BLOGInsight into the Payments Industry

10/07/2019

Customer Success Story: How All-in-One Payments Lowered Costs and Improved Operations for This Lakeside Texas Resort

Customer Success Story: How All-in-One Payments Lowered Costs and Improved Operations for This Lakeside Texas Resort

Tanglewood Resort sits alongside Lake Texoma in northern Texas, right on the border with Oklahoma. Because of their location, the full-service resort and conference center has incorporated a unique combination of lakeside views, fine dining, spa services, lake activities, a championship golf course, and a host of outdoor activities like hiking, boating, fishing, horseback riding, …

05/03/2017

Executive Insight: True P2PE – What You Need To Know (Part 2)

Executive Insight: True P2PE – What You Need To Know (Part 2)

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation Riding on the fantastic news that Shift4’s True P2PE® solution is PCI validated, which means that you may be able to significantly reduce the scope and time of your PCI DSS assessments by using the Self-Assessment Questionnaire (SAQ) P2PE, I’m sure you have …

05/02/2017

Fraud Speak: Learn the Lingo to Beat Scammers

Fraud Speak: Learn the Lingo to Beat Scammers

As you are well aware, hackers and scammers pose an ongoing threat to your payment data. A single data breach can do enough damage to your company’s brand and finances to last years – if not bring an end to, or at least greatly hamper, your business operations. This is one of the reasons why …

03/07/2017

Fight Fraud: Authorize Every Guest’s Card at Hotel Check-In

Fight Fraud: Authorize Every Guest’s Card at Hotel Check-In

If your hotel supports EMV and accepts reservations or purchases via an app, website, or call center, please be sure to authorize each guest’s card at check-in to avoid falling prey to an increasingly popular fraud scheme. As we’ve previously mentioned, EMV doesn’t authenticate cards in card-not-present (CNP) scenarios. So these days, when fraudsters buy …

01/03/2017

Executive Insight: True P2PE – What You Need to Know

Executive Insight: True P2PE – What You Need to Know

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation Riding on the fantastic news that Shift4’s True P2PE (point-to-point encryption) solution will soon be PCI validated, I want to impart some important information you need to know, regardless of whether or not you choose to implement True P2PE. Validated P2PE: Requirements for …

11/01/2016

EMV Is a Journey, Not a Destination

EMV Is a Journey, Not a Destination

The transition to EMV is a journey – and thanks to our vast experience, we’re reducing the number of bumps you may experience along the road. (After all, we want it to be a journey you’re glad you took.) So, while adopting EMV isn’t exactly “plug and play,” Shift4 is making it much simpler for …

10/04/2016

Ready for Faster EMV Transactions?

Ready for Faster EMV Transactions?

Last year, we put out an article explaining how the arrival of EMV essentially killed the concept of swipe ahead. With EMV, customers have to wait until all items are rung up and a total is calculated before inserting their cards – and then wait 15-20 agonizing seconds for processing before they can remove their …

10/04/2016

Payment Security Tips From PCI

Payment Security Tips From PCI

Shift4 was honored by the Payment Card Industry Security Standards Council (PCI SSC) last month for supporting the Council since the very beginning, 10 years ago. While we were in attendance at their conference, we picked up a pair of helpful guides that we’d like to pass along to all of our merchant customers. All …

08/02/2016

Ready for Card Numbers Starting With 2?

Ready for Card Numbers Starting With 2?

