Merchant Services (MS) collaborates with Stanford departments to help them establish merchant accounts and securely process credit/debit card payments for their products and services. There are important factors merchants must consider when beginning to accept credit/debit card payments through platforms like Stripe and others. These include establishing roles and responsibilities for the process, determining payment method and the associated fee structure and using third-party service providers.

Stanford merchants are required to maintain compliance with university policies and must review the Administrative Guide prior to processing payments. These ensure protection of Stanford's information resources, outline procedures to be followed when a computer security incident is discovered, provide guidance on proper engagement in unrelated business activities and ensure relationships with entities independent of the university are structured correctly.  See the Administrative Guide Policy 3.4.2: Card and Payment Account Acceptance and Processing for details.


Stanford purchasing cards (PCards) and travel cards (TCards) are not a part of the Merchant Services Program. These cards are tools for individuals making purchases and traveling on behalf of the university and are managed by Card Services. For more information on PCards, refer to PCards Overview and for information on TCards, refer to TCards Overview. For assistance, submit a support request to the Card Services Team.

To better understand the process of a credit or debit card transaction, it is necessary to learn the key players involved:

  • Cardholder: Non-consumer or consumer customer to whom a payment card is issued or any individual authorized to use the payment card
  • Merchant: Any business that maintains a merchant account that enables them to accept credit or debit cards as payment from customers (cardholders) for goods or services
  • Acquirer: Also referred to as “acquiring bank” or “merchant’s bank,” acquirers contract with merchants to create and maintain merchant accounts that allow the business to accept credit and debit cards; provide merchants with equipment to accept cards and manage customer service and other necessary aspects involved in card acceptance; deposits funds from card sales into a merchant’s account
  • Processor: Sometimes referred to as “payment gateway” or “payment service provider (PSP)”; entity engaged by acquirers to handle credit and debit card transactions on their behalf 
  • Issuer: Also referred to as “issuing bank” or “cardholder’s bank”; entity that issues credit or debit cards to consumers and pays acquiring banks purchases that their cardholders make; it is the cardholder’s responsibility to repay their issuing bank under their credit card agreement
  • Card Network: Entity that controls where credit or debit cards can be accepted and facilitates transactions between acquirers and issuers; four major card networks include Visa, Mastercard, Discover and American Express; Card networks are not banks, and they do not issue credit cards or merchant accounts

Prior to accepting credit cards, determine what’s being sold, the prices and options for accepting and processing payments. Determining how and where to accept payments is an important consideration. The Payment Card Industry – Data Security Standards (PCI DSS) sets very specific rules on how high-risk cardholder data is managed. Selecting the appropriate method helps merchants accept credit cards in a safe and compliant manner. See Fraud Prevention for information on preventing credit card fraud.

Please use the guideline below to determine what processing method is appropriate.

Processing Method    Description
Point-of-Sale (POS) 
  • The customer presents the payment card in person (insert, swipe or use contactless payment such as digital wallet). Customers can use the Stanford acquiring bank provided or approved third party provided stand-alone credit card terminals.
  • Requires approval from MS, ET Compliance and Information Security Office if a new POS system, with its proprietary equipment, is considered
  • Refer to Resource: Point-of-Sale Merchants for details
Ecommerce
  • Customers directly input payment card or digital payment data online
  • Can use approved third-party service providers (TPSP) which are payment gateway compatible with Stanford acquiring bank’s processor, Wells Fargo Merchant Services. Their preferred payment gateway is Cybersoure. 
  • Requires approval from MS, ET Compliance and the Information Security Office (ISO) if a new TPSP is considered or a webstore is built by IT Services (UIT) resources
  • Refer to Resource: Ecommerce Merchants for details
Conference and Event Registration (Ecommerce)
  • Customers directly registers for an event and  inputs payment card data online
  • Can use Treasury managed Eventbrite or Certain event management software
  • Department is required to set up an Eventbrite merchant account or Certain subaccount; responsible for building their own events and performing registration and financial reconciliation. 
  • Alternatively, departments can use the Stanford Ticket Office or Stanford Conference event management services.
  • Requires approval from MS, ISO and Contracts in FMS Procure to Pay when a new event vendor is considered
  • Refer to Topic Overview: Event Ticketing and Registration Services for details
Mail Order / Telephone Order (MOTO) 
  • Customer is not present at the time of purchase; the merchant manually inputs payment card data through a point of sale terminal or online software.
  • Requires an encrypted VoIP work phone
  • Requires use of Stanford acquiring bank gateway services or approved third party standalone credit card terminals
  • An online “virtual” terminal via a payment gateway using available network segmentation
  • Requires approval from Merchant Services and ET Compliance

