BLOGInsight into the Payments Industry

05/03/2017

Executive Insight: True P2PE – What You Need To Know (Part 2)

Executive Insight: True P2PE – What You Need To Know (Part 2)

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation Riding on the fantastic news that Shift4’s True P2PE® solution is PCI validated, which means that you may be able to significantly reduce the scope and time of your PCI DSS assessments by using the Self-Assessment Questionnaire (SAQ) P2PE, I’m sure you have …

05/02/2017

Fraud Speak: Learn the Lingo to Beat Scammers

Fraud Speak: Learn the Lingo to Beat Scammers

As you are well aware, hackers and scammers pose an ongoing threat to your payment data. A single data breach can do enough damage to your company’s brand and finances to last years – if not bring an end to, or at least greatly hamper, your business operations. This is one of the reasons why …

04/04/2017

Most Common Passwords Used in 2016

Most Common Passwords Used in 2016

Password manager and security vault company Keeper Security recently looked into 2016’s most commonly used passwords, and their research shows a shocking trend in using weak passwords across various websites. Because a weak password can lead to the very data breaches that they are meant to help prevent, it’s important to read this article about …

03/07/2017

Fight Fraud: Authorize Every Guest’s Card at Hotel Check-In

Fight Fraud: Authorize Every Guest’s Card at Hotel Check-In

If your hotel supports EMV and accepts reservations or purchases via an app, website, or call center, please be sure to authorize each guest’s card at check-in to avoid falling prey to an increasingly popular fraud scheme. As we’ve previously mentioned, EMV doesn’t authenticate cards in card-not-present (CNP) scenarios. So these days, when fraudsters buy …

03/07/2017

Chargebacks: Fraud or Fiction?

Chargebacks: Fraud or Fiction?

In a post-EMV world, some merchant services providers are making it difficult for merchants to fight chargebacks. Are their practices legitimate? This article tells you how to identify unfair chargebacks and hold your provider accountable.

01/03/2017

Executive Insight: True P2PE – What You Need to Know

Executive Insight: True P2PE – What You Need to Know

By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation Riding on the fantastic news that Shift4’s True P2PE (point-to-point encryption) solution will soon be PCI validated, I want to impart some important information you need to know, regardless of whether or not you choose to implement True P2PE. Validated P2PE: Requirements for …

11/01/2016

EMV Is a Journey, Not a Destination

EMV Is a Journey, Not a Destination

The transition to EMV is a journey – and thanks to our vast experience, we’re reducing the number of bumps you may experience along the road. (After all, we want it to be a journey you’re glad you took.) So, while adopting EMV isn’t exactly “plug and play,” Shift4 is making it much simpler for …

10/04/2016

Ready for Faster EMV Transactions?

Ready for Faster EMV Transactions?

Last year, we put out an article explaining how the arrival of EMV essentially killed the concept of swipe ahead. With EMV, customers have to wait until all items are rung up and a total is calculated before inserting their cards – and then wait 15-20 agonizing seconds for processing before they can remove their …

10/04/2016

Payment Security Tips From PCI

Payment Security Tips From PCI

Shift4 was honored by the Payment Card Industry Security Standards Council (PCI SSC) last month for supporting the Council since the very beginning, 10 years ago. While we were in attendance at their conference, we picked up a pair of helpful guides that we’d like to pass along to all of our merchant customers. All …

08/02/2016

Ready for Card Numbers Starting With 2?

Ready for Card Numbers Starting With 2?

Starting next year, Mastercard will be rolling out new payment cards that begin with the number “2” (typically, they start with “5”). This will create a new Bank Identification Number (BIN) range of 222100 – 272099 that merchants will need to accept. A BIN makes up the first six digits of a card number, and …

07/05/2016

Making Sense of Mobile Payments

Making Sense of Mobile Payments

You probably take your smartphone with you wherever you go, so it should come as no surprise that mobile payments usage has been steadily increasing. But, with all of the different mobile technologies out there, we know that it can sometimes be confusing and overwhelming.Here’s a closer look at some of the mobile payments technologies …

