Shift4 Lighthouse Transaction Manager Lighthouse Transaction Manager My Portal Request a Quote


The Shift4 Glossary

The Shift4 Glossary


Sometimes it feels like the payments industry speaks its own language. While not comprehensive, this list of common terms and acronyms should help you understand what you read and hear on our website and elsewhere.


4Go® – Shift4’s software application that prevents a merchant’s point-of-sale or property management system from handling cardholder data. 4Go acts as a firewall between the card swipe and the point-of-sale or property management system application, providing your customers with the most secure transmission of their cardholder data available.

4Res® – Shift4’s virtual cardholder data "firewall," designed to sit between a central reservation system and a hotel's property management system. 4Res tokenizes all cardholder data before it enters a hotel's merchant environment. Also see firewall.

4tify® – Shift4’s next generation of tokenization, 4tify is a suite of secure technologies, including TrueTokenization®, 4Go®, i4Go®, 4Res®, and 4Word®. Providing your business with more flexibility and control in the use of TrueTokens®, 4tify is Tokenization Your Way®.

4Word® – Shift4’s secure, authenticated process to allow a third-party merchant to securely obtain limited access to a customer’s payment card from a Shift4 merchant customer using TrueTokenization and Lighthouse Transaction Manager.


Acquiring Bank – See merchant bank.

Address Verification System (AVS) – A security feature that requires merchants to supply address information for the cardholder in card-not-present transactions, such as those made on a website. The merchant’s system verifies that the address entered matches the one the issuing bank has on file and then confirms whether the information is valid or not.

While this does lower discount rates and is supposed to prevent fraud, most credit cards are stolen along with a wallet or purse, which usually has address information in it. This may just be another way for issuing banks to increase the interchange fee.

Many issuing banks are not equipped to handle AVS and those that are may only keep accurate ZIP codes in their systems. Some issuing banks use a customer’s ZIP code or ZIP code+4, while others include the street address. Merchants are given the option of which part(s) of a customer’s address are accepted as valid verification. The good news is that because issuing banks have not set an industry standard for AVS, merchants only need to attempt address verification in order to qualify for the best discount rate. Also see issuing bank or issuer.

Application Program Interface (API) – A set of rules and protocols that tells separate software programs how to communicate with one another.

Application Service Provider (ASP) – See software as a service (SaaS).

Authorization – An authorization is the initial request a merchant makes for a customer’s issuing bank to release funds for payment.


Bank – A financial institution that handles merchant accounts and issues lines of credit. Also see merchant bank or issuing bank.

Bank Identification Number (BIN) – For cardholders, a BIN is an identification number consisting of a two-part code assigned to banks and savings associations. The BIN makes up the first 6-8 digits of a card number, with the first part showing the location and the second identifying the bank itself. This identifies the institution that issued the card to the cardholder, as well as the card type (e.g., debit, credit, gift card).

Basis Point – One hundredth of one percent. A merchant’s discount rate will usually be quoted in this format, as a percentage or a fraction. Also see discount rate.

Batch – A group of authorized transactions, typically used by the merchant in the settlement process at the close of business each day. Also see settlement.

Brand – The card associations or organizations behind the labels on a credit card. Visa, MasterCard, American Express, and Discover are often referred to as “the brands” within the payments industry. Also see card association.

Breach – An exploitation of security measures to access and compromise a merchant’s cardholder data environment.


Card Association – Credit-card-granting organizations, including Visa, MasterCard, American Express, and Discover, that make the rules regarding credit card acceptance in conjunction with the government.

Cardholder – The authorized user of a credit card who has established a line of credit (e.g., a typical customer), and is financially responsible for transactions completed using the card.

Cardholder Data – Sensitive information belonging to the authorized user of a credit/debit card, including an individual’s name, address, payment card number, PIN, and verification codes.

Cardholder Verification Value (CVV2) – A three- or four-digit number that is printed on a card to verify its authenticity. The “2” refers to the printed code on the card. (CVV1 is encoded on the magnetic stripe of the card.)

Chargeback – When a customer does not receive his goods or services or says he didn’t place an order or make a purchase, he can ask his issuing bank to charge back the purchase to the merchant within a 60-day timeframe. The issuing bank will notify the merchant when this happens, after which the merchant will need to validate and defend the purchase by providing such information as the amount, an invoice or folio, customer signature, or shipping documents. Also see retrieval request.

