The Hacker Who Tried to Steal Christmas

While you enjoy all the treasures this season holds, We hope you'll take a moment to watch as a story unfolds, About a hacker who tried to spoil Christmas day, Until merchants using Shift4 got in his way…

EMV Update

thumb The chip cards are coming! We are now just 10 months away from the October 2015 liability shift date for U.S. EMV. That’s the date the card brands set to have all U.S. merchants supporting EMV (Chip card) technology. After that date, whichever organization breaks the “EMV chain” will be held responsible for fraudulent card activity that could have been prevented had they supported EMV.

Shift4, P2PE, and PCI Validation

thumbnail Update 4/19/17: Shift4’s point-to-point encryption solution, True P2PE, is now PCI validated. We were able to build a unique solution that met the PCI SSC validation requirements without compromising our own high standards for speed, security, and reliability. Because of this, some of the information in this article (which was published in 2014) may not reflect our current stance and policies on the topic.

Executive Insight: Tools for Preventing Fraud and Breaches

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation
This piece is part three of a series on the differences between fraud and breaches. The first article in the series can be found here and the second article in the series can be found here.

Credit Card 101

thumb One thing's certain: the payment processing industry isn't getting any simpler. Emergent technologies, adaptive and cunning thieves, ever-changing federal and state legislation, and thousands of other factors can make understanding how a payment is processed all but impossible.

Fear not, merchants. Shift4 is here to guide you through the world of payment processing and provide a sound understanding of the players and processes involved.

Everything You Need to Know About Payments. Click here

Shift4 Now Supports Apple Pay

thumbnail We told you last month that adding support for Apple Pay™ was going to be quick and easy, and it was. We’re happy to announce that Shift4 now supports Apple Pay contactless (NFC) payments. In fact, a few of our customers have already starting processing Apple Pay transactions.

Prepare Payments for the Big Holiday Rush: 3 Things to Do

According to the National Retail Federation, for the 2014 holiday season, retailers in the United States can anticipate a 4.1 percent increase in sales volumes compared with 2013, resulting in an expected $616.9 billion in total sales. As it is already November, the season is just kicking into gear.

How to Protect Yourself From the POODLE SSL Vulnerability

thumbnail There’s a new, major Internet security vulnerability that you need to be aware of. It’s called POODLE, and it essentially allows hackers to intercept encrypted data sent from your Web browser (e.g., Internet Explorer) to secure websites (your bank, email account, etc.).

Unify Your Enterprise Payments Under Shift4

thumb Many of our customers have multiple revenue centers. Some of these are resort properties in the hospitality industry with a front desk, retail stores, restaurants, and a spa. Others are omni-channel providers with both brick-and-mortar and e-commerce sales.

Executive Insight: Have You Actually Been Breached?

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation
This piece is part 2 of a series on the differences between fraud and breaches. The first article in the series can be found here.

Free Webinar on November 18, 2014

Sertifi and Shift4 integrate to bring you a secure method for collecting signed contracts and PCI-compliant credit card payments.

Re: Bob Russo: Breached! published an article last week that featured an unusually candid Bob Russo. For those who aren’t familiar with that name, Russo is the recently retired GM of the Payment Card Industry Security Standards Council (PCI SSC). As GM and cheerleader-in-chief, Russo spent most of the last decade trying to get merchants to buy into PCI’s standard and convince us all that PCI compliance was the be-all, end-all.

Executive Insight: Fraud or Breach?

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation

Fraud and breach are two words that no merchant wants to hear in relation to their business. Confusing fraud for a breach – or assuming they are the same thing – can lead to panic, overreaction, and unfortunate unintended consequences.

4 Things to Consider When Implementing a Gift Card Program

thumb Gift card sales are growing. Increasingly tech-savvy and choice-driven customers want to let gift recipients take a hop into the driver’s seat by selecting their own presents through the use of gift cards for birthdays, holidays, and other special occasions. On the merchant side of things, offering gift cards is a proven method for driving sales, promoting customer loyalty, and enhancing marketing efforts.