06/16/2016

Shift4 Offers Fast-Track to EMV Acceptance

Shift4 Offers Fast-Track to EMV Acceptance

Shift4 is proud to offer EMV with more device and processor combinations than any other gateway provider. More than 70 of our valued point-of-sale and property management system partners who have integrated their systems with our DOLLARS ON THE NET® payment gateway have now made the tweaks necessary to certify those solutions for EMV.Check out …

06/07/2016

We Made Some Major Additions to VT4 mPOS

We Made Some Major Additions to VT4 mPOS

Shift4’s mobile point-of-sale solution, VT4®, is already one of the most secure, flexible, and scalable options for merchants in any industry. VT4 opens up revenue streams that didn’t exist before, such as kiosks and food stands at events or mobile checkout in your store. Our team is constantly working to add new features and enhancements …

06/07/2016

Partial Authorizations Explained

Partial Authorizations Explained

Most merchants are familiar with partial authorizations on gift card transactions. A customer eats dinner at your restaurant, pays their bill with a gift card, and then $25 is taken off their bill and your point of sale (POS) asks for another form of payment to take care of the remaining balance.But did you know …

06/07/2016

Recent UTG Updates

Recent UTG Updates

Shift4 supports the latest and greatest payments technologies to optimize your payment processing efficiency and security. As such, we listen to your feedback and update our Universal Transaction Gateway® (UTG®) on a regular basis. While some of these changes are minor tweaks and behind-the-scenes improvements, others may have a larger impact on your business, so …

05/03/2016

Don’t Waste Money on a Stand-Alone Solution for EMV

We knew that many of you would be eager to add EMV, so Shift4 got into certification early and are currently processing EMV in the U.S. and Canada with several processors. However, if you’ve read our executive insight blogs recently, you’ll know that the delay for EMV adoption is out of our hands. If you’re …

05/03/2016

What’s New With the UTG®?

What’s New With the UTG®?

Shift4 provides the latest and greatest payments technologies to keep your business thriving and your customers happy. We listen to your feedback and regularly update our Universal Transaction Gateway® (UTG®), keeping your payment security, efficiency, and business operations in mind with each new UTG build. While some of these updates are minor tweaks and behind-the-scenes …

05/03/2016

4 Ways EMV Ruins the Point-of-Purchase Experience

4 Ways EMV Ruins the Point-of-Purchase Experience

The end result is that there are now many merchants and consumers expressing frustration over increased friction at the point of purchase. We even saw a local café a few miles from Shift4’s headquarters advertising their mobile-based rewards program by listing “avoid using the chip reader” as a key benefit. So, what makes EMV so …

04/05/2016

Executive Insight: EMV – 6 Months Later

Executive Insight: EMV – 6 Months Later

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation EMV. If you are in the payments industry, you probably cannot remember the last time you went a full day without hearing this word. I certainly can’t. And, if you are anything like me, EMV has likely given you more than your fair …

04/05/2016

Chargebacks: Fraud or Fiction?

Chargebacks: Fraud or Fiction?

Merchants these days are shouldering more responsibility for fraudulent transactions, thanks to the EMV liability shift. Unfortunately, some shady consumers are taking advantage. Friendly fraud, or chargeback fraud, is when a consumer genuinely purchases goods or services and later disputes those charges with their card issuer. You can put your best foot forward by making …

03/01/2016

Executive Insight: Setting the Record Straight on Tokenization

Executive Insight: Setting the Record Straight on Tokenization

I watched an interesting and entertaining Twitter dialogue unfold late last month between two payments industry experts. Ian Kar, who covers the payments industry for online news publication Quartz, was covering PayPal’s earnings call when he heard PayPal CEO Dan Schulman make a pretty bold claim: Schulman: Rest of payment industry is following us into …

03/01/2016

Making Heads or Tails of Your PCI Compliance Forms

Making Heads or Tails of Your PCI Compliance Forms

We’ve seen a pattern of confusion from merchants who are attempting to complete their PCI compliance forms. Shift4 has provided some frequently asked questions (along with our answers) to help clear things up. Your merchant services provider (MSP) may have asked you to complete a do-it-yourself PCI compliance form. The purpose of their forms is to …

02/01/2016

Shift4’s VT4® Named Best M-POS Solution in 2016 Pay Awards!

