'Tis the Season to be Vigilant

The holiday season should be a time of joy and goodwill. Unfortunately, for many (especially in difficult economic times) it becomes a time of desperation and deceit. Historically, the holiday season has been prime season for theft, credit card fraud, and data security breaches. We don’t want your holiday cheer to be ruined by a fraudster or a thief, which is why we’re committed to providing you with vital security information and helpful hints.

Simple Clues to Early Detection of a Computer Breach

Defending your computer systems from Internet-borne threat agents can be a daunting task. Threat agents take on many forms. Among some of the nastiest are Remote Administration Trojans (RATs) and key-loggers that record data for later extraction through the RAT.

Don’t Lose Out on Hard-Earned Revenue – Use Aging Warning

After you’ve done all the work in a transaction – made the sale and accepted the client’s payment – if it isn’t batched out and settled in a timely manner, you get nothing for your efforts. And you may be losing money, as well. Sadly, Shift4’s Support staff has received numerous phone calls from merchants who have fallen victim to this unfortunate issue.

Voice Auth Refresher

Criminals are often smarter than we give them credit for. They know that at busy times of the day and during the busier times of the year, clerks are more distracted and it is therefore easier for them to get away with their illegal activities.

Tokenization IS Encryption - NOT! - Part 3

This is the final post of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first two sections can be found here, and here.

Tokenization IS Encryption - NOT! - Part 2

This is the second of a three-part series written by Steve Sommers, Shift4's SVP of Applications Development. The first section can be found here. The final installment will be published later in the week.

Tokenization IS Encryption - NOT!

This is the first of a three-part series written by Steve Sommers, Shift4's SVP of Applications Development. Additional sections will be published later in the week.

Will Your New POS/PMS Work with Shift4?

Implementing a new POS or PMS is often a major undertaking. Research, the purchase process, and planning for and then installing the new system can take months. How would you feel if you went through this whole process only to find that your new system does not work with Shift4?

Micros 3700 Swipe Issues with Secure Suite for Micros

Shift4 has recently identified a glitch that can occur in certain scenarios with Micros 3700 systems that are running a piece of technology called “Special Swipe” interfacing with our Secure Suite for Micros. Since the issue only arises when the product is used in conjunction with Shift4’s driver, please contact us and not Micros support to resolve it.

What to do if You Think You May Have Been Breached

Imagine you have just discovered something amiss in your system and signs point toward a potential data breach. Do you have a plan of action in place? Do you have people on hand who know how to deal with such a problem? If not, have you found an expert you can contact?

Are You Slowing Your Own Connection?

To facilitate the hundreds of millions of transactions we process each year, Shift4 maintains multiple data centers, a host of Web servers, and numerous Internet connections. The duplication of components provides redundancy and increases uptime, but thanks to a little bit of technical magic, it also enhances our speed.

Shift4 Makes AVS Better

In our last newsletter, we discussed several mistakes merchants make that can result in costly Visa downgrades. One of these mistakes was not getting all the necessary AVS information. In an effort to demystify AVS for our merchants and advise of Shift4 features and benefits you may not currently be taking advantage of, we would like to offer the following “encore edition” of AVS education.

More Suspended Batches? Discover the Solution

Back in July, we discussed suspended batches and gave you the two most common reasons batches suspend: 1) missing or invalid data included in the batch or 2) a communication failure somewhere between you and your processor.

Avoiding Visa’s Most Costly Downgrade

Have you ever seen “Electronic Interchange Reimbursement Fee” (EIRF) marked next to a transaction on your statements? Many of us see the word reimbursement and get excited. It sounds like we’re getting money back, doesn’t it? Well, we hate to break it to you, but that is not the case.

The Latest and Greatest – Why You Need to Update the UTG®

The Universal Transaction Gateway® (UTG®) makes much of what we do at Shift4 possible. The UTG is (at least partly) responsible for DOLLARS ON THE NET’s speed, security, reliability, simplicity, and our ability to take your POS out of PCI scope. Needless to say, it is a vital component and a piece of technology that we are quite proud of.