Cipher Suite – A specific set of authentication, encryption, message authentication code (MAC), and key exchange algorithms that is used to negotiate the security settings for a network connection using a network protocol such as TLS or SSL.

Compliance – Merchants that accept credit card transactions must meet or exceed regulations set by the local government, federal government, the card associations, and the Payment Card Industry Security Standards Council (PCI SSC). Also see Payment Card Industry Security Standards Council (PCI SSC).

Credit Card – A payment card that authorizes the person named on it to charge goods or services to his account. Credit card issuing banks earn money through interest charged to the cardholders and, in some instances, through fees charged for the use of the card or access to rewards programs. Credit card issuing banks also profit from a portion of the fees charged by the card association known as interchange fees. Also see issuing bank or issuer.


Debit Card – Debit cards let buyers pay for goods and services with funds from their checking account and are an important part of any merchant’s business. Debit cards give consumers more flexibility in their payment options and can be used in two ways: online debit and offline debit.

Online Debit – Sometimes referred to as PIN debit, online debit is processed on the ATM network of the cardholder's bank. The card is swiped or inserted at the point of sale and the consumer is asked to enter their Personal Identification Number (PIN). As a merchant, you must be specifically set up to accept these types of transactions through your merchant account and you must have special hardware to accept the PIN entry from the customer.

Offline Debit – Sometimes referred to as signature debit, offline debit is processed in a manner similar to a credit card transaction. If the debit card carries a card brand, such as Visa or MasterCard, the card may be processed by simply swiping it through a credit card terminal that supports that card's brand. The transaction is processed over the merchant's credit card network and the customer provides their signature as approval of the transaction.

Debit Network – The electronic system used for debit card transactions to make purchases, get cash from ATMs, and pay bills online. The debit network’s logo, such as STAR, NYCE, or MAESTRO, is usually printed on the card.

Discount Rate – This is the fee paid to a merchant bank to handle the deposit of credit card funds into a merchant account. It is usually quoted as a percentage to hundredths (or the basis point) on the monthly bill. For a more in-depth explanation of the discount rate and other fees, read our Credit Card 101 tutorial. Also see basis point.


Effective Rate – This is the true amount charged by the merchant bank when processing each transaction. It is often more than the quoted discount rate because it is the calculated, bundled rate including the discount rate, assessments, and other per-item transaction fees. For an in-depth explanation of why monthly fees are likely more than was originally quoted, read our Credit Card 101 tutorial.

EMV – EMV is a smart chip technology that offers an additional step for authentication beyond the traditional magnetic stripe card payment for card-present transactions (commonly called Chip and PIN or smart cards). In addition to the security chip, which is placed inside of a reader during a transaction, EMV also verifies the cardholder’s identity with the use of a PIN or signature. The original EMV standard was created by card-granting organizations Europay, MasterCard, and Visa in 1999, and has been in standard use for credit cards in Europe and Canada. EMV technology is now becoming a global standard, with EMV compliance required of merchants and processors in the United States by October 2015. However, EMV cards still pose a security risk and will not protect merchants or their customers with the level of security offered by the use of point-to-point encryption (P2PE), nor will EMV protect purchases made through websites. Also see 4tify, NFC, point-to-point encryption (P2PE), and tokenization.

Encoded – Information has been encoded when it has been put into a cipher or encryption, requiring a specific key in order to be used. Also see encryption and key.

Encryption – Encryption is a process of encoding or scrambling data so that it can be read only by authorized people or programs with a decryption key.


False Cardholder Data – When a card is swiped at the point of sale, a payment processing system needs a few seconds to authorize the transaction. 4Go, Shift4’s driver-based cardholder data “firewall,” creates false cardholder data to act as a placeholder in the point-of-sale system until a TrueToken® is returned.

Note: False cardholder data is a format-preserving token made up of the first and last few digits of the card number, separated by randomly-generated false data. It is designed only for short-term usage. False cardholder data is not the same as a TrueToken, which is a unique ID that references the actual data associated with a card number or specific transaction. Also see 4Go, 4tify, and TrueToken.