Shift4’s VT4® Named Best M-POS Solution in 2016 Pay Awards!

Well, we can’t say that we’re surprised – but, we are thrilled! VT4®, our ingenious mobile point of sale (mPOS) solution, recently won the Best M-POS Solution award in the 2016 Pay Awards! Paybefore is a leading information provider in the payments industry, and their annual Pay Awards event recognizes the best prepaid, mobile, and …

01/05/2016

Executive Insight: 3 Ways Merchants Can Ensure a More Secure 2016

Executive Insight: 3 Ways Merchants Can Ensure a More Secure 2016

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation For merchants, there is an all too common tendency to “fire and forget” when using security tools. You might have just completed your most recent PCI DSS (Payment Card Industry Data Security Standard) assessment, installed new antivirus software, or added EMV. While each …

01/05/2016

AMEX Has Replaced OnePoint With OptBlue

AMEX Has Replaced OnePoint With OptBlue

For years, Shift4 has provided small merchants with direct payment processing to American Express (AMEX) along with support for the AMEX OnePoint program. OnePoint catered to merchants that processed less than $500,000 (under a single tax ID) in AMEX charges each year. However, on November 1, 2015, the OnePoint program ended and AMEX began offering …

12/01/2015

Executive Insight: Winning the War for Payment Card Data

Executive Insight: Winning the War for Payment Card Data

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Last year, the United States experienced what has been dubbed “the year of the data breach.” Now, we’re nearing the end of 2015, and data breaches continue to plague merchants. Some are saying that hackers’ tactics are changing and that remote-access attacks are …

12/01/2015

Dara Security Assesses True P2PE™

Dara Security Assesses True P2PE™

At Shift4, we value our customers’ payment data security above all else. Every product and technology we provide was created knowing that data breaches and fraud are real threats that can happen to anyone at any time. With that in mind, we want to make sure that all of our payment solutions are as secure …

09/01/2015

Get in Gear for EMV

Get in Gear for EMV

The U.S. EMV migration liability shift date, October 1, 2015, is almost here. Are you on the road to EMV chip card acceptance? Earlier this year, we shared a road map to give merchants and independent software vendors (ISVs) a quick look at how to get ready for EMV. Now, we’re sharing the steps merchants, …

07/07/2015

Executive Insight: Take the Time to Do EMV Right (Part 2)

Executive Insight: Take the Time to Do EMV Right (Part 2)

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Last month, we talked about how some organizations are pressuring merchants to rush into EMV solutions instead of urging merchants to take the time to adopt a strategic approach to EMV. This month, I’ll review some of the nuances of the EMV liability …

07/07/2015

12 Hospitality Touchpoints Secured by Shift4

12 Hospitality Touchpoints Secured by Shift4

From a payments point of view, hospitality environments are particularly complex. Typically, hotels keep payment card information on file for booking guarantees, advanced deposits, refunds, incremental authorizations, and more. This makes the hospitality environment at hotels, resorts, and motels particularly vulnerable to data thieves, who target these environments to retrieve payment card information held within …

06/10/2015

Shift4 Response to MalumPOS Malware

Shift4 Response to MalumPOS Malware

Recently, Trend Micro published a brief on their blog about malware named MalumPOS. This blog post is based on a 2014 report and is most likely referencing 2013 or prior data in order to refer clients to their own endpoint-monitoring software. The post details a specific piece of malware that targets payment data as it …

06/02/2015

Executive Insight: Take the Time to Do EMV Right (Part 1)

Executive Insight: Take the Time to Do EMV Right (Part 1)

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation U.S. a Unique EMV Market Four years ago, when the major issuing banks announced their timeline for transitioning to EMV in the U.S., payments industry insiders knew that the U.S. EMV migration would be more complicated than previous implementations around the globe had …

06/02/2015

EMV: Swipe Ahead Gets Left Behind

EMV: Swipe Ahead Gets Left Behind

Update 10/4/16: Shift4 has been around long enough to predict how most things will shake out in the payments industry. With the below article, we knew EMV was going to cause headaches for merchants, consumers, and just about everyone else who deals with payments. Well, it turns out we were right. Most major card brands …