What Not to Do: The Most Avoidable Payment Processing Errors

Payment processing is an involved (and occasionally confusing) business. There are many players, many systems involved, and therefore many points for potential failure. At Shift4, we do all we can to eliminate or bypass potential points of failure within our sphere of influence. But, did you know there are a few steps you can take on your end to make things run even smoother?

The Durbin Amendment: How to Ensure You See the Benefits

We’ve heard a lot of buzz about the Durbin Amendment and the major cost savings that should come in response to the legislation. Last month, we introduced the main points of the legislation and encouraged those of you who do not currently support debit to consider doing so in order to capitalize on the upcoming rate reductions.

Changing IP Addresses

In order to avoid disruption of your transaction processing, Shift4 must be notified of any changes to the internal IP addresses of the machines running either the Universal Transaction Gateway® (UTG®) or your POS/PMS terminals. Also, if there is a change to the overall IP address schema of your network, informing Shift4 can save major confusion in the long run.

Tokenization, the Newest Horse - err, Camel - in the Stable

As the old saying goes, “a camel is a horse designed by a committee.” This saying perfectly describes the recently published PCI DSS Tokenization Guidelines from the PCI SSC. While the original intent of the document was a noble one, the final version fell way short.

The Durbin Amendment: What It Is, What It Means For Merchants

Between the raging debates, lobbying, legislation, and (finally) the Federal Reserve analysis and modification of the legislation, the Durbin Amendment has maintained a place in the news throughout the year. Now that the debates are over, and both sides have said their piece about the outcome (which seemed to leave all parties underwhelmed and frustrated), it is time to dig into the new rules and determine what effect, if any, it will have on you.

A Couple of Things You Should Know About Authorizations

First, we'll talk about the "A" you see occasionally in your transactions view when using DOLLARS ON THE NET®. We'll explain what it means and why it's there in the first place. Then, we will address a question Shift4 receives almost every day, "Can Shift4 help me release an authorization from a customer's card?"

Did You Know Shift4 Processes Directly to American Express?

Did you know that Shift4 maintains a private, direct connection to American Express? Why do we do this? Well, the answer is quite simple: we do it to make life easier for you, our merchants. Shift4's direct connection means we don't have to pay a third-party to submit this information for us – that saves you up to $.25 per transaction, which adds up quickly!

Settlement Windows

Settlement windows. You may not even know what they are, but there's a chance they're costing you extra money.

Another Way Shift4 Protects our Merchants

Shift4 is recognized as an industry leader in PCI compliance and information security. But as your business partner, we safeguard your organization in other ways as well. Here's a quick story that illustrates just how Shift4 and our admittedly stringent regulations help protect our customers.

Did Shift4 Really Invent Tokenization?

Shift4 Token Several companies claim to have been first-to-market with tokenization. Their evidences and believability vary widely, so while we cannot address the individual claims of our competitors, we can explain our claim and why we’re confident in saying that we invented tokenization and introduced it to the market.

Tokenization Guidelines Missed the Mark

This morning, the Payment Card Industry Security Standards Council (PCI SSC) published an “information supplement” entitled, PCI DSS Tokenization Guidelines. The document was designed to standardize the rapidly growing tokenization landscape and to give official word on how much benefit tokenization could bring to merchants striving to comply with PCI DSS requirements.

Is it Time for a Browser Upgrade?

Have you ever seen a company campaign against its own product? It’s certainly a rare occurrence, but Microsoft is currently in a campaign against one of its products – and has been for several months.

Doing Their Job: Is Shift4 PCI Compliant?

* This document has been updated for clarification of merchants’ responsibilities in light of PCI DSS requirement 12.8.

We have received a number of requests recently from clients seeking to confirm Shift4’s PCI compliance status. For those who are curious, here is the short answer: Yes, Shift4 is a PCI DSS validated Level 1 Service Provider and as such complies with (and exceeds) the PCI DSS requirements of annual onsite PCI security assessments and quarterly vulnerability scans.

Tokenization Webinar Recap

As you may already know, we’re passionate about tokenization. We should be; we introduced the technology to the industry in 2005 and have watched it “catch on” ever since. Those who follow our blog and other publications have heard us lament the bastardization of tokenization. That’s what we call it when competitors release TINO (“tokenization-in-name-only”) solutions that bear the name of tokenization but don’t offer the security and benefits that were inherent in the tokenization we designed and shared years ago.