Starting next year, Mastercard will be rolling out new payment cards that begin with the number “2” (typically, they start with “5”). This will create a new Bank Identification Number (BIN) range of 222100 – 272099 that merchants will need to accept. A BIN makes up the first six digits of a card number, and …

07/05/2016

Making Sense of Mobile Payments

Making Sense of Mobile Payments

You probably take your smartphone with you wherever you go, so it should come as no surprise that mobile payments usage has been steadily increasing. But, with all of the different mobile technologies out there, we know that it can sometimes be confusing and overwhelming.Here’s a closer look at some of the mobile payments technologies …

06/16/2016

Shift4 Offers Fast-Track to EMV Acceptance

Shift4 Offers Fast-Track to EMV Acceptance

Shift4 is proud to offer EMV with more device and processor combinations than any other gateway provider. More than 70 of our valued point-of-sale and property management system partners who have integrated their systems with our DOLLARS ON THE NET® payment gateway have now made the tweaks necessary to certify those solutions for EMV.Check out …

06/07/2016

Partial Authorizations Explained

Partial Authorizations Explained

Most merchants are familiar with partial authorizations on gift card transactions. A customer eats dinner at your restaurant, pays their bill with a gift card, and then $25 is taken off their bill and your point of sale (POS) asks for another form of payment to take care of the remaining balance.But did you know …

06/07/2016

Recent UTG Updates

Recent UTG Updates

Shift4 supports the latest and greatest payments technologies to optimize your payment processing efficiency and security. As such, we listen to your feedback and update our Universal Transaction Gateway® (UTG®) on a regular basis. While some of these changes are minor tweaks and behind-the-scenes improvements, others may have a larger impact on your business, so …

05/03/2016

What’s New With the UTG®?

What’s New With the UTG®?

Shift4 provides the latest and greatest payments technologies to keep your business thriving and your customers happy. We listen to your feedback and regularly update our Universal Transaction Gateway® (UTG®), keeping your payment security, efficiency, and business operations in mind with each new UTG build. While some of these updates are minor tweaks and behind-the-scenes …

04/05/2016

Executive Insight: EMV – 6 Months Later

Executive Insight: EMV – 6 Months Later

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation EMV. If you are in the payments industry, you probably cannot remember the last time you went a full day without hearing this word. I certainly can’t. And, if you are anything like me, EMV has likely given you more than your fair …

03/01/2016

Executive Insight: Setting the Record Straight on Tokenization

Executive Insight: Setting the Record Straight on Tokenization

I watched an interesting and entertaining Twitter dialogue unfold late last month between two payments industry experts. Ian Kar, who covers the payments industry for online news publication Quartz, was covering PayPal’s earnings call when he heard PayPal CEO Dan Schulman make a pretty bold claim: Schulman: Rest of payment industry is following us into …

01/05/2016

Executive Insight: 3 Ways Merchants Can Ensure a More Secure 2016

Executive Insight: 3 Ways Merchants Can Ensure a More Secure 2016

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation For merchants, there is an all too common tendency to “fire and forget” when using security tools. You might have just completed your most recent PCI DSS (Payment Card Industry Data Security Standard) assessment, installed new antivirus software, or added EMV. While each …

01/05/2016

AMEX Has Replaced OnePoint With OptBlue

AMEX Has Replaced OnePoint With OptBlue

For years, Shift4 has provided small merchants with direct payment processing to American Express (AMEX) along with support for the AMEX OnePoint program. OnePoint catered to merchants that processed less than $500,000 (under a single tax ID) in AMEX charges each year. However, on November 1, 2015, the OnePoint program ended and AMEX began offering …

12/01/2015

Executive Insight: Winning the War for Payment Card Data

Executive Insight: Winning the War for Payment Card Data

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Last year, the United States experienced what has been dubbed “the year of the data breach.” Now, we’re nearing the end of 2015, and data breaches continue to plague merchants. Some are saying that hackers’ tactics are changing and that remote-access attacks are …

12/01/2015

Dara Security Assesses True P2PE™

Dara Security Assesses True P2PE™

At Shift4, we value our customers’ payment data security above all else. Every product and technology we provide was created knowing that data breaches and fraud are real threats that can happen to anyone at any time. With that in mind, we want to make sure that all of our payment solutions are as secure …