Federal Reserve System (Fed) – 12 Fed banks comprise the central banking system for the United States and are a large part of the Federal Reserve System, which implements the policies set forth by the Federal Open Market Committee. Each Fed bank is also responsible for the regulation of the commercial banks within its own particular district.

As most large businesses and issuing banks have accounts in the Fed banks, much of the money that changes hands during the settlement process moves only from one Fed account to another.

Firewall – An integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. Also see 4Go and 4Res.

Fraud – Any illicit method used to access or use another person’s cardholder data.

Fraud Sentry® – Shift4’s powerful fraud control solution, Fraud Sentry helps merchants to efficiently identify, manage, and prevent suspicious and costly transactions, including “trusted-employee” fraud. Fraud Sentry is provided at no additional cost with Lighthouse Transaction Manager.


Gateway – A payment processing solution that protects cardholder data during the payment transaction process.

Gateway+ – An enhanced payment gateway, offering total bank and processor neutrality, tokenization, fraud prevention, an enterprise-wide accounting program, and more. DOLLARS ON THE NET is Shift4’s premier gateway+.

Gift CardIt’s your favorite thing to open on your birthday! The technical definition is that a gift card is a stored-value payment card for a specific merchant that is usually preloaded with a set monetary value.

Grace Period – The time during which a cardholder is allowed to pay his credit card bill without any interest or late fees assessed.


Hard Credit Pull – A hard credit pull usually occurs when a consumer has applied for or is seeking some form of credit or loan (e.g., a credit card application).

Hardware-Based Point-to-Point Encryption (P2PE) – A hardware/hardware solution for P2PE, requiring encryption hardware within the point of sale at the merchant location and a hardware-based key management and decryption tool, known as a hardware security module (HSM). This solution for encryption is more cost-prohibitive than hardware/software (or “hybrid”) P2PE standards that require hardware encryption, but allow software decryption, as long as keys are still managed by an HSM.

Hold – A hold is placed on a portion of the customer’s credit limit or debit balance if the final transaction balance is unavailable or unknown, such as during a hotel stay. For example, at a hotel, after calculating how many drinks the customer took from the mini bar or room service charges, the merchant can finalize the transaction for the total amount.


Independent Sales Organization (ISO) – See merchant services provider.

Integration – A combination of two or more things to create something larger. Shift4’s DOLLARS ON THE NET enables a variety of technological integrations for an enterprise-wide solution featuring the most advanced fraud controls and auditing tools, as well as true bank and processor neutrality.

Interchange – The exchange of transaction data, in this case credit card payments, between a merchant bank and the issuing bank.

Interchange Fee – This is the fee charged by Visa and MasterCard to complete a transaction and deposit money into a merchant’s account. The fee is based on credit card regulations and the capture of appropriate data, including card swipe, address, and electronic signature, as needed.

Note: American Express and Discover do not participate in the interchange process. Instead, American Express and Discover each act as their own issuing bank, merchant bank, and card associations, handling all aspects of the card transaction and not sharing any of their fees. Merchants must have a separate agreement with American Express and/or Discover in order to process transactions using their cards.

For more information on interchange fees and other fees, check out our Credit Card 101 tutorial.

Issuing Bank or Issuer – A bank or other financial institution that issues credit cards. Issuers charge cardholders interest and associated fees as they apply to the use of the various branded cards. Issuing banks hold the majority of the power in the credit card industry because they set the rates and terms of credit issued and repaid.

IT’S YOUR CARD® (IYC) – Shift4’s comprehensive gift card solution, which integrates with DOLLARS ON THE NET. Merchants who want the flexibility to design their own gift card program can easily deploy IYC to meet their business’ sales and marketing needs quickly, easily, and securely.

i4Go® – Shift4’s secure payment solution for e-commerce transactions. If a business uses an Internet-browser-based point of sale, such as a kiosk or website, then this is the payment processing solution to use. i4Go prevents actual cardholder data from being entered or stored in your servers just like our 4Go technology does for brick-and-mortar (non-browser-based) systems.


Joint Credit – An instance in which two or more people share credit. For example, the credit of two individuals may be required to make a big purchase, such as a house.