05/05/2015

Executive Insight: The Cost of Vigilance Versus Compliance

Executive Insight: The Cost of Vigilance Versus Compliance

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation If there’s one word we hear too often in the payments industry, it’s “compliance.” Too many security officers, IT directors, and other business leaders hold to the term like Linus from the Peanuts gang clings to his blanket. And – as dozens of …

05/05/2015

Cyber Security Tips for Smartphone Usage

Cyber Security Tips for Smartphone Usage

Connecting mobile devices to your company network can introduce security risks to the environment if you aren’t careful. However, if you follow these simple rules for smartphone usage, provided by the Financial Services Information Sharing and Analysis Center (FS-ISAC), your environment will be much better off for it. By 2017, the number of smartphone users …

04/17/2015

EMV: What It Is and What It’s Not

EMV: What It Is and What It’s Not

EMV: What It Is and What It’s Not U.S. EMV is coming. Are you prepared? In the simplest terms, EMV is a special chip embedded on a credit or debit card that helps to prevent card-present fraud. The EMV chip prevents counterfeiting, skimming, and the use of lost or stolen credit or debit cards. The …

04/07/2015

3 Things Every Merchant Should Know About EMV

3 Things Every Merchant Should Know About EMV

Shift4’s SVP of Applications Development, Steve Sommers, was recently invited to San Antonio to speak at the Hotel Technology Next Generation (HTNG) North American Conference. The session he was asked to join, entitled “Securing Payment Data: Tales From the Front,” featured Sommers alongside Rob Martin, the VP of Security Solutions for device manufacturer Ingenico, and …

03/03/2015

Shift4 Doesn’t Use SSL (And You Shouldn’t, Either!)

Shift4 Doesn’t Use SSL (And You Shouldn’t, Either!)

You may remember that back in November, we released an alert about protecting yourself from the POODLE SSL vulnerability. For those of you who are less familiar with SSL, it refers to a type of encryption that was once used to secure communications between a user’s Web browser and a website in order to protect …

02/03/2015

3 Hot Topics at NRF 2015

3 Hot Topics at NRF 2015

The Shift4 team is back from National Retail Federation’s (NRF) 104th Annual Convention and EXPO, also known as Retail’s BIG Show. Omni-channel, mobile, and EMV were three of the hottest topics for retailers at the show this year, so we’re discussing each of these issues from a payments perspective because they’ll apply to other industries, …

12/17/2014

The Hacker Who Tried to Steal Christmas

Every merchant in 4ville liked Christmas a lot, But the Hacker, who lived at the South Pole did not. The Hacker loathed Christmas! There was no good reason! And each year he would launch an attack on the season. He stared down at the 4s with an air of disdain; He couldn’t be like them …

12/02/2014

EMV Update

EMV Update

The chip cards are coming! We are now just 10 months away from the October 2015 liability shift date for U.S. EMV. That’s the date the card brands set to have all U.S. merchants supporting EMV (Chip card) technology. After that date, whichever organization breaks the “EMV chain” will be held responsible for fraudulent card …

12/02/2014

Shift4, P2PE, and PCI Validation

Shift4, P2PE, and PCI Validation

Update 4/19/17: Shift4’s point-to-point encryption solution, True P2PE, is now PCI validated. We were able to build a unique solution that met the PCI SSC validation requirements without compromising our own high standards for speed, security, and reliability. Because of this, some of the information in this article (which was published in 2014) may not …

11/04/2014

Shift4 Now Supports Apple Pay

Shift4 Now Supports Apple Pay

We told you last month that adding support for Apple Pay™ was going to be quick and easy, and it was. We’re happy to announce that Shift4 now supports Apple Pay contactless (NFC) payments. In fact, a few of our customers have already starting processing Apple Pay transactions. No additional development is required for you …

11/04/2014

Executive Insight: Have You Actually Been Breached?

Executive Insight: Have You Actually Been Breached?

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation This piece is part 2 of a series on the differences between fraud and breaches. The first article in the series can be found here. Last month we talked about the difference between card fraud and a card data breach, and I warned …

10/23/2014

Re: Bob Russo: Breached!