New Roles and New Faces


There are a couple of new faces at Shift4 that we think you should know about and one familiar face has taken on a new role that you may like to know about.

e-Commerce Survey: What Solution do You Use?

A few months ago, we published an article called “Unifying Your Revenue Centers.” In that article we talked about our 350+ POS/PMS integrations and how we support most of the solutions you are likely to use. Proactively developing integrations to the industry’s top players has helped us become the world’s largest card-present gateway.

What is a Suspended Batch?

Have you ever had a suspended batch? Don’t be too scared, it’s not as bad as it sounds… in fact, it’s not a bad thing at all.

DOLLARS ON THE NET: So Much for Just Pennies

At current national average prices, for the pennies Shift4 charges for a typical transaction, you could buy almost two tablespoons of gasoline, which is just about enough to back your SUV out of the driveway. Or, for the same amount, Shift4 will provide you with all of this:

Is Tokenization a Fad?

Yesterday, Protegrity CTO Ulf Mattsson published a blog entitled, “Is Tokenization just a Fad?” The post was his response to an unnamed “key executive” who recently posed that question. Mattsson’s ultimate premise was that tokenization is a powerful and useful weapon in the IT and InfoSec professionals’ arsenal, and that it is certainly not a fad. I agree with this. However, there was one glaring error in his response with which I take issue.

On the Move

In an effort to keep connected with our existing customer base, grow our business, and keep abreast of the latest industry advances, Shift4 sends representatives to numerous tradeshows and industry events throughout the year.

Gateway +

Shift4 provides so many value-added services that it can be easy to forget that we are first and foremost a payment gateway. We connect merchants’ revenue centers (Point of Sale, Property Management System, e-commerce shopping cart, etc.) to the credit card processor of their choice. In the more than 16 years we’ve been in the industry, our business has grown beyond just gateway services – our commitment to world-class customer service has dictated several additions to our offering.

Executive Insight: Trace is the Light!

From time to time, if you are experiencing an issue, we may ask you to “send us trace” or we may even talk you through “turning on verbose trace” and ask you to send it to us the next day.

Debit: Is It Worth It?

Nothing worth doing is ever easy. Nowhere in the payment industry is that more true than with debit card processing. Unlike processing credit payments with relatively few variables, debit card processing involves numerous organizations, devices, networks, and – perhaps most confusing of all – encryption keys.

Important Message from Shift4 Support

In our efforts to continue to provide world-class service, Shift4 is constantly enhancing and updating our offerings and infrastructure. We are in the process of bringing an additional state-of-the-art data center online, and in that process have, and will continue, to modify and add new front-end telecommunication connections. This will result in increased bandwidth, availability and redundancy – increasing processing speed and enhancing solution resiliency.

Unifying Your Revenue Centers

If you have multiple lines of revenue in your business (i.e., restaurants within your hotel, e-commerce sales in addition to your brick-and-mortar location, etc.), now is the time get them all under the Shift4 umbrella.

Executive Insight: Resilience + Redundancy = Reliability

Companies that processes payment transactions talk about ”five nines” or 99.999% reliability – but none truly deliver it. In reality, a really good processing company delivers around 99.8%. That seems pretty good, too. But is it? It means in a given year, they average less than two hours a month of service disruption.

Are You on LinkedIn?

Recently LinkedIn announced a number of changes to the way business information is displayed on their site. Most exciting of all the changes for us is the ability clients now have to add testimonials to your page and to your specific products, you can find our page here. If you’d like to recommend Shift4 or one of our products, click on the images included below. We’ll pick the best review for each product and send the reviewer a Shift4 care package.

Just for Fun: The Shift4 Cruiser gets an Extreme Makeover

Those of you who follow Shift4Corp on Facebook or Twitter are by now familiar with our Friday antics and the Shift4 Cruiser world tour. For those who aren’t, each week our Shift4-branded Chevrolet Suburban makes an “appearance” at some famous locale around the globe. You can view the images on our Facebook page here.