The Office of the Treasury (OOT) centrally manages Stanford University’s relationship with its acquiring bank to facilitate processing services that meet department needs and adhere to industry and institutional data security standards. All Stanford entities that accept credit cards must use Stanford’s acquiring  bank and an approved vendor for gateway and front end software and services. Leveraging existing relationships and proven products allows departments to expedite new merchant account set ups, limit counterparty risk and maintain compliance. 

The following approved vendors are centrally supported by MS and are acceptable for deployment on campus. Please contact MS for information prior to engaging the service. If there is a vendor not listed below that you feel is essential to your business, learn more about the criteria and steps for a Third-Party Vendor Evaluation

Approved Description
Bidding For Good (with Stripe)
  • BiddingForGood auctions are managed and processed through an all-in-one-digital fundraising platform.
  • Platform provides a choice of integrated processors including Stripe. Select Stripe before an auction homepage goes live to sell tickets and accept cash donations.
  • E-commerce only and mobile payment friendly.
CyberSource
  • All credit card data is entered on an order page that is hosted on Cybersource's secure server.
  • After a payment transaction has been completed, the Secure Acceptance solution will return transaction identifiers back to the storefront website. 
  • Transaction details are viewable in Cybersource  business center. Refer to Resource: E-Commerce Merchants for more information.
Clover
  • Point-of-sale terminals are credit card swipe, dip or tap terminals. Terminals used on campus must be provided by Wells Fargo approved vendors.
  • Terminals require an analog phone line [a voice over internet protocol (VOIP) line is not acceptable for use in transmitting credit card data]. 
  • Wireless terminals, which use a secure, proprietary network provided by Wells Fargo, are also available. See Point-of-Sale Merchants for details.
Encrypted Keypad
Event Management
Shopify (with Stripe)
  • Create an online store with Shopify and accept credit cards with Stripe.
  • Payments can be accepted for course registration, merchandise,  admission deposit, program tuition, miscellaneous fees.
Slate (with Stripe)
  • Slate provides a built-in payment processing platform, Slate Payments, that can be used to accept payments by credit card, debit card, or electronic check.
  • The Slate Payments Deposit Account is a holding account with Stripe (a connected account on the Slate Payments platform) where your funds are held until transferred to you. Funds are collected, held, and paid out in separate sub-balances depending on the payment method.
  • Payments can be accepted for program tuition, application fees, and admission deposits.
Stripe
  • Payment link is the Stripe hosted payment page by product. E-commerce only and mobile payment friendly. Link can be converted to a QR payment at point-of-sale.
  • Invoicing is the direct bill payment for a manageable number of customers/vendors. Ecommerce only and mobile payment friendly.
  • Please submit a support request to Merchant Services to set up the account.
  • Learn more about Stripe Payment Solutions.
Other

It’s important that merchants consider the associated fee structure when reviewing the available processing method options. 

Fee Type Description
Credit Card Processing (All Merchants) Processing fees are billed on a monthly basis. Credit card processing fees are typically 2.5% to 3% of credit card revenue. Generally these are debited from your department’s  PTA on the 10th business day of the month following the month in which they were incurred.
Stanford Merchant Services Fee Billed monthly at 0.8% of the prior month's card revenue via an iJournal to your department's PTA with an expense type of 58502 (Stanford Merchant Services Fee). This fee is assessed by the university on all credit/debit card and digital payment revenue collected through any channel.
Terminals for Purchase

One-time purchase price for the following PCI-validated point-to-point encryption (P2PE) equipment provided by Wells Fargo:

  • Clover Flex at $424.15 + sales tax
  • Clover Mini at $565 + sales tax
  • Clover Station at $893.35 + sales tax

Monthly service fee:

  • Basic Plan at $4.95 per month per device
  • Payment Plus Bundle at $5.00
  • Register Lite Plan at $14.95 per month per device
  • Register Bundle at $34.95 per month per device

Monthly cellular network fee: 

  • $15 per month per device may be waived by Clover

ID Tech SREDKey keypad to enable entering card data securely and plugs into a Stanford issued work computer via a standard USB port. Learn about costs, benefits, ordering and set up procedures for an Encrypted Keypad for Virtual Terminal.