CardNotPresent.com published an article last week that featured an unusually candid Bob Russo. For those who aren’t familiar with that name, Russo is the recently retired GM of the Payment Card Industry Security Standards Council (PCI SSC). As GM and cheerleader-in-chief, Russo spent most of the last decade trying to get merchants to buy into …

10/07/2014

Executive Insight: Fraud or Breach?

Executive Insight: Fraud or Breach?

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation Fraud and breach are two words that no merchant wants to hear in relation to their business. Confusing fraud for a breach – or assuming they are the same thing – can lead to panic, overreaction, and unfortunate unintended consequences. To help you …

10/07/2014

100 Businesses Breached in One Attack

100 Businesses Breached in One Attack

It seems like we’re hearing about a new major card-data breach on an almost weekly basis. It’s both incredibly frustrating and incredibly sad to see millions of people paying the price for businesses’ failures to adequately secure their data. What’s even more concerning is that it’s happening so often that we’ve heard people say, “Breaches …

09/02/2014

Executive Insight: Get Your Head Out of the Cloud

Executive Insight: Get Your Head Out of the Cloud

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation American author Wilferd Peterson famously wrote, “Walk with the dreamers … the doers, the successful people with their heads in the clouds and their feet on the ground.” Taken slightly out of context, this quote offers a great warning to today’s tech world. …

09/02/2014

Consumers Care About Card Data Security

Consumers Care About Card Data Security

For years, we’ve been warning merchants about the brand damage that can come as a result of a card data breach, and recently a series of articles and research studies have made it clear just how harmful it can be. If you’re not currently taking full advantage of our suite of security technologies, including both …

08/05/2014

Executive Insight: The Truth About Uptime

Executive Insight: The Truth About Uptime

By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation There’s a lot of buzz in the payments industry about uptime and how many “nines” you should be looking for in a potential service provider. To make sure we’re all on the same page, let me explain what I mean by uptime and …

07/01/2014

The Fight for Tokenization

The Fight for Tokenization

We recently came across an article published by Digital Transactions that discussed “The Furious Battle to Control Tokenization.” The article laid out the politics and power struggles within the payments space and did a good job of explaining the current state of the industry. The author explains that with all the headaches and confusion around …

07/01/2014

EMV: Silver Bullet or Red Herring?

EMV: Silver Bullet or Red Herring?

In the wake of the major retail breaches late last year, the card brands (and a few of the larger issuing banks) dumped huge amounts of money into PR campaigns that positioned EMV as the solution to our card-data security troubles. Now, those of you who follow our blog closely will remember that we very …

07/01/2014

Are Constant Breaches the New Norm?

Are Constant Breaches the New Norm?

Target, Michael’s, Neiman Marcus, White Lodging, and now P.F. Chang’s. It seems like every month there is a new, major data breach making headlines. In the most recent case, P.F. Chang’s appears to have been compromised for close to nine months, and experts say more than seven million card numbers may have been stolen. In …

06/03/2014

The FTC is Prosecuting Shady MSPs and ISOs

The FTC is Prosecuting Shady MSPs and ISOs

After 20 years in the industry, we’ve noticed that far too many of them seem motivated only by the dollar, and not by any real desire to help the merchants they supposedly serve. For years, we’ve warned our merchant customers about the shady business practices of some merchant services providers (MSPs) and independent sales organizations …

05/06/2014

New U.S. Executive Order for Russian-Issued Cards

New U.S. Executive Order for Russian-Issued Cards

As your merchant advocate, we want to take just a moment of your time to let you know about a recent United States Executive Order impacting all U.S. processors. It may have an impact on your business, especially if a high percentage of your clientele uses internationally-issued payment cards.On March 20, 2014, the President signed …

05/06/2014

Executive Insight: Merchant-Focused Innovation

Executive Insight: Merchant-Focused Innovation

We’re proud of what we’ve done over the past 20 years, and most of all, we’re proud to still call ourselves merchant advocates. While most other payments companies have sold out and taken buyout offers that left their customer loyalty questionable at best, Shift4 retains our independence and we continue to pioneer technologies that do …

