BLOGInsight into the Payments Industry

04/26/2019

Shift4 Payments Introduces RESTful API

Shift4 Payments Introduces RESTful API

Shift4 Payments is pleased to announce the general availability of our new RESTful API. With the introduction of this new integration option, our new and existing independent software provider (ISV) partners can now integrate their point of sale or property management systems much faster to Shift4’s payment gateway and network, including our suite of secure …

01/30/2019

DOLLARS ON THE NET Is Now Lighthouse Transaction Manager

DOLLARS ON THE NET Is Now Lighthouse Transaction Manager

New Look and Feel, Same Reliable FeaturesIn terms of functionality there aren’t any changes to the user interface. You’ll get to enjoy the benefits of the updated design without losing any of the features you know and love. These include: Features and Functionality Centrally manage transactions from a single screen for all revenue centers and …

06/28/2017

Are You Still Using Early TLS? It’s Time to Take Action!

Are You Still Using Early TLS? It’s Time to Take Action!

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation ⚠ Update 05/10/2018: Beginning May 10, 2018, Shift4 Payments will be officially ending support of TLS versions 1.1 and earlier. If you are a merchant still using one of these unsupported versions,  you will not be able to use any of our gateway services. Please …

03/07/2017

IMPORTANT: You May Be Required to Update to the TLS 1.2 Protocol

IMPORTANT: You May Be Required to Update to the TLS 1.2 Protocol

If you are you using an old web browser or a server-to-server setup to connect with Shift4’s DOLLARS ON THE NET payment gateway and/or our i4Go solution, you will soon be required to update to the TLS 1.2 protocol. If you do not make this update, your payment processing may be impacted.Please Note: Most DOLLARS …

08/02/2016

Don’t Miss Out On Our Extensive Software Updates

Don’t Miss Out On Our Extensive Software Updates

As dedicated merchant advocates, we listen to your feedback and regularly update our payment solutions to optimize your payment processing efficiency and security. In the last month, we’ve released software updates for our Universal Transaction Gateway® (UTG®), DOLLARS ON THE NET® payment gateway, and VT4® mobile point-of-sale solution. Here is a breakdown of the major …

08/02/2016

Ready for Card Numbers Starting With 2?

Ready for Card Numbers Starting With 2?

Starting next year, Mastercard will be rolling out new payment cards that begin with the number “2” (typically, they start with “5”). This will create a new Bank Identification Number (BIN) range of 222100 – 272099 that merchants will need to accept. A BIN makes up the first six digits of a card number, and …

08/02/2016

You May Need to Replace Your Payment Devices

You May Need to Replace Your Payment Devices

As you already know, Shift4 is committed to securing your business, your brand, and your customers’ card data. As part of our mission to help you stay secure and PCI complaint, we’ll be sunsetting support for six payment devices effective January, 1, 2017: Ingenico 3070 Ingenico 6550 Ingenico 6780 Verifone 1000 Verifone MX 850 Verifone …

07/05/2016

Executive Insight: Warning for SSLv3 and Some TLS Users

Executive Insight: Warning for SSLv3 and Some TLS Users

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation As you already know, we at Shift4 are fanatics about having the strongest security possible which is why we build security into everything we do from the ground up. More than a year ago, we eradicated SSL and early TLS from anywhere it …

04/05/2016

ALERT: Use Layered Security Tools and Secure Practices to Minimize Risk

ALERT: Use Layered Security Tools and Secure Practices to Minimize Risk

There is no silver bullet when it comes to payment data security, which is why Shift4 layers numerous security tools to protect our merchant customers in both card-present and card-not-present scenarios, as well as call centers and other specialized environments. Payment security is a constantly moving target and must be monitored and updated frequently to …

02/01/2016

February Release – Shift4’s UTG® Update

February Release – Shift4’s UTG® Update

Shift4 provides the latest and greatest payment technologies to keep your business running smoothly. We listen to your feedback and update our Universal Transaction Gateway® (UTG®) nearly every month, keeping your payment security, efficiency, and business operations in mind with each new UTG build. While some of these updates are minor tweaks, others may have …

02/01/2016

URGENT: Internet Explorer 10 Users Must Upgrade ASAP

URGENT: Internet Explorer 10 Users Must Upgrade ASAP

Last month, we shared information about Microsoft’s end of support for older versions of Internet Explorer (IE) to make sure you knew that they would be ending support for all but the latest version of IE available for a desktop or server operating system. As a result, we’re recommending that you upgrade to IE 11 …

01/05/2016

Microsoft to End Support for Older Versions of Internet Explorer

Microsoft to End Support for Older Versions of Internet Explorer

Microsoft announced that they’ll be ending support for all but the latest version of Internet Explorer that is currently offered for a desktop or server operating system as of January 12, 2016. If you are not running a version of Internet Explorer that is receiving regular security patches, your PCI DSS compliance status may be …

