local_library Resource

Merchant Services Community of Practice Meetings

Merchant Services (MS) collaborates with Stanford schools and departments to help them establish and manage merchant accounts to securely process credit/debit card and digital payments for their products and services. For all things merchant-related, start with the Merchant Services Program overview page.

Community of Practice

The ways that theMerchant Services Community of Practice connects via meetings, Slack, Fingate and email list.

 

 

 

 

 

 

 

 

 

 

 

The purpose of a Merchant Services Community of Practice (CoP) meeting is to provide a way for participants to share tips and best practices, ask questions of their colleagues, and provide support for each other. Communities of Practice provide a pathway for beginners to embark on a journey of mastery and for seasoned staff to share their experiences. These CoP meetings are for Stanford merchants and staff with a shared interest in Merchant Services topics for virtual networking, learning, and mutual support.

Date and Link Description

February 2023

Pending

   

Date and Link Description

January 27, 2022

No Meeting

February 24, 2022

 

Community of Practice February Meeting

Topic: The Information Security Office (ISO) orchestrates efforts and provides services to protect the information assets that are important to Stanford. ISO consults Merchant Services and has a vital role in supporting the university's payment card industry (PCI) regulatory compliance obligations. This was an opportunity to preview the new PCI Compliance website managed by ISO and share how it guides merchants through the requirements and training.

March 24, 2022

Presentation

Recording

Community of Practice March Meeting

Topic: Third-Party Ecommerce Vendor Usage

May 26, 2022

PCI Presentation

Stripe Presentation

Recording

Community of Practice May Meeting

  • PCI Incidents, presented by T.C. Chen from the Information Security Office
    • Fraudulent activities
    • Incident Response process
    • Prevention
  • Demonstration of Stripe basics, presented by Rich Boltizar, MS Program Manager:
    • How it fits into the payments space
    • Why they should choose native Stripe in most situations
    • Payment methods
    • Stripe's off-the-shelf products
    • Ecommerce basics for merchants including the decision points they'll face
    • Third-party vendors

July 28, 2022

Stripe Meeting Presentation

Stripe Meeting Recording

Stripe Reconciliation Tool Guide

Stripe Reconciliation Tool Demo

Community of Practice July Meeting

  • Update on Stripe features available
  • How to integrate it into existing workflows and design efficient workflows to take advantage of Stripe
  • Guided discussion tailored to merchant pre-submitted questions
  • Q&A period

August 25, 2022

Recording

Community of Practice August Meeting

Our consulting firm, CampusGuard, covered the new Self-Assessment Questionnaire portal pciportal.stanford.edu

  • Decommissioned the old portal from Trustwave/SecureTrust/Sysnet
  • Training and SAQs are consolidated into one portal under CampusGuard (not STARS)
  • Current SAQ docs for merchants have been migrated
  • Only PCI contact identified with access can get into the portal
  • If additional contacts need to get access, contact Merchant Services
  • For questions on specific SAQ fields, contact the Information Security Office
  • Reminder - 2022 PCI compliance validation timeline: September thru November, see Training details

Other:

  • Voice over IP (VoIP) survey merchant outreach
  • Certain event platform survey due by August 31, 2022
  • Do not process manual transactions on Stripe dashboard; use payment links or invoices

September 21, 2022

Recording

 

 

 

September 29, 2022

Recording

Community of Practice September Workshop #1

Topic: CampusGuard demonstration on PCI & SAQ

Reviewed PCI Compliance Training and Self-Assessment Questionnaire requirements. The first workshop focused on the eCommerce payment channel where SAQ A was covered. Timelines for SAQ completion and submission: November 8 for all merchants

 

Community of Practice September Workshop #2

Topic: CampusGuard demonstration on PCI & SAQ

Reviewed PCI Compliance Training and Self-Assessment Questionnaire requirements. The second workshop focused on in-person/mail order/phone order payment channels where SAQ P2PE (primary), B, and C-VT was covered. Timelines for SAQ completion and submission: November 8 for all merchants.

  • Review of the PCI Self-Assessment Questionnaires (SAQs)
      • Who is responsible for completing the SAQ?
      • Which SAQ(s) should be completed?
      • Walk-through of a sample SAQ
        • How to complete the SAQ
        • Detailed guidance on how to accurately review your merchant environments
      • Explanations around the technical requirements 

    October 27, 2022

    Recording

    Presentation

    Community of Practice October Meeting

    Topic:

    • Updates to deposit process for merchants who accept cash and checks
    • Additional guidance through Self-Assessment Questionnaires
    November/December No Meeting

    Date and Link Description
    December 2021 No Meeting

    November 2021

    Recording

    Presentation

    Community of Practice November meeting

    Discussion topics: Cybersource migration update, SREDKey deployment overview,  and best practices on virtual/non-POS payment processing.  A cost benefit analysis of SREDKeys will be made available after we know more about how the merchant framework will impact the MS fee.