04/10/2014

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 is aware of the “Heartbleed” vulnerability that is being reported by security bloggers and the mainstream media. None of Shift4’s technologies have been affected by the Heartbleed bug. Because we’re your merchant advocates, we have put together the following information to help you protect your personal information from other sites that may have been …

02/04/2014

Breaches: Don’t Be Next

Breaches: Don’t Be Next

If you were comparing new POS swipe device models, and I explained that one provided zero protection from the type of breach major retailers have recently experienced, while the other provided complete protection from a card data security breach for about $50 more, which would you choose? Pretty easy choice, right? What you would be …

01/07/2014

PCI Says Most Tokens Won’t Reduce Scope

PCI Says Most Tokens Won’t Reduce Scope

We’ve spent much of the last five years warning merchants about companies that claim to offer tokenization when what they really have is nothing more than a weak encryption scheme. We call these solutions “tokenization in name only,” or TINO for short, and they annoy us to no end. But we’re happy to announce that …

01/02/2014

Why EMV Isn’t the Answer to Breach at Target

This post was written by Shift4’s VP of Business Development, Bob Lowe. By now, I’m sure most all of you have heard about the credit and debit card information breach at Target stores. If not, get caught up here and then this post will make more sense.Likewise, you have probably seen the litany of articles …

12/03/2013

Executive Insight: EMV is Coming – Gradually

This post was written by Shift4’s VP of Business Development, Bob Lowe. Over the course of his impressive career, Bob has worked on EMV roll-out projects in Europe, Canada, and the U.S. Are you preparing for EMV? We hope that by now you at least have it on your radar and are starting to weigh …

09/27/2013

Tokenization IS Encryption – NOT! – Part 4

This is the first addendum post of a three (now four)-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first three sections can be found here, here, and here. Recently I found out that PCI SSC is taking on the tokenization subject again. This time, the goal is to take the guidance …

07/16/2013

PCI’s Not-So-Open Global Forum

This post was written by Shift’s Director of Information Security, Stephen Ames, CISA, CISSP. I just wrapped up onsite PA-DSS validations with my PA-QSA this month and a question came up about PA-DSS Requirement 4.2.7, which aligns with DSS Requirement 10.2, which is all about user access. Just so we’re all on the same page, …

05/24/2013

Credit Unions Push to Increase Breach Liability for Merchants

This post was written by Steve Sommers, Shift4’s SVP of Applications Development. His insights and expertise are shared regularly on his personal blog, http://paymenttidbits.blogspot.com. Dog Pile!!! Earlier this week I received my BankInfoSecurity e-newsletter. The headline was “Hold Merchants Accountable for Breaches?” This referred to a blog post by Tracy Kitten. The title alone got …

04/02/2013

Our “Ties That Bind” Contest Winner Announced!

Over the last year, we’ve collected stories from our clients about being fed up with their merchant banks. We made it into a contest called the “Ties That Bind.” The person who shared our favorite story of woe would win a trip to Las Vegas, home of Shift4’s headquarters! Helen Lyons submitted her experience and …

03/27/2013

HTNG, We Hear You!

HTNG, in response to your release of “Secure Payments Framework for Hospitality,” let us cut right to the chase and say, “thank you.” Thank you for pointing out the things that we are doing well, and for making the technology we introduced (tokenization) an industry standard. More importantly, thank you for being very clear in …

02/05/2013

Why Shift4 is Not (Yet) a PCI-Validated Provider For P2PE

That’s right. Seven months after the standards were released and nearly two full years from their initial announcements on the matter, the PCI SSC has yet to validate a single P2PE solution provider that can offer the promised scope reductions and a simplified SAQ to merchants. Why? Well, quite frankly, because they designed the wrong …

11/06/2012

The Peril of Bank-Owned Gateways

Most of us are familiar with the expression, “Don’t bite the hand that feeds you.” For those who aren’t, it basically means don’t do anything that might hurt those that you rely on. The same meaning applies every time we say something along the lines of, “well, they sign the paychecks, so we’ve got to …

11/06/2012

Executive Insight: Take Advantage of Fraud Sentry!