Key – The generic term for a password or table needed to decipher encoded data. It’s usually used in the data storage and encryption process that takes place during credit card authorization.

Knuckle-Buster – A machine that makes an impression of a credit card on a carbon receipt. Not often used today, many merchants still have them as a backup. Those who have been in the payments industry for a long time may refer to these devices as “zip-zap machines.”


Lighthouse Transaction Manager – Shift4’s enterprise-wide payment gateway plus. A payment solution that goes beyond simple transactions, Lighthouse Transaction Manager features the most advanced fraud controls and auditing tools, true bank- and processor-neutrality, and the industry’s best security technologies, including TrueTokenization. Every day, thousands of merchants rely on Lighthouse Transaction Manager for fast, accurate, and secure transactions.

Late Payment Fee – Usually imposed on a borrower when he does not make the minimum payment on a credit card by the payment deadline.

Loyalty Program – Used by many credit card issuers to maintain and generate new customers, loyalty programs offer incentives for the use of a specific card.

LUHN Mod 10 – A simple mathematical formula used to validate the number on a credit card. It may also be called the LUHN formula or LUHN modulus 10.


Magnetic Stripe – A type of card, sometimes called a mag stripe, capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card.

MATCH List – The MATCH List provides a list of all merchants and individuals that have had accounts terminated with cause. MATCH is an acronym for Member Alert to Control High Risk. It is also known as the terminated merchant file (TMF).

Merchant – Merchants are authorized to accept a credit card as payment for goods and services.

Merchant Account – A specific line of credit that enables merchants to accept credit card transactions for goods and services, enabling the bank to pay for authorized credit requests prior to receiving funds from the issuing bank. There are a few different types of merchant accounts, described below.

Card-Present Merchant Accounts:

  • Retail – The most common form of merchant account, retail merchant accounts are used for businesses that provide goods and services in a face-to-face environment. If a merchant will be relying on magnetic stripe data and does not qualify for any of the other card-present categories, then this is the type of account normally used.
  • Restaurant – Restaurant merchants follow all of the same rules and requirements as retail merchants. However, “tip” and “clerk” are two additional fields that are required by the card associations in order for a transaction to be eligible for the quoted discount rate for a restaurant.
  • Hospitality – Hospitality merchants have more information to handle than any other merchant type. Things like check-in date, number of nights stayed, incremental authorizations, etc., make it difficult (but not impossible) for hospitality merchants to qualify for their quoted discount rate. In the case of resorts and large, full-service hotels, it’s not uncommon for there to be multiple merchant accounts of varying types on the same property.
  • Auto Rental – Auto rental merchant accounts are used solely by organizations that rent vehicles. Auto rental merchants must provide a variety of additional information specific to the auto rental agreement along with their transaction data. The majority of these transactions will be carried out face-to-face and a card swipe will occur.

Card-Not-Present Merchant Accounts:

  • Mail Order/Telephone Order (MO/TO) – MO/TO is used when the merchant’s primary mode of sales is not conducted face-to-face with the cardholder. There is a higher risk of fraudulent activities, and, as a result, MO/TO accounts carry higher discount rates than the previously mentioned account types. Additional security checks must be handled as well, such as Address Verification System (AVS) and Cardholder Verification Value (CVV2).
  • e-Commerce – e-Commerce merchant accounts carry the highest quoted discount rates. There are two different types of e-commerce accounts: physical and digital. A physical account represents a Web merchant that is shipping or providing some form of tangible product to the cardholder, whereas a digital merchant provides a service.

Merchant Bank – A bank where merchants hold their account(s). The bank provides merchants with the money from a transaction before the actual funds have been processed via interchange from the various cardholders’ issuing banks. The charge for this service is the discount rate, but the merchant bank also shares in the interchange fee charged by the card associations.

Merchant Identification Number (MID) – An identification number that, to the merchant bank, represents a single merchant’s profit center or revenue center for the purpose of processing and tracking credit card transactions. For instance, a hotel may have multiple MIDs for its operation, such as a front desk, retail shop, or restaurant. Each of these should have its own merchant bank MID, as doing otherwise would result in higher processing fees and assessments. To Shift4, a MID is a specific profit or revenue center that may exist in a one-to-one relationship with a merchant bank’s MID or may, when combined with a unique merchant Terminal ID (TID), “break out” revenue into “logical pools” of transactions based on the revenue source of those transactions, such as retail vs e-commerce in merchant categories that allow such comingling.