09/01/2015

Get in Gear for EMV

Get in Gear for EMV

The U.S. EMV migration liability shift date, October 1, 2015, is almost here. Are you on the road to EMV chip card acceptance? Earlier this year, we shared a road map to give merchants and independent software vendors (ISVs) a quick look at how to get ready for EMV. Now, we’re sharing the steps merchants, …

07/07/2015

Executive Insight: Take the Time to Do EMV Right (Part 2)

Executive Insight: Take the Time to Do EMV Right (Part 2)

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Last month, we talked about how some organizations are pressuring merchants to rush into EMV solutions instead of urging merchants to take the time to adopt a strategic approach to EMV. This month, I’ll review some of the nuances of the EMV liability …

07/07/2015

12 Hospitality Touchpoints Secured by Shift4

12 Hospitality Touchpoints Secured by Shift4

From a payments point of view, hospitality environments are particularly complex. Typically, hotels keep payment card information on file for booking guarantees, advanced deposits, refunds, incremental authorizations, and more. This makes the hospitality environment at hotels, resorts, and motels particularly vulnerable to data thieves, who target these environments to retrieve payment card information held within …

06/10/2015

Shift4 Response to MalumPOS Malware

Shift4 Response to MalumPOS Malware

Recently, Trend Micro published a brief on their blog about malware named MalumPOS. This blog post is based on a 2014 report and is most likely referencing 2013 or prior data in order to refer clients to their own endpoint-monitoring software. The post details a specific piece of malware that targets payment data as it …

06/02/2015

Executive Insight: Take the Time to Do EMV Right (Part 1)

Executive Insight: Take the Time to Do EMV Right (Part 1)

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation U.S. a Unique EMV Market Four years ago, when the major issuing banks announced their timeline for transitioning to EMV in the U.S., payments industry insiders knew that the U.S. EMV migration would be more complicated than previous implementations around the globe had …

05/05/2015

Executive Insight: The Cost of Vigilance Versus Compliance

Executive Insight: The Cost of Vigilance Versus Compliance

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation If there’s one word we hear too often in the payments industry, it’s “compliance.” Too many security officers, IT directors, and other business leaders hold to the term like Linus from the Peanuts gang clings to his blanket. And – as dozens of …

05/05/2015

Cyber Security Tips for Smartphone Usage

Cyber Security Tips for Smartphone Usage

Connecting mobile devices to your company network can introduce security risks to the environment if you aren’t careful. However, if you follow these simple rules for smartphone usage, provided by the Financial Services Information Sharing and Analysis Center (FS-ISAC), your environment will be much better off for it. By 2017, the number of smartphone users …

04/17/2015

EMV: What It Is and What It’s Not

EMV: What It Is and What It’s Not

EMV: What It Is and What It’s Not U.S. EMV is coming. Are you prepared? In the simplest terms, EMV is a special chip embedded on a credit or debit card that helps to prevent card-present fraud. The EMV chip prevents counterfeiting, skimming, and the use of lost or stolen credit or debit cards. The …

04/07/2015

3 Things Every Merchant Should Know About EMV

3 Things Every Merchant Should Know About EMV

Shift4’s SVP of Applications Development, Steve Sommers, was recently invited to San Antonio to speak at the Hotel Technology Next Generation (HTNG) North American Conference. The session he was asked to join, entitled “Securing Payment Data: Tales From the Front,” featured Sommers alongside Rob Martin, the VP of Security Solutions for device manufacturer Ingenico, and …

03/03/2015

Shift4 Doesn’t Use SSL (And You Shouldn’t, Either!)

Shift4 Doesn’t Use SSL (And You Shouldn’t, Either!)

