08/16/2011

Another Way Shift4 Protects our Merchants

Shift4 is recognized as an industry leader in PCI compliance and information security. But as your business partner, we safeguard your organization in other ways as well. Here’s a quick story that illustrates just how Shift4 and our admittedly stringent regulations help protect our customers.
Recently, we received a request from a merchant service provider (MSP) asking that we initiate a processor change for one of our hotel customers. As a matter of policy, we do not initiate any processor changes without direct authorization from our customers. Adhering to this policy, our account maintenance representative contacted the customer for confirmation that they wanted to make the change.

Our customer was livid. He had not spoken to anyone regarding a processor change. He called the MSP that had submitted the request, who told him they had received the request from an ISO they worked with. The ISO said the application initially came from an independent contractor.

The contractor who had started the process had an old application with our customer’s name on it, a copy of the customer’s driver license, and a voided check the customer had used to change processors previously. According to our customer, his name was forged on this current application, and that forged document was submitted to his MSP without his knowledge.

To make things worse, the property had gone through a few processor changes over the past year due to changes in ownership. While ownership had changed, the original owner was still involved in a minority role, and was still our contact. However, his bank account (the one fraudulently entered from his old check) was no longer the account used by the property. Had the change had been made, all the money would have gone into the previous owner’s account, not the new owners; had our policy not been in place to catch this, this could have been a significant issue for our customer.

The vast majority of MSPs out there do a great job and we have good relationships with them. But, as we all know, one miscue can have devastating results when financial information gets into the wrong hands. As your business partner, we want you to know how our process works and why. When we take extra steps that other companies don’t that require your involvement, it is because at Shift4 we want to protect your business in the same way we protect your credit card transactions.

So next time you’re thinking Shift4’s process is too involved, or that we ask too much of you, please consider the alternative and realize that we truly have your best interests in mind.