The most effective security system in the world can’t protect you if you don’t turn it on. That’s the first thought that struck me after I heard a report of one of our merchant customers falling victim to “trusted-employee” fraud last month. In this case, a night auditor was able to issue false credits to …

09/04/2012

EMV is Coming – Don’t Panic!

Back in January, Shift4 CEO Dave Oder wrote an Executive Insight article about EMV (Chip and PIN) payments coming to the U.S. At that time, the details were a bit hazy and all we knew for certain was that by 2015, U.S. merchants were supposed to have EMV in place. Dave’s outlook on the situation …

08/07/2012

Sound Off and Win a Trip to Vegas

Do you have a merchant bank horror story? Were you quoted an amazing rate on payment processing but ended up paying much more? Have you paid the price for their deception? Share your story at www.shift4.com/TiedDown for a chance to win an expense-paid trip for two to Las Vegas (including flights, hotel, entertainment, and even …

06/05/2012

Feeling Tied Down by Your Merchant Bank?

Shift4, the world’s largest independent payment gateway and maybe the last true merchant advocate, launched a new advertising campaign that brings to light some of the underhanded methods used by merchant banks to increase their profits. The first in a series of ads illustrates how easy it can be to get “tied down” by a …

05/24/2012

PCI Provides No Benefit to Merchants

This post was written by Steve Sommers, Shift4’s SVP of Applications Development. His insights and expertise are shared regularly on his personal blog, http://paymenttidbits.blogspot.com. When the Payment Card Industry (PCI) Council was formed, I (like many in the payments industry) was excited. But, over the years, I have gradually lost faith in the program and …

05/01/2012

Global Effects of the Global Breach

Over the past few weeks, the payment industry Web space has been filled with articles spawned by the reported breach of Global Payments. These posts range from intelligent hypotheses based on significant industry experience to wild speculation from scheming salesmen looking to make a quick sale by inspiring fear, uncertainty, and doubt in their potential …

04/06/2012

Global Ramifications

The Internet is abuzz with speculation on the source and scope of the Global Payments breach. In the past few days, reports on the number of affected cards have ranged from as many as 10 million to a little more than 50,000 with Global setting the “official” number at 1.5 million. Likewise, the source of …

03/06/2012

Executive Insight: All or Nothing Tokenization

Are you the all-or-nothing type? Are you the type that can’t even get started if you know going in that 100% success is an impossibility? Many people take this view with tokenization, but let me tell you why that’s a dangerous position to support. First, let’s look at an example. Let’s suppose a hotel company’s …

01/26/2012

Executive Insight: Who is PCI Really Protecting?

By now, most in our industry have heard of the restaurateurs in Park City, Utah who are suing their merchant bank and, consequently, might end up taking on the whole PCI. For those unfamiliar with the story, Wired has a good article, which you can find here. Basically, Cisero’s Ristorante was accused of suffering a …

01/04/2012

Executive Insight: US EMV – A Necessary Evil?

A New Payment Process Those who have traveled to Europe in the past few years or to Canada within the last year or so, know there is a new payment process that uses a microchip on the card to communicate the payment capabilities of the card to the point of sale, and then uses a …

11/04/2011

Tokenization IS Encryption – NOT! – Part 3

This is the final post of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first two sections can be found here, and here. As If Things Aren’t Muddy Enough!PCI SSC accommodated various TINO solutions in the Tokenization Guidelines which drastically complicated and, in many aspects, contradicted the original tokenization definition …

11/03/2011

Tokenization IS Encryption – NOT! – Part 2

This is the second of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first section can be found here. The final installment will be published later in the week. PCI SSC Tokenization May or May Not Be Encryption – Consult Your QSAIn late 2005, Shift4 released tokenization to the public …

11/01/2011

Tokenization IS Encryption – NOT!