Community Relations: Empowering the Next Generation

The brains are back! A few weeks from now, Shift4 will sponsor a group of Las Vegas middle schoolers as they travel across the nation to apply their engineering prowess to a series of challenges in the FIRST® LEGO® League (FLL) 2011 World Festival.

Community Relations: Jump for Scouting

Shift4 strives to be an active member of our local community, and was thrilled with the opportunity presented to us by the Las Vegas Area Council of the Boy Scouts of America (who happen to be a client of ours) to sponsor their Jump for Scouting Event.

Combat Internal Fraud

If you read our January newsletter, you already know that Shift4 was founded in response to a customer service inquiry. A client was looking for a unique solution, we were able to deliver that solution, and in the process come up with what we now call DOLLARS ON THE NET®.

BIN Management

Debit or Credit? This is the age old question.

Do you currently accept Debit? If so, have you set your BIN management floor limits yet? If not, you could be losing money on unnecessary transaction fees.

What You Had to Say: Results of the Customer Survey

We genuinely appreciate the time you took to respond to the survey we included with our last newsletter. The results confirmed some things that we were glad to hear and gave us the opportunity to cater our messaging to you, our clients.

Upgrade Required for MICROS 3700 Users

We recently sent an alert to all of our MICROS® users announcing a required upgrade for Secure Suite 4 MICROS 3700 – DOLLARS ON THE NET®.

Executive Insight: QSAs - Conflict of Interest?

In last month’s article, we discussed that your Merchant Services Provider (MSP) is responsible for informing and assisting you with your payment processing security. Because MSPs often don’t have the expertise in payment security, many will refer you to a Qualified Security Assessor (QSA), causing you to have to pay for the expertise that should already be included in the fees you pay your MSP for card processing.

Why We Need to Know When Your IP Address Changes

Shift4's Universal Transaction Gateway® (UTG) users must have a permanent IP address assigned to their PC, both for security purposes and so that the POS/PMS can always communicate. If this IP address is changed, and Shift4 is not informed, clients will not be able to connect to DOLLARS ON THE NET and therefore will be unable to process transactions until the IP address is reported to Shift4. It may be helpful to know that most DHCP (Dynamic Host Control Protocol) servers allow you to allocate what is known as a Permanent Lease. For those Network Engineers that would prefer not to set a Static IP Address for whatever reason, this will allow them to have the best of both worlds by having both DHCP and a constant IP for the UTG.

Why Audit?

The Shift4 product offering is extensive to say the least. We offer a myriad of tools and services to our clients, and one that is highly beneficial to the enduser is our auditing capabilities. Yet, it has come to our attention that many of our clients are not using DOLLARS ON THE NET’s built-in auditing tools.

A New Year’s Letter from Shift4's CEO and COO

Dear Customers,

As we enjoyed time with our family this holiday season, we had opportunity to reflect on the things in life for which we are most grateful. Obviously, family and dear friends came to mind, along with the necessities of life that are so often taken for granted. We also found ourselves thinking of our loyal clients – those like you who have chosen to become part of the Shift4 family.

NetCharge is now 4VT®

Shift4 has included the NetCharge virtual terminal as part of DOLLARS ON THE NET® since the product was released more than a decade ago. NetCharge has always been an extremely useful application, bringing the power of our solution to any merchant with a computer and Internet access.

Shift4: Founded on World-Class Customer Support

In the late 1980s, the Shift4 founders were running a successful accounting software business in Southern California when a long-time customer approached them with an issue: she needed a way to integrate her front-of-house credit card system with her back-office accounting program.

Stand-In vs. Dial-Up Backup

Last month we introduced you to a new feature we call Stand-In. If you didn’t happen to read that article, you can find it in its entirety here. The basic gist of Stand-In is that you are able to continue processing transactions even when Internet connectivity is lost. Since we released that article, many clients have asked us how Stand-In compares to other backup methods, including dedicated dial-up connections. Here is our answer:

Executive Insight: Credit Card Security

As a merchant advocate, Shift4 strives to make you aware of your obligation to protect the cardholder information in your possession (card swipes, primary account numbers and associated expiration dates, etc.). This information can be of a physical nature or of an electronic nature within your Point-of-Sale (POS) or back-office accounting systems.