September 23, 2009

First Data Validates Efficacy of Emerging Technology

Las Vegas, Nevada (September 23, 2009) – Yesterday, in anticipation of the PCI Security Standards Councils report on emerging technologies to be announced at the PCI Conference in Las Vegas today, First Data Corporation and RSA proclaimed their entrance into the Tokenization arena.

Industry pundits believe that First Data’s entrance into this marketplace will make the report on emerging technologies moot. “It would be very difficult to exclude this technology as effective given the fact that the world’s largest credit card processor has embraced it,” says Stephen Ames, CISSP and Director of Information Security for Shift4 Corporation.

“We are happy to welcome our largest processing partner into this marketplace, and we appreciate the fact that they have legitimized the technology that we initially developed in 2004 and released to the marketplace at our Security Summit in Las Vegas in 2005,” says Dave Oder, President of Shift4 Corporation.

First Data joins several other firms with various Tokenizationsm solutions that have entered the market in the past couple of years. Most are gateways of Merchant Services Providers (MSPs) where Tokenization is used as both a security mechanism and a method to tie merchants to the MSP. Their theory being that if they hold a merchant’s tokens, they hold onto the merchant. As a result, a merchant can’t leave; otherwise, they don’t have access to their historical transactions.

First Data’s solution could be a move in the right direction by giving merchants the option to choose various MSPs that they support; however, it is unclear whether their tokens are good across their merchant banks. Further, the fact that the token can be turned back into the card number for subsequent use for “charge back and similar business activities” doesn’t completely and forever remove the merchant from the security woes of maintaining card data and thus simplify PCI.

A bank and processor neutral gateway with Tokenization and payment accounting application like Shift4’s DOLLARS ON THE NET® gives the merchant the flexibility to move from Merchant Bank or Processor with the assurance that their historical data will always be available. Shift4’s Software as a Service (SaaS) platform allows merchants access to their transactions for all business purposes, including incremental authorizations, settlement, charge backs, credits, book-and-ship, periodic billing and card-on-file applications using only Tokens. With the addition of Shift4’s 4Go® and i4Gosm technologies, merchants’ customers’ credit cards are never in their possession, simplifying the entire PCI DSS process while delivering Real Security.

While First Data seems to be addressing the Terminal Marketplace, Shift4 Tokenization functionality addresses payment integration with Point-of-Sale (POS), Property Management (PMS) and web-based systems, including kiosks and SaaS POS/PMS applications. 

“We have hundreds of partners who have already integrated Shift4 Tokenization into their applications. Since 2005, our partners have processed over 1 billion Tokenized transactions,” says Bob Lowe, Product Manager-Partners for Shift4. “We are told that our approach allows these partners to sell to merchants with banking relationships with virtually every merchant bank in the United States, Mexico, Canada and the Caribbean with only one interface. Further, they tell us that the use of our Tokenization and our other security technologies have allowed them to complete PA-DSS validation in hours instead of days,” says Lowe.