practice (CoP) meetings in 2021 as a platform to discuss operational experiences, share best practices and provide training on new services. See MS Events.

Payment Gateway Discovery

Upon completion of the Gateway discovery, two vendors were selected: FreedomPay for transactions received at the Point-of-Sale, including expanded equipment offerings, and Cybersource (direct) for eCommerce, replacing our current relationship with Cybersource managed through Wells Fargo. Merchant Services has moved to a direct relationship with Cybersource for payment gateway services. This new arrangement should result in more streamlined support and services. This replaces the current Cybersource “bundled” relationship through Wells Fargo. There will be no major impact to payment processing or technical integrations. Merchant Services will be in direct contact with merchant groups affected to discuss in more detail. For more information, see ECommerce Merchants.

Merchants can purchase Point-to-Point Encrypted (P2PE) keypads (aka: SREDKeys) for processing transactions via Cybersource virtual terminals. One device can be used by various people or across multiple accounts. SREDKeys will be configured for Stanford’s environment as a whole, so they can be shared within units. Benefits include improving device security, enhancing payment security, reducing PCI DSS scope, lowering cost associated with PCI infrastructure, and increasing work efficiency. For more guidance, see Point of Sale Merchants.

Stanford signed an Enterprise-wide agreement with Stripe, and as a result we have implemented Stripe's products and features for eCommerce.

Compliance Content Consolidation

UIT’s Information Security Office launched the new PCI Compliance website. This serves as a central information hub that provides clear guidance for merchants around PCI compliance requirements, while improving and modernizing the user experience with updated content. This has allowed ISO and MS to update and consolidate the standards for optimizing the security of payment card transactions and make it easier for merchants to find the information they need.

Event Management Transition

Cvent, a new third-party event management platform managed by UIT, was rolled out in July 2023 for Certain platform event users. Certain has sunsetted on October 25, 2023. For more information, see the Cvent service page.

For merchants who used Certain for payment collection only, the CardinalPay platform can be an alternative.

CardinalPay's Back-End Accounting Automation

Merchant Services launched the first part of CardinalPay, an Oracle accounting automation tool, for all transactions processed only by Stanford-owned and managed Stripe accounts effective on October 1, 2023. Oracle will automatically generate daily iJournals to book all transaction activities for Stanford-managed Stripe accounts. Rather than seeing one net deposit to a PTA per batched payout, each transaction’s revenue and fees will appear separately on the GL with a significantly expanded level of detail in the description field. Benefits include:

Offers a simple and flexible revenue collection solution with diverse payment options
Improves customer confidence through trusted Stanford branding and Stanford.edu domain
Automates accounting posting to Oracle for all Stripe-related grossed-up financial data
Integration of Authority Manager simplifies management of access to merchant functionality
Reduces PCI compliance scope by replacing existing custom standalone payment pages
Centralizes the management of a large number of Stanford-owned Stripe merchant accounts
Provides high level reporting capabilities to query transaction activities across all accounts

CardinalPay's Front-End Solutions Redesign

In November 2023, Merchant Services began to offer a front-end solution through CardinalPay which can provide support for merchant department ecommerce websites. In partnership with each merchant, a plan can be built for each, checked and adjusted with the assigned technical resources, and implemented within a timeframe that works with the merchant's business needs. Benefits include:

Stanford-approved ecommerce solution
Dedicated hosted merchant payment page(s) for each defined payment stream with substantial "no code" customization options
Customers interface with individual Stripe merchant accounts through a centrally managed portal with emailed receipt issuance
Minimized PCI scope through open network operation (no network segmentation required)
Revenue can be routed to unique PTAs based on the payment type used

Network Migration

In January 2024, Merchant Services completed the successful migration of all merchants off the dedicated PCI network and onto more service-friendly and less compliance-onerous solutions. This was a three-year transformation which came in on time and under budget, with significant projected efficiency savings across campus.

Learn More and Join the Community

Learn about Accepting Credit and Debit Card Payments for products and services.
Visit the Merchant Services Events page to learn more about past community of practice topics and register for upcoming sessions.
Join the Slack channel at #Merchant-Community-Forum for timely topics in between meetings.
To learn more and stay up to date on all things Merchant Services, subscribe to the newsletter and view past news on Fingate.

Back to newsroom

Submit feedback about this page

Merchant Services Transformation Project Posted August 1, 2023