Merchant Services (MS) collaborates with Stanford departments to help them establish merchant accounts and securely process credit/debit card payments for their products and services. There are important factors merchants must consider when beginning to accept credit/debit card payments through platforms like Stripe and others. These include establishing roles and responsibilities for the process, determining payment method and the associated fee structure and obtaining approval for third party service providers.


Stanford purchasing cards (PCards) and travel cards (TCards) are outside the scope of MS. They are a tool for individuals making purchases and traveling on behalf of the university and are managed by Card Services. For more information on PCards, refer to PCards Overview and for information on TCards, refer to TCards Overview. For assistance, submit a support request.

To better understand the process of a credit or debit card transaction, it is necessary to learn the key players involved:

  • Cardholder: Non-consumer or consumer customer to whom a payment card is issued or any individual authorized to use the payment card
  • Merchant: Any business that maintains a merchant account that enables them to accept credit or debit cards as payment from customers (cardholders) for goods or services
  • Acquirer: Also referred to as “acquiring bank” or “merchant’s bank,” acquirers contract with merchants to create and maintain merchant accounts that allow the business to accept credit and debit cards; provide merchants with equipment to accept cards and manage customer service and other necessary aspects involved in card acceptance; deposits funds from card sales into a merchant’s account
  • Processor: Sometimes referred to as “payment gateway” or “payment service provider (PSP)”; entity engaged by acquirers to handle credit and debit card transactions on their behalf 
  • Issuer: Also referred to as “issuing bank” or “cardholder’s bank”; entity that issues credit or debit cards to consumers and pays acquiring banks purchases that their cardholders make; it is the cardholder’s responsibility to repay their issuing bank under their credit card agreement
  • Card Network: Entity that controls where credit or debit cards can be accepted and facilitates transactions between acquirers and issuers; four major card networks include Visa, Mastercard, Discover and American Express; Card networks are not banks, and they do not issue credit cards or merchant accounts

Prior to accepting credit cards, determine what’s being sold, the prices and options for accepting and processing payments. Determining how and where to accept payments is an important consideration. The Payment Card Industry – Data Security Standards (PCI DSS) sets very specific rules on how high-risk cardholder data is managed. Selecting the appropriate method helps merchants accept credit cards in a safe and compliant manner. Please use the guideline below to determine what processing method is appropriate.

Processing Method    Description
Point-of-Sale (POS) 
  • The customer presents the payment card in person (insert, swipe or use contactless payment such as digital wallet). Customers can use the Stanford acquiring bank provided or approved third party provided stand-alone credit card terminals.
  • Requires approval from MS, ET Compliance and Information Security Office if a new POS system, with its proprietary equipment, is considered.
  • Refer to Resource: Point-of-Sale Merchants for details.
E-Commerce
  • Customers directly input payment card data online.
  • Can use approved third party service providers (TPSP) which are payment gateway compatible with Stanford acquiring bank’s processor, Wells Fargo Merchant Services. Their preferred payment gateway is Cybersoure. 
  • Requires approval from MS, ET Compliance and potentially, the Information Security Office (ISO) if a new TPSP is considered or a webstore is built by IT Services (UIT) resources.
  • Refer to Resource: Ecommerce Merchants for details.
Conference and Event Registration (E-Commerce)
  • Customers directly registers for an event and  inputs payment card data online.
  • Can use Treasury managed Eventbrite or Certain event management software.
  • Department is required to set up a Certain subaccount or Eventbrite merchant account; responsible for building their own events and performing registration and financial reconciliation. 
  • Alternatively, departments can use the Stanford Ticket Office or Stanford Conference event management services.
  • Requires approval from MS, ET Compliance and potentially  ISO if a new event vendor is  considered.
  • Refer to Topic Overview: Event Registration for details.
Mail Order / Telephone Order (MOTO) 
  • Customer is not present at the time of purchase; the merchant manually inputs payment card data through a point of sale terminal or online software.
  • Requires an encrypted VoIP work phone.
  • Requires use of Stanford acquiring bank gateway services or approved third party standalone credit card terminals.  
  • An online “virtual” terminal via a payment gateway combined with a separate segregated internet network is also available.
  • Requires approval from Merchant Services and ET Compliance.

It’s important that merchants consider the associated fee structure when reviewing the available processing method options. 

Fee Type Description
Credit Card Processing (All Merchants) Processing fees are billed on a monthly basis. Credit card processing fees are typically 2.5% to 3% of credit card revenue. Generally these are debited from your department’s  PTA on the 10th business day of the month following the month in which they were incurred.
Stanford Merchant Services Fee Billed monthly at 0.8% of the prior month's card revenue via an iJournal to your department's PTA with an expense type of 58502 (Stanford Merchant Services Fee). This fee is assessed by the university on all credit/debit card and digital payment revenue collected through any channel.
Terminal for Purchase

One-time purchase price for the following PCI-validated point-to-point encryption (P2PE) equipment provided by Wells Fargo:

  • Clover Flex at $424.15 + sales tax
  • Clover Mini at $565 + sales tax
  • Clover Station at $893.35 + sales tax

Monthly service fee:

  • Basic Plan at $4.95 per month per device
  • Register Lite Plan at $9.95 per month per device

Monthly cellular network fee: 

  • $15 per month per device may be waived by Clover in some circumstances/

Note: Departments are solely responsible for obtaining the equipment pricing provided by other approved third party service providers.