09/01/2015

Support for Windows Server 2003 Is Over

Support for Windows Server 2003 Is Over

In March, we warned merchants that Microsoft’s extended support for Windows Server 2003 would be ending. In July, this extended support period expired. On August 20, 2015, Visa issued a Security Bulletin about the Windows Server 2003 end of life for acquirers, issuers, processors, merchants, and agents. We’re sharing that bulletin below for your reference. …

08/04/2015

Don’t Fall Victim to Malware

Don’t Fall Victim to Malware

Malware attacks have become increasingly common for merchants who process payments using remote-access systems, according to a recent alert from the Financial Services Information Sharing and Analysis Center (FS-ISAC). In the past year, there has been a significant increase in reports of malware that invades point-of-sale (POS) or property management systems (PMS) and creates a …

07/07/2015

Visa® Warns of New Malware Threats

Visa® Warns of New Malware Threats

Visa® recently sent out a security alert to inform merchants of an increase in malware attacks targeting point-of-sale (POS) integrators. We encourage our merchant customers to take note of the following information, and to review the Visa security alert and pass it along to the appropriate departments or individuals. What Is a POS Integrator? A …

03/03/2015

Heads Up: Extended Support for Windows Server 2003 Is Ending

Heads Up: Extended Support for Windows Server 2003 Is Ending

Last year, Microsoft announced that extended support for Windows Server 2003 would end on July 15, 2015. This means that after July 15, Microsoft will no longer deliver any security updates, pay-per-incident support, or support from Microsoft’s Knowledge Base for Windows Server 2003. Most importantly, if you’re still using Windows Server 2003 somewhere in your …

01/06/2015

Don’t Lose $1 Million – Activate Fraud Sentry® Today!

Don’t Lose $1 Million – Activate Fraud Sentry® Today!

Something troubling happened last month. News broke of a hotel manager being arrested for stealing almost a million dollars from her employer over the course of seven years. Even more troubling was that it happened to one of Shift4’s merchant customers – a merchant just like each of you. Saddest of all, this entire fraud …

11/04/2014

How to Protect Yourself From the POODLE SSL Vulnerability

How to Protect Yourself From the POODLE SSL Vulnerability

There’s a new, major Internet security vulnerability that you need to be aware of. It’s called POODLE, and it essentially allows hackers to intercept encrypted data sent from your Web browser (e.g., Internet Explorer) to secure websites (your bank, email account, etc.). POODLE is an attack against SSLv3, a security protocol that has been around …

05/06/2014

New U.S. Executive Order for Russian-Issued Cards

New U.S. Executive Order for Russian-Issued Cards

As your merchant advocate, we want to take just a moment of your time to let you know about a recent United States Executive Order impacting all U.S. processors. It may have an impact on your business, especially if a high percentage of your clientele uses internationally-issued payment cards.On March 20, 2014, the President signed …

04/10/2014

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 is aware of the “Heartbleed” vulnerability that is being reported by security bloggers and the mainstream media. None of Shift4’s technologies have been affected by the Heartbleed bug. Because we’re your merchant advocates, we have put together the following information to help you protect your personal information from other sites that may have been …

04/01/2014

VISA Issues POS Malware Alert

VISA Issues POS Malware Alert

Being merchant advocates, we at Shift4 strive to inform our merchant customers about the importance of maintaining updated software, Web browsers, and recently, operating systems. This alert comes from VISA.Microsoft Windows operating systems are currently being threatened by a malware called “Chewbacca.” Chewbacca is targeting point-of-sale (POS) systems running on Windows operating systems. The recently …

04/01/2014

Windows XP Warning: The Time to Update Is NOW

Windows XP Warning: The Time to Update Is NOW

In January, we warned you that Microsoft would cease support for Windows XP very soon. Well, that time has come. After April 8, 2014, Windows XP is no longer receiving security patches or end-user updates from Microsoft, thereby making the operating system highly vulnerable after a new attack vector is discovered. This impacts you in …

03/04/2014

Don’t Let Old Terminals Leave You Open to Fraud

Don’t Let Old Terminals Leave You Open to Fraud

Our merchant customers know we are proud merchant advocates. In that spirit, here’s a quick loss prevention tip about switching out old terminals that will prevent the possibility of fraudulent charges and the potential exposure of your sensitive merchant account information. This is especially pertinent if you’ve recently switched to Shift4 or are upgrading or …

02/04/2014

Internet Explorer 8 Users: Time to Update

Internet Explorer 8 Users: Time to Update

Last month we warned our merchants using Windows XP about upcoming deadlines that will affect PCI compliance. This month, our announcement goes out to our users with Internet Explorer 8 (IE 8). As of early 2015, Shift4 will no longer support IE 8 and therefore you will not be able to access DOLLARS ON THE …