Merchant Services Provider (MSP) – This organization handles the setup of the front-end and back-end processors and the paperwork required in order for a merchant account to be able to receive transaction funds. A merchant services provider can work directly for a merchant bank, but is usually an independent sales organization with ties to many merchant banks. In some rare cases, merchant services providers and independent sales organizations are agents for American Express and/or Discover who can enable the acceptance of those cards.

MetaToken – A MetaToken is a token that remains constant for a cardholder’s primary account number (PAN) and shares a similar composition to a TrueToken. MetaTokens allow merchants who don’t want PAN data in their system to still maintain a one-to-one relationship with the PAN for marketing and loyalty analysis. MetaTokens allow merchants to track, trend, and analyze card usage for the life of the cardholder’s PAN. A single MetaToken can reference one or more TrueTokens and may be continually (automatically) updated to include new and subsequent transactions such as credit returns, card-on-file, bill-backs, membership, subscriptions, etc.


NFC – Formally known as near field communication, NFC is a set of close-range wireless technologies that enable a connection for processing mobile payments.

Neutrality – As a merchant advocate, Shift4 offers the merchant freedom to support their business with the best rates and service available with the ability to choose their own bank or processor. In this way, using Lighthouse Transaction Manager for your payment gateway empowers you to negotiate the most favorable interchange rates and reduce chargebacks, downgrades, and fees while protecting your customers’ data with industry-leading security.


Omnichannel – A multi-channel approach to sales, enabling consumers to experience a brand wherever they are, mostly with reference to online channels. With Shift4, merchants can add an e-commerce outlet to their business without increasing their breach profile. Lighthouse Transaction Manager offers industry-leading security features, supporting mobile, contactless (NFC), and EMV (Chip and PIN) payments for merchants of all sizes – whether you’re a small boutique retailer or have hundreds of stores with online sales. Also see EMV and NFC.

Over-Limit – Being over-limit refers to a cardholder’s account that has exceeded its credit limit.


Payment Application Data Security Standards (PA-DSS) – PA-DSS is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). PA-DSS is meant to provide the definitive data standard for software vendors that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data, including magnetic stripe, cardholder verification value (CVV2), or PIN. Also see Payment Card Industry Security Standards Council (PCI SSC).

Payment Application Qualified Security Assessor (PA-QSA) – A PA-QSA is a company that is qualified by the Payment Card Industry Security Standards Council (PCI SSC) to assess organizational compliance to the PCI PA-DSS.

Payment Card Industry Audits (PCI Audits) – PCI requires any system that stores, processes, or transmits cardholder data to be subject to annual reviews to verify compliance with the PCI Data Security Standard (PCI DSS).

Payment Card Industry Data Security Standards (PCI DSS) – Created in 2004 by the four major credit card companies (American Express, Discover, MasterCard, and Visa) and maintained by the PCI Security Standards Council (PCI SSC), the PCI DSS is a widely accepted set of policies and procedures intended to optimize the security of credit, cash, and debit card transactions and to protect cardholders against the misuse of their personal information. Also see cardholder data.

Payment Card Industry Security Standards Council (PCI SSC) – An open global forum established in 2006 by five founding global payment brands (American Express, Discover, JCB International, MasterCard, and Visa), the PCI SSC is responsible for the development, management, education, and awareness of the PCI Security Standards, which are intended to help organizations ensure the safe handling of cardholder information. In the payments industry, the PCI SSC is commonly referred to simply as PCI. Also see Payment Application Data Security Standards (PA-DSS) and Payment Card Industry Data Security Standards (PCI DSS).

PIN – A personal identification number commonly used to verify a transaction being made with a debit card. EMV (Chip and PIN) cards may also require entering a PIN to verify card-present purchases.

Point of Sale (POS) – The mechanism or application through which a payment transaction is processed in exchange for goods or services. The term “point of sale” may refer to the actual mechanism or application that processes transactions, or it may also be used in reference to the point-of-sale system that manages all point-of-sale mechanisms or applications for a retailer.

