Volume 7, Issue 1 Payment Processing News from Shift4 Corporation November 2005
   

SECURITY SUMMIT RECAP
What would bring together three of the Card Associations, four of the leading security assessment firms, four processors, twenty POS and PMS application developers, and 100 merchants from all industries and of all sizes? In a word: security.

Over 150 people attended the inaugural S.A.F.E. Transaction Security Summit, including Visa, MasterCard, American Express, Hilton Hotels, Swarovski, Heartland Payment Systems, InfoGenesis and INNfinity Hospitality.

The Transaction Security Summit brought together leading experts from across the credit card security industry. From the very first session by MasterCard, which introduced the regulations and explained their evolutions, to the very last session, a round table discussion featuring American Express, Visa, processors and security firms, the entire two-day seminar was focused on providing merchants and payment applications the detailed information they need about the latest security requirements.

"The difference between this event and others I have attended was foremost the level of detail available to attendees. They weren't just given the high level picture; they were able to delve into the details of security, to ask questions that related directly to their individual organization and certification process. It was like hours of free consulting from some of the most experienced names in credit card security, including several of us who were directly involved in the creation of these processes and procedures," stated D.J. Vogel, Managing Partner, 403 Labs, LLC.

The payment application track provided an overview of what your customers are facing in terms of the Payment Card Industry Data Security Standards (PCI DSS) and how that affects what

these customers are asking of you and your systems. More importantly, the summit provided a detailed look at the new Payment Application Best Practices (PABP) security guidelines, with which many processors are requiring validation, and how payment applications can design and upgrade their systems to address these regulations.

Overall, the event was a great success, receiving rave reviews from attendees and speakers alike. We look forward to an even more successful event next year and encourage all of you to attend. Look for the dates for the 2006 summit after the first of the year.

For those of you who would like to view the presentations and handouts from the events, they can be accessed on our website at www.shift4.com/summit_presentations.cfm

TOKENIZATION
To abide by the Card Associations' current requirement of not storing credit card data after the initial authorization (www.visa.com/cisp), Shift4 has developed a new Tokenization technology which enables merchants and payment application vendors to enjoy the highest level of payment processing security possible without requiring a lot of time, money or resources and still supporting incremental authorizations and recurring billing environments.

With Tokenization the purchase starts off the same. The merchant swipes the card data and sends it over to Shift4 fully encrypted. Shift4 sends the card data on to the processor and Shift4 Logoreceives back from the processor an approval. All this is the same as it is today; it is after this point where the process differs. Instead of sending back the card data to the merchant and the POS system, Shift4 turns the data into a Token. A Token is a globally unique, randomized representation of credit card data that is 16 characters long. For payment applications and merchants who utilize Shift4, only the Token is stored in the system. Continued
Page 1 2 3 Printer Friendly Version