To comply with CISP, organizations must meet twelve defined security requirements designed to protect data and carefully manage and track all data access. The program requires that organizations annually undergo an independent security audit to validate the compliance of their processes and operations. While security can never be completely guaranteed, organizations adhering to CISP requirements can minimize the risks of compromised financial data.

CISP isn't just for e-commerce organizations; these requirements are for every organization from brick and mortar retail stores, restaurants and resort properties, to online reservation sites and mail and telephone order organizations. Most importantly, Visa's CISP program isn't optional. All merchants and service providers must be compliant with CISP. Failure to comply can lead to significant fines and even the loss of the ability to accept Visa cards.

The deadlines for compliance are fast approaching. All service providers must be compliant by September 30, 2004. Merchants that process more than 6 million Visa transactions annually must submit their compliance documentation by September 30, 2004. Merchants who process 500 thousand to 6 million Visa transactions annually have until March 31, 2005 to submit their documentation.

Shift4 was among the first organizations to be certified compliant with CISP (a complete list of compliant service providers is published by Visa and can be accessed at www.visa.com/cisp). All our data centers, as well as our $ $ $ ON THE NET solution, have been independently audited and are recognized by Visa USA as compliant.

Since $ $ $ ON THE NET is an ASP solution – meaning Shift4 hosts the data and manages the data access – merchants utilizing $ $ $ ON THE NET are not storing any financial data or credit card numbers. Therefore, $ $ $ ON THE NET merchants should not have to make any changes to comply with CISP.

Shift4 is proud of the level of security we provide and of our CISP certification and are happy to answer any questions you may have. We invite you to visit our website at www.shift4.com or call us at (702) 597-2480, ext. 3430 for further details.

TECH TIPS

How do I change Fraud Sentry email settings in $ $ $ ON THE NET?

Depending on the security requirements of your account, you may be able to change who receives the Fraud Sentry email notifications directly in the $ $ $ ON THE NET system. Log on to the Root Administrator Account and navigate to Account Settings (under Home - Administration Home - Account Settings ). Once in Account Settings, make the necessary e-mail address changes in the Fraud Sentry Notifications section and click Apply at the bottom of the screen.

If the e-mail address you wish to change does not appear in the Fraud Sentry Notifications section, Shift4 has configured your settings and you must contact us to make any changes. Please fax a signed change request on company letterhead to (702) 804-6119. Include the reason for the change (e.g. old contact no longer with property, etc.), a business card, and copy of your picture ID.

Why do batches suspend?

$ $ $ ON THE NET customers typically experience fewer suspended batches than those on dial up, but Internet-related communication issues and data corruption can cause the occasional suspended batch. Corrupt or missing data in the settlement file, such as invalid card numbers, authorization codes or amounts, can also cause a batch to suspend. For most processors we work with, settlement batches are an all-or-nothing proposition; it only takes bad data in one transaction Continued