Note: Departments are solely responsible for obtaining the equipment pricing provided by other approved third-party service providers. See Point-of-Sale Merchants for details.

Terminal for Rental

Rental fee ($49.99 per device) with one-time activation fee ($25), and monthly access fee ($15 per month) 

Rental fee will not be charged for the month, if terminals are ordered after and/or returned before the 20th of the same month. 

No fees are charged if departments borrow one of the three terminals available from Treasury’s loaner program, subject to availability. See Point-of-Sale Merchants for details.

eCommerce Platforms Each ecommerce site may have their own additional processing fees. Departments are responsible for determining pricing provided by approved third-party website providers.

 

Credit or debit card transactions are processed through a variety of platforms used by a merchant, including point of sale terminals, eCommerce and telephone or mail. The entire processing life cycle from the time the card is dipped/swiped/tapped/keyed until a receipt is produced takes place within 2 to 3 seconds. There are two stages in the transaction process.

Stage 1: Authorization and Authentication

In the authorization and authentication stage, the merchant must obtain payment approval from the issuer. Here are the roles and processes:

  1. Cardholder: The cardholder pays the merchant for a purchase with a credit or debit card. 
  2. Merchant: The merchant uses its credit card machine, software or gateway to transmit the card’s detailed information to the acquirer (or its processor). 
  3. Acquirer: The acquirer (or its processor) forwards the card’s detailed information to the appropriate card network. 
  4. Card Network: The appropriate card network requests payment authorization from the issuer. The authorization request includes card number, card expiration date, billing address, card security code and payment amount.
  5. Issuer: The issuer validates cardholder account, approves or declines the transaction and places a hold for purchase amount on the cardholder’s account. 
  6. Card Network: The issuer sends back the appropriate authorization response through the appropriate card network to the acquirer (or its processor).
  7. Acquirer: The acquirer (or its processor) forwards the authorization response to the merchant’s terminal, software or gateway.
  8. Merchant: The merchant receives authorization response and provides the cardholder a receipt to complete the sale if it is approved. All authorized transactions are stored in a batch file awaiting settlement.

For more information and to learn about the account process, refer to Topic Overview: Merchant Account Life Cycle.

Stage 2: Clearing and Settlement

The clearing and settlement occurs after the authorization process takes place. Here are the roles and processes:

  1. Merchant: At the end of each business day, the merchant sends approved authorizations in a batch to its acquirer (or processor).
  2. Acquirer: The acquirer (or processor) routes the batch information to the card network for settlement.
  3. Card Network: The card network forwards each approved transaction to the appropriate issuer. 
  4. Issuer: The issuer transfers the funds through the Card Network less interchange fees. 
  5. Card Network: The card network pays the acquirer (or processor) its percentage of the remaining funds.
  6. Acquirer: The acquirer deposits the funds from sales into the merchant’s bank account via automated clearinghouse (ACH) and debits the merchant’s account for processing fees either monthly or daily.
  7. Issuer: The issuing bank posts transactions to the cardholder’s account. The cardholder receives the statement and pays the bill.

Decline

A credit or debit card decline occurs when the payment cannot be processed for a particular reason. The transaction can be declined by the payment gateway, the acquirer (or its processor) or most commonly the issuer. For more information, review the Resource: Credit and Debit Card Decline.

Chargeback

A chargeback occurs when a cardholder disputes a certain charge posted to their account.  It is usually a result of criminal fraud or friendly fraud, but may also occur due to merchant errors. For more information, refer to Resource: Credit and Debit Card Chargeback. To learn about preventing fraudulent credit card activity, see Fraud Prevention.

Refund

Refund methods are available for merchants that would like to refund a transaction previously processed in-person point of sale or online. Merchants should obtain the supervisor’s approval to authorize the refund. For more information, refer to Topic Overview: Issuing Refunds to Credit and Debit Cards.

Last Updated: Sep 15, 2022