Terminal for Rental

Rental fee ($49.99 per device) with one-time activation fee ($25), and monthly access fee ($15 per month) 

Rental fee will not be charged for the month, if terminals are ordered after and/or returned before the 20th of the same month. 

No fees are charged if departments borrow one of the three terminals available from Treasury’s loaner program, subject to availability.

 

Credit or debit card transactions are processed through a variety of platforms used by a merchant, including point of sale terminals, eCommerce and telephone or mail. The entire processing life cycle from the time the card is dipped/swiped/tapped/keyed until a receipt is produced takes place within 2 to 3 seconds. There are two stages in the transaction process.

Stage 1: Authorization and Authentication

In the authorization and authentication stage, the merchant must obtain payment approval from the issuer. Here are the roles and processes:

  1. Cardholder: The cardholder pays the merchant for a purchase with a credit or debit card. 
  2. Merchant: The merchant uses its credit card machine, software or gateway to transmit the card’s detailed information to the acquirer (or its processor). 
  3. Acquirer: The acquirer (or its processor) forwards the card’s detailed information to the appropriate card network. 
  4. Card Network: The appropriate card network requests payment authorization from the issuer. The authorization request includes card number, card expiration date, billing address, card security code and payment amount.
  5. Issuer: The issuer validates cardholder account, approves or declines the transaction and places a hold for purchase amount on the cardholder’s account. 
  6. Card Network: The issuer sends back the appropriate authorization response through the appropriate card network to the acquirer (or its processor).
  7. Acquirer: The acquirer (or its processor) forwards the authorization response to the merchant’s terminal, software or gateway.
  8. Merchant: The merchant receives authorization response and provides the cardholder a receipt to complete the sale if it is approved. All authorized transactions are stored in a batch file awaiting settlement.

For more information and to learn about the account process, refer to Topic Overview: Merchant Account Life Cycle.

Stage 2: Clearing and Settlement

The clearing and settlement occurs after the authorization process takes place.

  • Merchant: At the end of each business day, the merchant sends approved authorizations in a batch to its acquirer (or processor).
  • Acquirer: The acquirer (or processor) routes the batch information to the card network for settlement.
  • Card Network: The card network forwards each approved transaction to the appropriate issuer. 
  • Issuer: The issuer transfers the funds through the Card Network less interchange fees. 
  • Card Network: The card network pays the acquirer (or processor) its percentage of the remaining funds.
  • Acquirer: The acquirer deposits the funds from sales into the merchant’s bank account via automated clearinghouse (ACH) and debits the merchant’s account for processing fees either monthly or daily.
  • Issuer: The issuing bank posts transactions to the cardholder’s account. The cardholder receives the statement and pays the bill.

Decline

A credit or debit card decline occurs when the payment cannot be processed for a particular reason. The transaction can be declined by the payment gateway, the acquirer (or its processor) or most commonly the issuer. For more information, review the Resource: Credit and Debit Card Decline.

Chargeback

A chargeback occurs when a cardholder disputes a certain charge posted to their account.  It is usually a result of criminal fraud or friendly fraud, but may also occur due to merchant errors. For more information, refer to Resource: Credit and Debit Card Chargeback.

Refund

Refund methods are available for merchants that would like to refund a transaction previously processed in-person point of sale or online. Merchants should obtain the supervisor’s approval to authorize the refund. For more information, refer to Topic Overview: Issuing Refunds to Credit and Debit Cards.

Stanford merchants are required to maintain compliance with university policy and Payment Card Industry Data Security Standards (PCI DSS). This requires that the merchant assign the necessary roles in their organization to manage all compliance responsibilities. For information on university policy and merchant responsibilities, refer to Resource: Merchant ResponsibilitiesFor more information on PCI DSS, refer to Topic Overview: Annual PCI Compliance Requirements.

The Office of the Treasury (OOT) centrally manages Stanford University’s relationship with its acquiring bank to facilitate processing services that meet department needs and adhere to industry and institutional data security standards. All Stanford entities that accept credit cards must use Stanford’s acquiring  bank and an approved vendor for gateway and front end software and services. Leveraging existing relationships and proven products allows departments to expedite new merchant account set ups, limit counterparty risk and maintain compliance. 

The following approved vendors are centrally supported by MS and are acceptable for deployment on campus. Please contact MS for information prior to engaging the service. If there is a vendor not listed below that you feel is essential to your business, please contact MS for a consultation. Please note that all new vendors used for payment card processing must be approved per the guideline.

Approved Description
CyberSource
  • All credit card data is entered on an order page that is hosted on CyberSource's secure server
  • After a payment transaction has been completed, the Secure Acceptance solution will return transaction identifiers back to the storefront website. 
  • Transaction details are viewable in Cybersource  business center. Refer to Resource: E-Commerce Merchants for more information.
POS Terminal Provided by Wells Fargo
  • Point-of-sale terminals are credit card swipe, dip or tap terminals. Terminals used on campus must be provided by Wells Fargo approved vendors.
  • Terminals require an analog phone line [a voice over internet protocol (VOIP) line is not acceptable for use in transmitting credit card data]. 
  • Wireless terminals, which use a secure, proprietary network provided by Wells Fargo, are also available.
Event Management
  • Certain Event Management is an online platform that allows departments to create webpages and sell tickets for events by accepting credit card payments online. For more information, refer to Resource: Certain Event Management.
  • Eventbrite is an online ticketing platform that enables faculty and staff to set up free and paid events. For more information, refer to Resource: Eventbrite Event Management.
Other
  • Please contact MS for other services that may fit department needs.