01/08/2014

Windows XP Sunset Event Could Affect Your PCI Compliance

Windows XP Sunset Event Could Affect Your PCI Compliance

On April 8, 2014, Microsoft’s extended support for Windows XP will cease. Merchants running this operating system should start preparing now to upgrade to a supported operating system. But of course, in standard Shift4 style, we’re here to explain why and how these changes affect you so you can keep your business compliant and safe. …

10/01/2013

IE7 and Compatibility Mode No Longer Supported

Approximately two weeks ago, Shift4 ended support for Microsoft’s Internet Explorer 7. Users still running this outdated, and therefore unsecure, browser will not be able to access DOLLARS ON THE NET® until they upgrade to a more current version. Eighteen months ago, Shift4 started a campaign to encourage our merchant customers to upgrade to modern …

08/07/2013

Summertime Fraud

It always seems that the busiest times of the year are also the times when we hear about the most “trusted-employee” fraud – that’s when an employee uses their access to defraud the company, usually by providing overstated or fraudulent credits. Around the holidays, we often put out a warning to our merchant customers to …

04/02/2013

Always be “Mal-Aware”

Cyber attacks are becoming more and more common. The Internet has been abuzz with them for years, but in the past week, we have seen some of the largest attacks ever launched. Shift4’s Information Security team monitors these threats and has asked us to bring one of them to your attention, as we would hate …

02/05/2013

System Alerts: How Shift4 Keeps You Informed

Shift4’s system alerts help you monitor and diagnose issues with your payment processing quickly and easily. Issues and outages across the industry (from banks, processors, telecommunications providers, etc.) are posted to the System Alerts page of our website and to our Twitter account in near real-time as the information comes to our Support staff. We …

01/09/2013

Tame the BEAST (Browser Exploit Against SSL & TLS)

Shift4 works hard to help merchants understand the challenges and threats that they face in the payments processing world. We typically try to explain all the information we publish in plain English so that you don’t have to be an IT genius to understand it. We must warn you: this article breaks from that tradition. …

06/05/2012

Defense in Depth

Back in March we published an article called Quick and Dirty IT Security, in which we introduced you to four easy steps you can take to drastically reduce your chances of being breached. As that has been one of our most-read articles to date, we’ve decided to follow it up today with a few more …

06/05/2012

Fraud Alerts vs Breach Alerts

Do you know the difference between fraud alerts and breach alerts? You should – and you should make sure your staff does, too. These alerts are two very different things and require completely different responses. Mixing the two up can lead to a world of problems. Recently, one of our merchant customers was contacted by …

05/01/2012

Global Effects of the Global Breach

Over the past few weeks, the payment industry Web space has been filled with articles spawned by the reported breach of Global Payments. These posts range from intelligent hypotheses based on significant industry experience to wild speculation from scheming salesmen looking to make a quick sale by inspiring fear, uncertainty, and doubt in their potential …

04/06/2012

Global Ramifications

The Internet is abuzz with speculation on the source and scope of the Global Payments breach. In the past few days, reports on the number of affected cards have ranged from as many as 10 million to a little more than 50,000 with Global setting the “official” number at 1.5 million. Likewise, the source of …

04/03/2012

VISA CISP: If Compromised

We’ve noticed over the past few months that our security articles are some of our most popular posts. Consider this post a follow up to last month’s Quick and Dirty IT Security and November’s What to do if You Think You May Have Been Breached. This is a quick list of action items for organizations …

11/21/2011

Simple Clues to Early Detection of a Computer Breach

Defending your computer systems from Internet-borne threat agents can be a daunting task. Threat agents take on many forms. Among some of the nastiest are Remote Administration Trojans (RATs) and key-loggers that record data for later extraction through the RAT. Threat agents can squeeze through the tiniest crack in your Internet defenses, so the only …

10/18/2011

What to do if You Think You May Have Been Breached

Imagine you have just discovered something amiss in your system and signs point toward a potential data breach. Do you have a plan of action in place? Do you have people on hand who know how to deal with such a problem? If not, have you found an expert you can contact? “When the time …

07/14/2011

Is it Time for a Browser Upgrade?

Have you ever seen a company campaign against its own product? It’s certainly a rare occurrence, but Microsoft is currently in a campaign against one of its products – and has been for several months. In March of 2011, Microsoft officially launched a campaign against Internet Explorer 6. Why? Well, despite being three generations behind, …

02/07/2011

Why We Need to Know When Your IP Address Changes

Shift4’s Universal Transaction Gateway® (UTG) users must have a permanent IP address assigned to their PC, both for security purposes and so that the POS/PMS can always communicate. If this IP address is changed, and Shift4 is not informed, clients will not be able to connect to DOLLARS ON THE NET and therefore will be …