June 10, 2015

Shift4 Response to MalumPOS Malware

Shift4 Response to MalumPOS Malware

Recently, Trend Micro published a brief on their blog about malware named MalumPOS. This blog post is based on a 2014 report and is most likely referencing 2013 or prior data in order to refer clients to their own endpoint-monitoring software. The post details a specific piece of malware that targets payment data as it passes through the memory (RAM) of a computer. While most of the report focuses on a single POS as the target, the article also refers to Shift4’s Universal Transaction Gateway® (UTG®) as a target, too.

Shift4 Is Targeted? No Need to Worry
Shift4 wants to assure our merchant customers that there is no reason to worry about the information contained in this blog post. Every day, Shift4 securely processes credit, debit, and gift card payments for more than 24,000 merchant customers via traditional, e-commerce, and mobile points-of-sale throughout North America. Of course we are a target. In today’s climate, everyone who processes cardholder data is a target. This is why so many merchants entrust the burden of securing that sensitive payment card data to us – because Shift4 specializes in simplifying and securing cardholder data – and we have for over 20 years.

Being a target is what we expect and why our merchant customers know they can trust our vigilance to ensure their customers’ data is protected all day, every day. It’s why we take the time and care to include ironclad security methods and technologies as an essential component of each transaction we process, as well as the new payment processing solutions we develop and implement.

What You Need
We have some advice for how you can ensure that you are protected with Shift4’s solutions:

  1. Make sure that you are using the most current version of the UTG.
  2. If you haven’t already, upgrade to use True P2PE™ and TrueTokenization®. When combined, Shift4’s True P2PE and TrueTokenization solutions ensure that our merchant customers never store, process, or transmit sensitive cardholder data. After all: They Can’t Steal What You Don’t Have®.
  3. Take advantage of Shift4’s full security suite, including 4Go® to provide an additional layer of security at the keyboard driver level, i4Go® to intercept cardholder data in e-commerce and omni-channel environments, 4Res® to tokenize payment information contained in reservation requests from third parties, and more. Wherever you have a potential entry point for cardholder data, we’ve created a solution to secure it.

If you have any questions at all about Shift4’s payment security technologies, please contact our 24/7/365 Las Vegas-based Customer Support team at [email protected] or call 702.597.2480 (option 2). We’re here for you!