Merchant Services (MS) collaborates with Stanford schools and departments to help them establish merchant accounts and securely process credit/debit card payments for their products and services.

Community of Practice












The purpose of a Merchant Services Community of Practice (CoP) meeting is to provide a way for participants to share tips and best practices, ask questions of their colleagues, and provide support for each other. Communities of Practice provide a pathway for beginners to embark on a journey of mastery and for seasoned staff to share their experiences. These CoP meetings are for Stanford merchants and staff with a shared interest in Merchant Services topics for virtual networking, learning, and mutual support.

Date and Link Description
June, 2022 Skip. We are moving to a bimonthly schedule

July 28, 2022



  • Stripe
  • Unidentified Receipts (TBD)

September 22, 2022


Topic: tbd
Date and Link Description

January 27, 2022

No Meeting

February 24, 2022


Community of Practice February Meeting

Topic: The Information Security Office (ISO) orchestrates efforts and provides services to protect the information assets that are important to Stanford. ISO consults Merchant Services and has a vital role in supporting the university's payment card industry (PCI) regulatory compliance obligations. This was an opportunity to preview the new PCI Compliance website managed by ISO and share how it guides merchants through the requirements and training.

March 24, 2022



Community of Practice March Meeting

Topic: Third-Party Ecommerce Vendor Usage

May 26, 2022

PCI Presentation

Stripe Presentation


Community of Practice May Meeeting

  • PCI Incidents, presented by T.C. Chen from the Information Security Office
    • Fraudulent activities
    • Incident Response process
    • Prevention
  • Demonstration of Stripe basics, presented by Rich Boltizar, MS Program Manager:
    • How it fits into the payments space
    • Why they should choose native Stripe in most situations
    • Payment methods
    • Stripe's off-the-shelf products
    • Ecommerce basics for merchants including the decision points they'll face
    • Third-party vendors
Date and Link Description
December 2021 No Meeting

November 2021



Community of Practice November meeting

Discussion topics: Cybersource migration update, SREDKey deployment overview,  and best practices on virtual/non-POS payment processing.  A cost benefit analysis of SREDKeys will be made available after we know more about how the merchant framework will impact the MS fee.

October 2021

Workshop Recording

Workshop PDF

Community of Practice October 28 Workshop 2

Discussion topics: Review PCI Compliance Training and Self-Assessment Questionnaire requirements. The second workshop focused on in-person/mail order/phone order payment channels where SAQ P2PE A (primary), B, B-IP, C-VT, C are covered.

October 2021

Workshop Recording

Community of Practice October 21 Workshop 1

Discussion topics: Reviewed PCI Compliance Training and Self-Assessment Questionnaire requirements. The first workshop focused on the eCommerce payment channel where SAQ A (primary) and A-EP are covered.

September 2021
Community of Practice September meeting

Discussion topics: Beginning November 3, we will move to a direct relationship with Cybersource for Payment Gateway services. This replaces the current Cybersource “bundled” relationship through Wells Fargo. As we’ll be using the same products, many changes will be behind the scenes and invisible. There will be no immediate changes to payment processing or technical integrations. Merchants may see some changes to their Cybersource dashboards, and after migration we’ll be exploring additional service options for eCommerce payments.

We also shared the capabilities of Stripe, which Stanford just signed an agreement with, to do invoicing and take payments.

August 2021
Community of Practice August meeting

In partnership with the Information Security Office (ISO), Merchant Services now has guidance on PCI compliance requirements from the consulting firm, CampusGuard which is a full-service cybersecurity and compliance services company specifically devoted to serving campus-based organizations. With specific focus on Stanford University's PCI compliance program, CampusGuard assists with the oversight of merchant compliance, annual completion of Self-Assessment Questionnaires (SAQs), and tracking of merchant documentation. Certified QSA personnel, Cari King and Katie Johnson, can assist with questions regarding technical requirements, and in the review of new merchant processes, new payment technologies, applications, etc. CampusGuard can also assist with ongoing third-party and vendor management.

July 2021

Community of Practice July meeting

Discussion topics:

  • A new service agreement and an infrastructure is being built with Stripe with details to come soon
  • A reminder to check point-of-sale devices for charge, for if the battery is fully drained, the risk may result in the device having to be replaced
  • MS is finalizing contract negotiations for the payment gateway which will provide better features on back end payment processes and possibly pricing
  • We are working to update instructions on Fingate and organize a future roadshow on merchant basics and compliance requirements to support navigating PCI compliance. One of the main goals of the Merchant Services Transformation is to adjust our practices so that PCI compliance is not viewed as the primary purpose of the program. We are working to balance those needs with business requirements wherever possible.
June 2021
CANCELLED Community of Practice June meeting


May 2021

Community of Practice May meeting

Discussion on how Stripe as a payment processor plays an emerging role that impacts card acceptance on campus. 

Special insights from Rich with Associated Students of Stanford University (ASSU) and Brandy with the Alumni and Development Applications Platform Transition (ADAPT) on how Stripe has worked for them.

April 2021

Community of Practice April meeting

Roundtable/Q&A with the Information Security Office PCI Compliance team, featuring:

  • Shawn Kim, Director of Special Programs/Internal Security Assessor
  • Tadeu Perillo, Information Security Officer/Internal Security Assessor
  • T.C. Chen, Information Security Officer/Internal Security Assessor

Discussion topics:

  • Learn ISO’s PCI compliance responsibilities which include setting and enforcing PCI policies, organizing and certifying yearly PCI DSS attestation, performing quarterly security scanning, building and maintaining PCI training content and other PCI compliance matters.
  • How to handle credit card information using Voice Over IP (VoIP) technologies and phone equipment requirements 
  • How to verify that vendors are PCI compliant
  • PCI compliance training requirements for new hires
  • Pending changes to PCI DSS 4.0 and impact to the Self Assessment Questionnaire

March 24, 2021

Community of Practice Kick-Off March meeting

Discussion topics:

  • Set expectations for meeting format and schedule
  • COVID effects on their programs and services
  • Brainstorming future topics

Join the #merchant-community-forum Slack channel as a place for discussion and updates in between meetings and another tool for collaboration.

To learn more about creating and growing effective collaborative communities across Stanford, visit Communities of Practice.