A Letter from Shift4's President Concerning the Terrible Tragedy in Las Vegas

thumb To our Merchants, Partners, and Colleagues,

By now all of you have heard about the tragic act of evil perpetrated last night on the Las Vegas Strip at the Route 91 concert. We wanted to wait to write to all of you until we had determined the status of our Shift4 family.

Are You Still Using Early TLS? It's Time to Take Action!

image By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation

We are rapidly approaching a day that I hope will not “live in infamy.” June 30, 2018. This is the day we must shut down early TLS on all of our production gateway interfaces.

How to Identify and Eliminate a New Malware Threat

thumb Visa recently published an alert warning merchants and acquirers of a new type of JavaScript-based malware that is specifically targeting merchants with e-commerce payment processing environments. As your neighborhood merchant advocate, we are passing this along to you. Here is what you need to know.

Shift4 Pioneers Hand Over Day-to-Day Operations

thumb Shift4 founders Dave and Kathy Oder have officially entered their well-deserved “semi-retirement” and have handed over the day-to-day operations of the company. J.D. Oder II has been promoted to president and CTO and Stephanie Stowers has been promoted to executive vice president and COO. Please join us in congratulating these two hard-working visionaries who will lead Shift4 to continued success. Click here for official announcement.

Executive Insight: True P2PE – What You Need To Know (Part 2)

image By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation

Riding on the fantastic news that Shift4’s True P2PE® solution is PCI validated, which means that you may be able to significantly reduce the scope and time of your PCI DSS assessments by using the Self-Assessment Questionnaire (SAQ) P2PE, I'm sure you have a ton of questions about your particular environment.

True P2PE Is Now PCI Validated!

thumb Big news! Our advanced point-to-point encryption solution, True P2PE, is now on the list of PCI-validated P2PE technologies. By encrypting cardholder data (CHD) at an approved payment terminal or device you can prevent CHD from entering your system. Now, you can continue taking advantage of same speed, security, and reliability of True P2PE with the added benefit of saving time and money by the use of the Self-Assessment Questionnaire (SAQ) P2PE “short form.” Click here for official announcement.

Introducing the New 4Word

thumb More security, added versatility – and a new look, too. Shift4’s 4Word gives merchants a way to share and control cardholder data (CHD) with a trusted third party so that payments can be processed according to the merchant’s business requirements or need, whether that third party is a Shift4 customer or not. We’ve recently completed a major update to the 4Word web app that helps merchants increase login security and the application’s usability – especially for those doing business internationally.

New Options in the UTG and DOLLARS ON THE NET

thumb We’ve added some useful new options to the UTG and DOLLARS ON THE NET. Here's what's new:

With this UTG update, merchants processing directly to American Express (AMEX) will be able to more accurately and securely verify AMEX cardholders using online PIN verification (if supported by the card) instead of relying solely on a signature.

Fraud Speak: Learn the Lingo to Beat Scammers

thumb As you are well aware, hackers and scammers pose an ongoing threat to your payment data. A single data breach can do enough damage to your company’s brand and finances to last years – if not bring an end to, or at least greatly hamper, your business operations. This is one of the reasons why we suggest layering the strongest payment security tools available. But, it also doesn’t hurt to stay up to date on the methods that are being used to steal payment data.

Avoid Suspended Batches Using New DOLLARS ON THE NET Viewing Option

thumb Did you know that fake authorization codes are the number one cause of suspended batches? No one wants to take the time to call a card issuer’s voice authorization center to get a referral code when facing a line of customers. But, when a busy clerk enters a fake code to force an authorization, it doesn’t just cause problems with that transaction in DOLLARS ON THE NET, it causes a portion of the batch – or even the entire batch of transactions – to suspend, leaving your auditor stuck with extra work or even a delay in funding.

Enhanced Support for Verifone PIN Pads in the Latest UTG Update

thumb We’ve added a few enhancements to our UTG 2290 release. If you use EMV with Verifone PIN pads, then you’ll be excited to learn we’re giving you more control over handling debit and credit cards in EMV processing (if the customer’s card allows for it).

Most Common Passwords Used in 2016

thumb Password manager and security vault company Keeper Security recently looked into 2016’s most commonly used passwords, and their research shows a shocking trend in using weak passwords across various websites. Because a weak password can lead to the very data breaches that they are meant to help prevent, it’s important to read this article about their research, originally featured in Security Week, and share it with your staff.