You may remember that back in November, we released an alert about protecting yourself from the POODLE SSL vulnerability. For those of you who are less familiar with SSL, it refers to a type of encryption that was once used to secure communications between a user’s Web browser and a website in order to protect …

12/02/2014

EMV Update

EMV Update

The chip cards are coming! We are now just 10 months away from the October 2015 liability shift date for U.S. EMV. That’s the date the card brands set to have all U.S. merchants supporting EMV (Chip card) technology. After that date, whichever organization breaks the “EMV chain” will be held responsible for fraudulent card …

11/04/2014

Shift4 Now Supports Apple Pay

Shift4 Now Supports Apple Pay

We told you last month that adding support for Apple Pay™ was going to be quick and easy, and it was. We’re happy to announce that Shift4 now supports Apple Pay contactless (NFC) payments. In fact, a few of our customers have already starting processing Apple Pay transactions. No additional development is required for you …

11/04/2014

Executive Insight: Have You Actually Been Breached?

Executive Insight: Have You Actually Been Breached?

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation This piece is part 2 of a series on the differences between fraud and breaches. The first article in the series can be found here. Last month we talked about the difference between card fraud and a card data breach, and I warned …

10/07/2014

Executive Insight: Fraud or Breach?

Executive Insight: Fraud or Breach?

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Fraud and breach are two words that no merchant wants to hear in relation to their business. Confusing fraud for a breach – or assuming they are the same thing – can lead to panic, overreaction, and unfortunate unintended consequences. To help you …

10/07/2014

100 Businesses Breached in One Attack

100 Businesses Breached in One Attack

It seems like we’re hearing about a new major card-data breach on an almost weekly basis. It’s both incredibly frustrating and incredibly sad to see millions of people paying the price for businesses’ failures to adequately secure their data. What’s even more concerning is that it’s happening so often that we’ve heard people say, “Breaches …

09/02/2014

Consumers Care About Card Data Security

Consumers Care About Card Data Security

For years, we’ve been warning merchants about the brand damage that can come as a result of a card data breach, and recently a series of articles and research studies have made it clear just how harmful it can be. If you’re not currently taking full advantage of our suite of security technologies, including both …

08/05/2014

Executive Insight: The Truth About Uptime

Executive Insight: The Truth About Uptime

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation There’s a lot of buzz in the payments industry about uptime and how many “nines” you should be looking for in a potential service provider. To make sure we’re all on the same page, let me explain what I mean by uptime and …

07/01/2014

The Fight for Tokenization

The Fight for Tokenization

We recently came across an article published by Digital Transactions that discussed “The Furious Battle to Control Tokenization.” The article laid out the politics and power struggles within the payments space and did a good job of explaining the current state of the industry. The author explains that with all the headaches and confusion around …

07/01/2014

EMV: Silver Bullet or Red Herring?

EMV: Silver Bullet or Red Herring?

In the wake of the major retail breaches late last year, the card brands (and a few of the larger issuing banks) dumped huge amounts of money into PR campaigns that positioned EMV as the solution to our card-data security troubles. Now, those of you who follow our blog closely will remember that we very …

07/01/2014

Are Constant Breaches the New Norm?

Are Constant Breaches the New Norm?

Target, Michael’s, Neiman Marcus, White Lodging, and now P.F. Chang’s. It seems like every month there is a new, major data breach making headlines. In the most recent case, P.F. Chang’s appears to have been compromised for close to nine months, and experts say more than seven million card numbers may have been stolen. In …

05/06/2014

New U.S. Executive Order for Russian-Issued Cards

New U.S. Executive Order for Russian-Issued Cards

As your merchant advocate, we want to take just a moment of your time to let you know about a recent United States Executive Order impacting all U.S. processors. It may have an impact on your business, especially if a high percentage of your clientele uses internationally-issued payment cards.On March 20, 2014, the President signed …

05/06/2014

Executive Insight: Merchant-Focused Innovation

Executive Insight: Merchant-Focused Innovation

We’re proud of what we’ve done over the past 20 years, and most of all, we’re proud to still call ourselves merchant advocates. While most other payments companies have sold out and taken buyout offers that left their customer loyalty questionable at best, Shift4 retains our independence and we continue to pioneer technologies that do …

