Merchant Services (MS) collaborates with Stanford schools and departments to help them establish merchant accounts and securely process credit/debit card payments for their products and services.

Community of Practice

The purpose of a Community of Practice (CoP) is to provide a way for participants to share tips and best practices, ask questions of their colleagues, and provide support for each other. Communities of Practice provide a pathway for beginners to embark on a journey of mastery and for seasoned staff to share their experiences. These CoP meetings are for Stanford merchants with a shared interest in Merchant Services topics for virtual networking, learning, and mutual support.

Join the #merchant-community-forum Slack channel as a place for discussion and updates in between meetings and another tool for collaboration.

To learn more about creating and growing effective collaborative communities across Stanford, visit Communities of Practice.

Date and Link Description

October 21, 2021
2:00 p.m. - 3:00 p.m.

Eventbrite Registration

Community of Practice October 21 Workshop 1

Discussion topics: Review PCI Compliance Training and Self-Assessment Questionnaire requirements. The first workshop will focus on the eCommerce payment channel where SAQ A (primary) and A-EP will be covered.

October 28, 2021
11:00 a.m. - 12:00 p.m.

Eventbrite Registration

Community of Practice October 28 Workshop 2

Discussion topics: Review PCI Compliance Training and Self-Assessment Questionnaire requirements. The second workshop will focus on in-person/mail order/phone order payment channels where SAQ P2PE A (primary), B, B-IP, C-VT, C will be covered.

November 18, 2021
11:00 a.m. - 12:00 p.m.

Eventbrite Registration

Community of Practice November meeting

Discussion topics: TBD

Date and Link Description
September 23, 2021
Community of Practice September meeting

Beginning November 1, we will be moving to a direct relationship with Cybersource for Payment Gateway services. This replaces the current Cybersource “bundled” relationship through Wells Fargo. As we’ll be using the same products, many changes will be behind the scenes and invisible. There will be no immediate changes to payment processing or technical integrations. Merchants may see some changes to their Cybersource dashboards, and after migration we’ll be exploring additional service options for eCommerce payments.
 

We also shared the capabilities of Stripe, which Stanford just signed an agreement with, to do invoicing and take payments.

August 26, 2021
Community of Practice August meeting

In partnership with the Information Security Office (ISO), Merchant Services now has guidance on PCI compliance requirements from the consulting firm, CampusGuard which is a full-service cybersecurity and compliance services company specifically devoted to serving campus-based organizations. With specific focus on Stanford University's PCI compliance program, CampusGuard assists with the oversight of merchant compliance, annual completion of Self-Assessment Questionnaires (SAQs), and tracking of merchant documentation. Certified QSA personnel, Cari King and Katie Johnson, can assist with questions regarding technical requirements, and in the review of new merchant processes, new payment technologies, applications, etc. CampusGuard can also assist with ongoing third-party and vendor management.

July 22, 2021

Community of Practice July meeting

Discussion topics:

  • A new service agreement and an infrastructure is being built with Stripe with details to come soon
  • A reminder to check point-of-sale devices for charge, for if the battery is fully drained, the risk may result in the device having to be replaced
  • MS is finalizing contract negotiations for the payment gateway which will provide better features on back end payment processes and possibly pricing
  • We are working to update instructions on Fingate and organize a future roadshow on merchant basics and compliance requirements to support navigating PCI compliance. One of the main goals of the Merchant Services Transformation is to adjust our practices so that PCI compliance is not viewed as the primary purpose of the program. We are working to balance those needs with business requirements wherever possible.
June 22, 2021
CANCELLED Community of Practice June meeting

 

May 27, 2021

Community of Practice May meeting

Discussion on how Stripe as a payment processor plays an emerging role that impacts card acceptance on campus. 

Special insights from Rich with Associated Students of Stanford University (ASSU) and Brandy with the Alumni and Development Applications Platform Transition (ADAPT) on how Stripe has worked for them.

April 22, 2021

Community of Practice April meeting

Roundtable/Q&A with the Information Security Office PCI Compliance team, featuring:

  • Shawn Kim, Director of Special Programs/Internal Security Assessor
  • Tadeu Perillo, Information Security Officer/Internal Security Assessor
  • T.C. Chen, Information Security Officer/Internal Security Assessor

Discussion topics:

  • Learn ISO’s PCI compliance responsibilities which include setting and enforcing PCI policies, organizing and certifying yearly PCI DSS attestation, performing quarterly security scanning, building and maintaining PCI training content and other PCI compliance matters.
  • How to handle credit card information using Voice Over IP (VoIP) technologies and phone equipment requirements 
  • How to verify that vendors are PCI compliant
  • PCI compliance training requirements for new hires
  • Pending changes to PCI DSS 4.0 and impact to the Self Assessment Questionnaire
 

March 24, 2021

Community of Practice Kick-Off March meeting

Discussion topics:

  • Set expectations for meeting format and schedule
  • COVID effects on their programs and services
  • Brainstorming future topics
 

Check back here for meeting agenda updates.