Point-to-Point Encryption (P2PE) – A security solution that immediately encrypts cardholder data at the swipe device so sensitive data is never actually processed or stored in your point-of-sale system. As soon as a credit card is swiped, the information is intercepted, encrypted, and sent to Shift4 for processing. This tool, when used along with Shift4’s TrueTokenization, has the ability to drastically reduce your entire enterprise’s PCI scope (see Payment Card Industry Audits). Shift4’s Lighthouse Transaction Manager includes P2PE at no additional cost.

Processor A company (often a third party) that handles credit card transactions for merchant banks and is usually paid per transaction. They are usually broken down into two types: front-end and back-end. However, there is a gray area.

In the simplest sense, front-end processors tell merchants if the card is authorized and back-end processors settle the charge and move the money. Front-end processors have connections to various card associations and they supply authorization and settlement services to merchant accounts. Back-end processors accept settlements from front-end processors and, via the Federal Reserve Bank (Fed), move the money from the issuing bank to the merchant bank. In some cases, the merchant bank gets the settlement information from front-end processors and in other cases, from the back-end processors. This is the gray area.

The situation becomes even less clear when you consider that some third-party processors are both front-end and back-end processors; some merchant banks are their own front-end processors, back-end processors, or both.

Property Management System (PMS) – A computerized system that streamlines operations by simplifying processes through the use of a single software solution for coordinating tasks and activities such as accounting, budgeting, forecasting, maintenance, and more.


Qualifying Ratio – Lenders use ratios to gauge a credit applicant’s ability to meet the requested debt responsibilities.


Reloadable Card – A prepaid card on which a customer is able to load additional credits multiple times.

Retrieval Request – A request sent by the issuing bank for a merchant to verify that a transaction has taken place. A customer has a 60-day window during which they may dispute a given charge. Merchants are charged by their merchant services provider (MSP) for each retrieval request. If the merchant does not respond in a timely basis, they can be charged an additional timeliness fee or lose the transaction completely. Also see chargeback.


Secure Offline Stand-In® (SOS) – One of the advanced features available with Shift4’s Universal Transaction Gateway® (UTG®), SOS allows merchants to set a maximum dollar value at which they are comfortable issuing automatic “stand-in” authorizations without requesting voice authorizations for enhanced offline processing during unexpected disruptions to Internet connectivity.

Settlement This is the process merchants must complete at the end of the day in order to be paid for their transactions.

The merchant sends all of the transactions authorized that day back to the front-end processor, who forwards them to the back-end processor (or occasionally directly to the merchant bank). Transaction records are then forwarded to the Federal Reserve Bank (Fed), where funds are moved from the issuing bank to your merchant bank. (By this point the merchant bank has typically already deposited the money into your merchant account, making this payment a “repayment” to them fronting you the money.)

Note: The product or service must be delivered or performed before settlement can take place. In the case of mail order/telephone order, this specifically means the goods must be shipped before the settlement process is performed.

Signature Capture (SigCap) – Electronic capture of the cardholder’s signature is a powerful tool for chargeback defense. If you have your customer sign over a digital device at the point of sale, their signature is captured to allow a program such as Lighthouse Transaction Manager to faithfully store and reproduce it in chargeback defenses, if need be.

Software as a Service (SaaS) When we say that Lighthouse Transaction Manager is a SaaS solution, what we are really saying is that it is a hosted, Web-based solution. This is also known as an application service provider (ASP). Shift4's servers hold merchant applications and data while our equipment powers merchant applications and runs transactions on behalf of the merchants (usually called “hosting”). Merchants can access Lighthouse Transaction Manager and the data over the Web.


TINO – Standing for “Tokenization in Name Only,” TINO refers to products that offer ill-thought-out, mathematically-derived primary account number (PAN) encryptions that offer incomplete solutions. These products use the name “tokenization” but are not providing users with the levels of data protections or simplification of PCI compliance offered by a true solution.

Terminal Identification Number (TID) – An identification number that, to the merchant bank or card association, represents a particular point-of-sale register or terminal/device collecting payment information. It is often important that the device collecting payment information has its own TID, or another such equivalent value so that the Card Associations can, for fraud mitigation purposes, track the origin of a particular transaction.