04/10/2014

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 is aware of the “Heartbleed” vulnerability that is being reported by security bloggers and the mainstream media. None of Shift4’s technologies have been affected by the Heartbleed bug. Because we’re your merchant advocates, we have put together the following information to help you protect your personal information from other sites that may have been …

02/04/2014

Breaches: Don’t Be Next

Breaches: Don’t Be Next

If you were comparing new POS swipe device models, and I explained that one provided zero protection from the type of breach major retailers have recently experienced, while the other provided complete protection from a card data security breach for about $50 more, which would you choose? Pretty easy choice, right? What you would be …

01/07/2014

PCI Says Most Tokens Won’t Reduce Scope

PCI Says Most Tokens Won’t Reduce Scope

We’ve spent much of the last five years warning merchants about companies that claim to offer tokenization when what they really have is nothing more than a weak encryption scheme. We call these solutions “tokenization in name only,” or TINO for short, and they annoy us to no end. But we’re happy to announce that …

01/02/2014

Why EMV Isn’t the Answer to Breach at Target

This post was written by Shift4’s VP of Business Development, Bob Lowe. By now, I’m sure most all of you have heard about the credit and debit card information breach at Target stores. If not, get caught up here and then this post will make more sense.Likewise, you have probably seen the litany of articles …

12/03/2013

Executive Insight: EMV is Coming – Gradually

This post was written by Shift4’s VP of Business Development, Bob Lowe. Over the course of his impressive career, Bob has worked on EMV roll-out projects in Europe, Canada, and the U.S. Are you preparing for EMV? We hope that by now you at least have it on your radar and are starting to weigh …

09/27/2013

Tokenization IS Encryption – NOT! – Part 4

This is the first addendum post of a three (now four)-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first three sections can be found here, here, and here. Recently I found out that PCI SSC is taking on the tokenization subject again. This time, the goal is to take the guidance …

05/24/2013

Credit Unions Push to Increase Breach Liability for Merchants

This post was written by Steve Sommers, Shift4’s SVP of Applications Development. His insights and expertise are shared regularly on his personal blog, http://paymenttidbits.blogspot.com. Dog Pile!!! Earlier this week I received my BankInfoSecurity e-newsletter. The headline was “Hold Merchants Accountable for Breaches?” This referred to a blog post by Tracy Kitten. The title alone got …

03/27/2013

HTNG, We Hear You!

HTNG, in response to your release of “Secure Payments Framework for Hospitality,” let us cut right to the chase and say, “thank you.” Thank you for pointing out the things that we are doing well, and for making the technology we introduced (tokenization) an industry standard. More importantly, thank you for being very clear in …

02/05/2013

Why Shift4 is Not (Yet) a PCI-Validated Provider For P2PE

That’s right. Seven months after the standards were released and nearly two full years from their initial announcements on the matter, the PCI SSC has yet to validate a single P2PE solution provider that can offer the promised scope reductions and a simplified SAQ to merchants. Why? Well, quite frankly, because they designed the wrong …

11/06/2012

Executive Insight: Take Advantage of Fraud Sentry!

The most effective security system in the world can’t protect you if you don’t turn it on. That’s the first thought that struck me after I heard a report of one of our merchant customers falling victim to “trusted-employee” fraud last month. In this case, a night auditor was able to issue false credits to …

09/04/2012

EMV is Coming – Don’t Panic!