    October 2021

    Workshop Recording

    Workshop PDF

    Community of Practice October 28 Workshop 2

    Discussion topics: Review PCI Compliance Training and Self-Assessment Questionnaire requirements. The second workshop focused on in-person/mail order/phone order payment channels where SAQ P2PE A (primary), B, B-IP, C-VT, C are covered.

    October 2021

    Workshop Recording

    Community of Practice October 21 Workshop 1

    Discussion topics: Reviewed PCI Compliance Training and Self-Assessment Questionnaire requirements. The first workshop focused on the eCommerce payment channel where SAQ A (primary) and A-EP are covered.

    September 2021
    Community of Practice September meeting

    Discussion topics: Beginning November 3, we will move to a direct relationship with Cybersource for Payment Gateway services. This replaces the current Cybersource “bundled” relationship through Wells Fargo. As we’ll be using the same products, many changes will be behind the scenes and invisible. There will be no immediate changes to payment processing or technical integrations. Merchants may see some changes to their Cybersource dashboards, and after migration we’ll be exploring additional service options for eCommerce payments.

    We also shared the capabilities of Stripe, which Stanford just signed an agreement with, to do invoicing and take payments.

    August 2021
    Community of Practice August meeting

    In partnership with the Information Security Office (ISO), Merchant Services now has guidance on PCI compliance requirements from the consulting firm, CampusGuard which is a full-service cybersecurity and compliance services company specifically devoted to serving campus-based organizations. With specific focus on Stanford University's PCI compliance program, CampusGuard assists with the oversight of merchant compliance, annual completion of Self-Assessment Questionnaires (SAQs), and tracking of merchant documentation. Certified QSA personnel, Cari King and Katie Johnson, can assist with questions regarding technical requirements, and in the review of new merchant processes, new payment technologies, applications, etc. CampusGuard can also assist with ongoing third-party and vendor management.

    July 2021

    Community of Practice July meeting

    Discussion topics:

    • A new service agreement and an infrastructure is being built with Stripe with details to come soon
    • A reminder to check point-of-sale devices for charge, for if the battery is fully drained, the risk may result in the device having to be replaced
    • MS is finalizing contract negotiations for the payment gateway which will provide better features on back end payment processes and possibly pricing
    • We are working to update instructions on Fingate and organize a future roadshow on merchant basics and compliance requirements to support navigating PCI compliance. One of the main goals of the Merchant Services Transformation is to adjust our practices so that PCI compliance is not viewed as the primary purpose of the program. We are working to balance those needs with business requirements wherever possible.
    June 2021
    CANCELLED Community of Practice June meeting

     

    May 2021

    Community of Practice May meeting

    Discussion on how Stripe as a payment processor plays an emerging role that impacts card acceptance on campus. 

    Special insights from Rich with Associated Students of Stanford University (ASSU) and Brandy with the Alumni and Development Applications Platform Transition (ADAPT) on how Stripe has worked for them.

    April 2021

    Community of Practice April meeting

    Roundtable/Q&A with the Information Security Office PCI Compliance team, featuring:

    • Shawn Kim, Director of Special Programs/Internal Security Assessor
    • Tadeu Perillo, Information Security Officer/Internal Security Assessor
    • T.C. Chen, Information Security Officer/Internal Security Assessor

    Discussion topics:

    • Learn ISO’s PCI compliance responsibilities which include setting and enforcing PCI policies, organizing and certifying yearly PCI DSS attestation, performing quarterly security scanning, building and maintaining PCI training content and other PCI compliance matters.
    • How to handle credit card information using Voice Over IP (VoIP) technologies and phone equipment requirements 
    • How to verify that vendors are PCI compliant
    • PCI compliance training requirements for new hires
    • Pending changes to PCI DSS 4.0 and impact to the Self Assessment Questionnaire
     

    March 24, 2021

    Community of Practice Kick-Off March meeting

    Discussion topics:

    • Set expectations for meeting format and schedule
    • COVID effects on their programs and services
    • Brainstorming future topics
     

    Join the #merchant-community-forum Slack channel as a place for discussion and updates in between meetings and another tool for collaboration.

    To learn more about creating and growing effective collaborative communities across Stanford, visit Communities of Practice.

    Last Updated: Dec 1, 2022

    Questions?

    arrow_upward
    Back to Top