Terminated Merchant File (TMF) – See MATCH List.

Token – A unique ID to reference the actual data associated with a card number or specific transaction.

Tokenization – A payments industry term, first coined by Shift4, describing the concept of using a non-decryptable piece of data to represent, by reference, sensitive or secret data.

TokenShare® – A capability within Lighthouse Transaction Manager that allows merchants to securely grant another Lighthouse Transaction Manager merchant the use of their TrueTokens, further ensuring cardholder data is not reintroduced to the merchant’s payment environment when processing transactions that involve another merchant, location, or merchant ID. (For example, a retailer can securely grant a tailor using Lighthouse Transaction Manager to process an authorized transaction for a customer who is requesting alterations. Similarly, a merchant can process a return for a purchase made at a different location of a chain using the TrueToken instead of cardholder data, keeping the transaction out of PCI scope.)

TokenStore® – Think token storage, not a place to buy tokens. This program allows merchants using Lighthouse Transaction Manager to register payment cards prior to authorization in exchange for TrueTokens. Merchants can set the retention period (up to 24 months) and decide whether to configure individual cards (in the form of a TrueToken) for single-transaction or multiple-transaction usage.

Transaction – Unlike many other companies, Shift4 only considers authorizations and settlements to be transactions, so we only charge transaction fees for those two items.

Transmission Control Protocol/Internet Protocol (TCP/IP) – The set of rules for how computers and other electronic devices should connect to the Internet and how data should be sent between them. Essentially, this is how a Web browser can communicate to a Web server and how a merchant’s email program sends and receives mail over the Internet. While these are two distinct network systems, the transport layer and network layer respectively, they are so often used together that TCP\IP is the standard terminology.

TrueToken® – Shift4’s proprietary, unique ID to reference the actual data associated with a card number or specific transaction. The composition of a TrueToken is a 16-character value comprised of the last four digits of the primary account number (PAN) followed by a random 12-character alphanumeric code. A TrueToken can be registered in Lighthouse Transaction Manager and then has the ability to be regenerated for up to 24 additional months ongoing for the same payment card.

TrueTokenization® – Shift4 invented tokenization and introduced it to the payments industry in 2005. TrueTokenization replaces cardholder data with false cardholder data in the merchant’s environment to remove the vulnerability issues associated with the long-term storage of sensitive cardholder data. When your customer’s card information is tokenized with Shift4, you are using the original and the most secure tokenization solution available. Not all tokens are created equal, but our TrueTokens exceed PCI’s strict standards for tokenization and make you eligible for a scope reduction when in use.


Universal Transaction Gateway® (UTG®) – Shift4’s virtual private network (VPN) software, which protects the transport of sensitive financial data from interfaced systems to Lighthouse Transaction Manager. Offered as an easy-to-install application for any existing PCI compliant computer, within an organization’s trusted network segment, the UTG facilitates a seamless and highly-secure transaction connection to Shift4’s data centers. This ensures that our merchant customers can process fast and secure payments. Merchants can control the devices connected to their point of sale or property management system in order to add online debit transactions, check verification, and electronic signature capture capabilities. It is a PA-DSS-validated application that encrypts and securely transmits data from your point of sale, product management system, or e-commerce shopping cart directly to Lighthouse Transaction Manager.

User Authentication – The process during which the identity of an authorized credit card user is validated.


Virtual Private Network (VPN) – A type of network that provides a secure and reliable connection over the Internet for processing payments, such as Shift4’s UTG. The VPN works to deny unauthorized users’ access and encrypts data to prevent unauthorized users from reading the information.

Visa Merchant – A merchant that displays the Visa symbol and accepts Visa cards.

Void – A void cancels a transaction that has been recorded for settlement, but has not yet been settled.

VT4® – The payments industry’s first 100% bank- and processor-neutral mobile payment app, VT4 is Shift4’s mobile payment solution, integrating mobile P2PE and TrueTokenization® with Lighthouse Transaction Manager.


Zip-Zap Machine – See knuckle-buster.

No results found
site map | privacy policy | contact us | 702.597.2480
Shift4 pci Security Standards   Privacy-Shield-Seal