Back in January, Shift4 CEO Dave Oder wrote an Executive Insight article about EMV (Chip and PIN) payments coming to the U.S. At that time, the details were a bit hazy and all we knew for certain was that by 2015, U.S. merchants were supposed to have EMV in place. Dave’s outlook on the situation …

05/01/2012

Global Effects of the Global Breach

Over the past few weeks, the payment industry Web space has been filled with articles spawned by the reported breach of Global Payments. These posts range from intelligent hypotheses based on significant industry experience to wild speculation from scheming salesmen looking to make a quick sale by inspiring fear, uncertainty, and doubt in their potential …

04/06/2012

Global Ramifications

The Internet is abuzz with speculation on the source and scope of the Global Payments breach. In the past few days, reports on the number of affected cards have ranged from as many as 10 million to a little more than 50,000 with Global setting the “official” number at 1.5 million. Likewise, the source of …

03/06/2012

Executive Insight: All or Nothing Tokenization

Are you the all-or-nothing type? Are you the type that can’t even get started if you know going in that 100% success is an impossibility? Many people take this view with tokenization, but let me tell you why that’s a dangerous position to support. First, let’s look at an example. Let’s suppose a hotel company’s …

01/04/2012

Executive Insight: US EMV – A Necessary Evil?

A New Payment Process Those who have traveled to Europe in the past few years or to Canada within the last year or so, know there is a new payment process that uses a microchip on the card to communicate the payment capabilities of the card to the point of sale, and then uses a …

11/04/2011

Tokenization IS Encryption – NOT! – Part 3

This is the final post of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first two sections can be found here, and here. As If Things Aren’t Muddy Enough!PCI SSC accommodated various TINO solutions in the Tokenization Guidelines which drastically complicated and, in many aspects, contradicted the original tokenization definition …

11/03/2011

Tokenization IS Encryption – NOT! – Part 2

This is the second of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first section can be found here. The final installment will be published later in the week. PCI SSC Tokenization May or May Not Be Encryption – Consult Your QSAIn late 2005, Shift4 released tokenization to the public …

11/01/2011

Tokenization IS Encryption – NOT!

This is the first of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. Additional sections will be published later in the week. There is still much confusion about tokenization. Recently, I found a blog post by Ramon Krikken entitled I’ll go ahead and say it: Tokenization IS Encryption. The author also …

08/12/2011

Did Shift4 Really Invent Tokenization?

Several companies claim to have been first-to-market with tokenization. Their evidences and believability vary widely, so while we cannot address the individual claims of our competitors, we can explain our claim and why we’re confident in saying that we invented tokenization and introduced it to the market. First, let’s establish what exactly it is we …

08/12/2011

Tokenization Guidelines Missed the Mark

This morning, the Payment Card Industry Security Standards Council (PCI SSC) published an “information supplement” entitled, PCI DSS Tokenization Guidelines. The document was designed to standardize the rapidly growing tokenization landscape and to give official word on how much benefit tokenization could bring to merchants striving to comply with PCI DSS requirements. It missed the …

06/15/2011

Is Tokenization a Fad?

Yesterday, Protegrity CTO Ulf Mattsson published a blog entitled, “Is Tokenization just a Fad?” The post was his response to an unnamed “key executive” who recently posed that question. Mattsson’s ultimate premise was that tokenization is a powerful and useful weapon in the IT and InfoSec professionals’ arsenal, and that it is certainly not a …

04/28/2011

Executive Insight: Resilience + Redundancy = Reliability

Companies that processes payment transactions talk about ”five nines” or 99.999% reliability – but none truly deliver it. In reality, a really good processing company delivers around 99.8%. That seems pretty good, too. But is it? It means in a given year, they average less than two hours a month of service disruption. Unfortunately, to …

01/07/2011

Executive Insight: Credit Card Security

As a merchant advocate, Shift4 strives to make you aware of your obligation to protect the cardholder information in your possession (card swipes, primary account numbers and associated expiration dates, etc.). This information can be of a physical nature or of an electronic nature within your Point-of-Sale (POS) or back-office accounting systems. The actual responsibility …

12/01/2010

Credit CARD Act of 2009 Affects Gift Cards, Too

The Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD act) went into full effect August 22, 2010. This legislation brought new regulation to the credit card industry (many of us saw our credit card interest rates jump in response). Deeper in the bill also came new regulations for gift cards. For those of …