Shift4
Shift4 Dollars On The Net Login Dollars On The Net My Portal Request a Quote

Security Corner

What You Need to Know About EMV

PCI DSS Requirement 12.8 - Service Provider Management

Shift4 Security Policies and Important Information

Credit Card Association Security Programs

Security Education

What You Need to Know About EMV

In the rush to release EMV-capable devices, many solutions came to market with lackluster security; in fact, some actually allowed card data to be sent from the EMV device to the point of sale in clear-text – leaving merchants more vulnerable to a data breach than they had been prior to EMV. To ensure that our merchant customers never fall victim to the misconception that EMV is a security solution when is in fact an authentication tool, Shift4 requires the use of point-to-point encryption with every new EMV implementation. Shift4’s UTG is programmed to verify P2PE configurations on startup and will not enable EMV capability on any device that is not securely configured.

In the event that an EMV terminal transmits unencrypted card data to the UTG, an error will be returned to the POS and the card data will not be processed. Remember, EMV is designed to protect merchants from the fraudulent use of card-data stolen in previous breaches, while TrueTokenization and P2PE shield merchants from becoming the victim of the next breach.

Shift4

PCI DSS Requirement 12.8 - Service Provider Management

If you retain service providers to process, store, or transmit cardholder data, you must have policies and procedures in place to manage those service providers. While there are no general guidelines to manage service providers, there are four specific PCI DSS requirements.

  • Maintain a list of service providers. (Requirement 12.8.1)

    Shift4 Payments is a PCI DSS-validated Visa Third-Party Agent and MasterCard Third-Party Processor. Shift4 Payments is not a shared hosting provider (see PCI DSS Requirement 2.4).

    Shift4
  • Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of your cardholder data. (Requirement 12.8.2)

    When you sign on with Shift4 Payments, the Merchant Services Agreement will specify exactly what you can expect regarding the security of your cardholder data.

  • Shift4

    Ensure there is an established process for engaging service providers, including proper due
    diligence prior to engagement. (Requirement 12.8.3)

    Shift4
  • Maintain a program to monitor service providers' PCI DSS compliance status annually.
    (Requirement 12.8.4)

    Please refer to the following PCI DSS compliance documentation:

    Shift4 Shift4 ASV Scan Attestation
    Download PDF
    Shift4
    Shift4 Shift4 Payments PCI DSS Attestation of Compliance
    Download PDF
    1.39MB
    Shift4

    Find PCI DSS Validated Service Providers:

    Shift4

Shift4’s PCI-Validated True P2PE® (Point-to-Point Encryption) Solution

Shift4 Shift4’s PCI-Validated True P2PE Solution
Download PDF
1.17MB
Shift4
Shift4 PCI P2PE Instruction Manual – True P2PE
Download PDF
179KB
Shift4
Shift4

Shift4 Security Policies and Important Information

See the documents below for the most recent updates on our security policies and procedures.

Shift4 Privacy Shield: Common and Supplementary Principles
Download PDF
92KB
Shift4
Shift4 PCI-DSS Roles and Responsibilities
Download PDF
68KB
Shift4
Shift4 Universal Transaction Gateway Change Management
Download PDF
39KB
Shift4
Shift4 Internet-Borne Malicious Activity on Shift4 Systems
Download PDF
38KB
Shift4
Shift4

European Union – General Data Protection Regulation

The following document constitutes Shift4’s official policy on its role as a Personal Data Processor under the European Union – General Data Protection Regulation. Unless otherwise agreed upon by Shift4 and Client/Merchants, Shift4 will systematically process all Personal Data without prejudice and as detailed therein. Merchants having relationships with EU Data Subjects should 1) register their legal entity with the Information Commissioner’s Office, https://ico.org.uk/, 2) submit their Data Controller Policy to the office of the Shift4 Data Protection Officer, GDPR@Shift4.com, and 3) begin the process of consummating the accompanying Data Processor Addendum

Shift4 Shift4 Payments General Data Protection Regulation (GDRP) Policy Statement
Download PDF
145KB
Shift4
Shift4 Shift4 Payments General Data Protection Regulation (GDPR) Addendum
Download PDF
31KB
Shift4
Shift4

PA-DSS Attestations of Validation

Below are the annual PA-DSS Attestations of Validation (AOV) for Shift4’s PCI-validated payment solutions

Shift4 AOV for Shift4's Universal Transaction Gateway (PCI version 3.2)
Download PDF
788KB
Shift4
Shift4 AOV for Shift4's 4Go (PCI version 3.2)
Download PDF
837KB
Shift4
Shift4 AOV for Shift4's Secure Suite 4 MICROS 3700 (PCI version 3.2)
Download PDF
831KB
Shift4
Shift4 AOV for Shift4's Secure Suite 4 MICROS 9700 (PCI version 3.2)
Download PDF
825KB
Shift4
Shift4

Credit Card Association Security Programs

The following links can give you current information on the card associations' security protocols.

Shift4 American Express
Visit Site Shift4
Shift4 Discover
Visit Site Shift4
Shift4 JCB
Visit Site Shift4
Shift4 MasterCard
Visit Site Shift4
Shift4 Visa
Visit Site Shift4
Shift4

Security Education

The links below contain a wealth of information on IT and payments security from external sources that our team of experts consider reliable.

Shift4 Trustwave Global Security Report
Download PDF
7.34MB
Trustwave Global Security Report
Shift4 Skimming Prevention: Best Practices for Merchants
Download PDF
1.19MB
Shift4
Shift4 U.S. Secret Service Electronic Crimes Task Force Bulletin Q3 2018
Download PDF
1.24MB
Shift4
Shift4 McAfee Labs Threats Report: June 2018
Download PDF
2.98MB
Shift4
Shift4 McAfee Threats Report Report: June 2018 (Infographic)
Download PDF
163KB
Shift4

Shift4Our mission is to apply pervasive and robust information assurance processes and technologies for partners, customers, and corporate entities to assure the availability, authenticity, integrity, and confidentiality of information assets and to protect information technology resources and facilities.

DID YOU KNOW?

Shift4 offers access to 24 months of transaction archives, protecting you against costly chargebacks and
retrieval requests.

HAVE A QUESTION?

Can't find what you're looking for?
Don't understand a selection of information? Use the quick contact feature; we're here to help.

 
Birdies4Shriners Shriners Hospitals Donate Today





Shift4
site map | privacy policy | contact us | 702.597.2480
Shift4 pci Security Standards   Privacy-Shield-Seal
TRUSTe