| Volume 8, Issue 1 | Payment Processing News from Shift4 Corporation | November 2005 |
|---|
|
SECURITY SUMMIT RECAP Over 150 people attended the inaugural S.A.F.E. Transaction Security Summit, including Visa, MasterCard, American Express, Hilton Hotels, Swarovski, Heartland Payment Systems, InfoGenesis and INNfinity Hospitality. "The difference between this event and others I have attended was foremost the level of detail available to attendees. They weren't just given the high level picture; they were able to delve into the details of security, to ask questions that related directly to their individual organization and certification process. It was like hours of free consulting from some of the most experienced names in credit card security, including several of us who were directly involved in the creation of these processes and procedures," stated D.J. Vogel, Managing Partner, 403 Labs, LLC. One of the most important things stressed at the conference by all of the card associations in attendance was that compliance with the Payment Card Industry Data Security Standards, or PCI-DSS, is required by all merchants . Many merchants get hung up on what level they fall into according to the regulations, thinking that if they fall into Level Four, where certification isn't required, they are safe. What you may not realize is that your compliance with these requirements is still required. If your organization isn't in compliance and if there is any breach, you will be subject to the same fines and penalties as merchants in other levels. What the certification process provides these merchants then is proof of their compliance. And with annual network scans costing under $500, certification is well worth the cost, considering the safe harbor and peace of mind it can bring. Shift4 does not provide auditing or scanning services. However, several of the auditing firms |
that attended and spoke at the event are offering a discounted rate to Shift4 merchants. There contact information is below. D.J. Vogel, CISSP, CISA Wen Free Overall, the event was a great success, receiving rave reviews from attendees and speakers alike. We look forward to an even more successful event next year and encourage all of you to attend. Look for the dates for the 2006 summit after the first of the year. For those of you who would like to view the presentations and handouts from the events, they can be accessed on our web site at www.shift4.com/summit_presentations.cfm TOKENIZATION
|
|
|
|
| Page 1 2 3 | Printer Friendly Version |
With Tokenization the purchase starts off the same. The merchant swipes the card data and sends it over to Shift4 fully encrypted. Shift4 sends the card data on to the processor and receives back from the processor an approval. All this is the same as it is today; it is after this point where the process differs. Instead of sending back the card data to the merchant and the POS system, Shift4 turns the data into a Token. A Token is a globally unique, randomized representation of credit card data that is 16 characters long. For payment applications and merchants who utilize Shift4, only the Token is stored in the system.