This is the first of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. Additional sections will be published later in the week. There is still much confusion about tokenization. Recently, I found a blog post by Ramon Krikken entitled I’ll go ahead and say it: Tokenization IS Encryption. The author also …

09/20/2011

The Durbin Amendment: How to Ensure You See the Benefits

We’ve heard a lot of buzz about the Durbin Amendment and the major cost savings that should come in response to the legislation. Last month, we introduced the main points of the legislation and encouraged those of you who do not currently support debit to consider doing so in order to capitalize on the upcoming …

08/24/2011

Tokenization, the Newest Horse – err, Camel – in the Stable

As the old saying goes, “a camel is a horse designed by a committee.” This saying perfectly describes the recently published PCI DSS Tokenization Guidelines from the PCI SSC. While the original intent of the document was a noble one, the final version fell way short. There were four goals in mind when we at …

08/17/2011

The Durbin Amendment: What It Is, What It Means For Merchants

Between the raging debates, lobbying, legislation, and (finally) the Federal Reserve analysis and modification of the legislation, the Durbin Amendment has maintained a place in the news throughout the year. Now that the debates are over, and both sides have said their piece about the outcome (which seemed to leave all parties underwhelmed and frustrated), …

08/12/2011

Did Shift4 Really Invent Tokenization?

Several companies claim to have been first-to-market with tokenization. Their evidences and believability vary widely, so while we cannot address the individual claims of our competitors, we can explain our claim and why we’re confident in saying that we invented tokenization and introduced it to the market. First, let’s establish what exactly it is we …

08/12/2011

Tokenization Guidelines Missed the Mark

This morning, the Payment Card Industry Security Standards Council (PCI SSC) published an “information supplement” entitled, PCI DSS Tokenization Guidelines. The document was designed to standardize the rapidly growing tokenization landscape and to give official word on how much benefit tokenization could bring to merchants striving to comply with PCI DSS requirements. It missed the …

06/15/2011

Is Tokenization a Fad?

Yesterday, Protegrity CTO Ulf Mattsson published a blog entitled, “Is Tokenization just a Fad?” The post was his response to an unnamed “key executive” who recently posed that question. Mattsson’s ultimate premise was that tokenization is a powerful and useful weapon in the IT and InfoSec professionals’ arsenal, and that it is certainly not a …

04/28/2011

Executive Insight: Resilience + Redundancy = Reliability

Companies that processes payment transactions talk about ”five nines” or 99.999% reliability – but none truly deliver it. In reality, a really good processing company delivers around 99.8%. That seems pretty good, too. But is it? It means in a given year, they average less than two hours a month of service disruption. Unfortunately, to …

02/07/2011

Executive Insight: QSAs – Conflict of Interest?

In last month’s article, we discussed that your Merchant Services Provider (MSP) is responsible for informing and assisting you with your payment processing security. Because MSPs often don’t have the expertise in payment security, many will refer you to a Qualified Security Assessor (QSA), causing you to have to pay for the expertise that should …

01/07/2011

Executive Insight: Credit Card Security

As a merchant advocate, Shift4 strives to make you aware of your obligation to protect the cardholder information in your possession (card swipes, primary account numbers and associated expiration dates, etc.). This information can be of a physical nature or of an electronic nature within your Point-of-Sale (POS) or back-office accounting systems. The actual responsibility …

12/30/2010

They Succeed When You Fail: Rethinking Processors & Gateways

Gateways and processors have historically been on the merchant’s side. However, recent acquisitions of these organizations by card brands and banks have made their dedication to merchant advocacy questionable at best. When Retail Solutions Online approached us to put together an insight article for their Integrated Solutions for Retailers publication, we took the opportunity to …

12/01/2010

Credit CARD Act of 2009 Affects Gift Cards, Too

The Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD act) went into full effect August 22, 2010. This legislation brought new regulation to the credit card industry (many of us saw our credit card interest rates jump in response). Deeper in the bill also came new regulations for gift cards. For those of …

12/01/2010

Welcome to 4Sight

Welcome to 4Sight, Shift4’s newly designed monthly newsletter. In each edition of 4Sight you will find useful hints on DOLLARS ON THE NET® including tips and tricks, success stories, and explanations of the features included with your current solution that you might not have discovered yet. Also, we will compile best practices and industry news, …

11/24/2010

The Difference is in the Details

Hello and welcome to 4titude, the official blog of Shift4. For the past 16 years, Shift4 has been at the forefront of payment processing technology, yet during that time too few outside of our customer base have heard enough about us. Sure, you’ve all heard of Tokenization, a term we coined when we introduced the …