100 Businesses Breached in One Attack

thumbnail It seems like we’re hearing about a new major card-data breach on an almost weekly basis. It’s both incredibly frustrating and incredibly sad to see millions of people paying the price for businesses’ failures to adequately secure their data. What’s even more concerning is that it’s happening so often that we’ve heard people say, “Breaches are just part of the cost of doing business these days.”

Shift4 Mints 10 More CISSPs

thumb In a globally connected world, businesses of every size need to think not just about their compliance with PCI, but also about how to combat the persistent threat of skilled cybercriminals beyond the scope required by compliance. We hope you know that the Shift4 family is always prepared with the most innovative and comprehensive security for payment card data across your enterprise.

Shift4's Plan for Apple Pay

Apple Pay Recently announced by Apple®, Apple Pay™ is a mobile payments tool that uses near-field communication (NFC) to communicate with NFC-enabled terminal devices. Apple Pay will be delivered to the iPhone® 6 in an update scheduled later this month and to the Apple Watch™ upon its release in early 2015.

Executive Insight: Get Your Head Out of the Cloud

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation

American author Wilferd Peterson famously wrote, “Walk with the dreamers … the doers, the successful people with their heads in the clouds and their feet on the ground.”

Consumers Care About Card Data Security

For years, we’ve been warning merchants about the brand damage that can come as a result of a card data breach, and recently a series of articles and research studies have made it clear just how harmful it can be. If you’re not currently taking full advantage of our suite of security technologies, including both TrueTokenization® and point-to-point encryption (P2PE), here are a few reasons to make the change.

Where Do I Find…?

Remember when you were a kid and your mom magically knew exactly where everything was? Glue stick? In the drawer under the phone. Your left shoe? Behind the couch. It seemed no matter what you were looking for, she knew exactly where to find it. Now, we don’t claim to have cracked the secret code of “mom powers,” but we have to admit that Shift4 Support has a similar knack for helping you find things.

Six Reasons to Love Shift4’s Gift Card Solution

Every year, over 90% of U.S. consumers purchase or receive a gift card. In a study conducted last year, 41% of consumers reported having tried a retail store, restaurant, or hotel for the first time because they received a gift card for that business. Of that group, 72% returned to that business. Oh, and don’t forget that 70% of consumers spend more than the value of the card. Looking at these numbers, implementing a gift card solution for your business seems like common sense – and we’ve made it easy.

Used Credit Card Devices? Bad Idea

Buying secondhand (used) credit card PIN pad devices as a way to save money could come with a lot of headaches and limitations – and not nearly the cost savings you might expect.

Executive Insight: The Truth About Uptime

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation

There’s a lot of buzz in the payments industry about uptime and how many “nines” you should be looking for in a potential service provider. To make sure we’re all on the same page, let me explain what I mean by uptime and what exactly these nines signify.

The Fight for Tokenization

We recently came across an article published by Digital Transactions that discussed “The Furious Battle to Control Tokenization.” The article laid out the politics and power struggles within the payments space and did a good job of explaining the current state of the industry.

EMV: Silver Bullet or Red Herring?

In the wake of the major retail breaches late last year, the card brands (and a few of the larger issuing banks) dumped huge amounts of money into PR campaigns that positioned EMV as the solution to our card-data security troubles. Now, those of you who follow our blog closely will remember that we very quickly spoke out and warned that this is not true and that EMV wouldn’t have stopped the recent breaches.

Are Constant Breaches the New Norm?

Target, Michael’s, Neiman Marcus, White Lodging, and now P.F. Chang’s. It seems like every month there is a new, major data breach making headlines. In the most recent case, P.F. Chang’s appears to have been compromised for close to nine months, and experts say more than seven million card numbers may have been stolen.

The FTC is Prosecuting Shady MSPs and ISOs

After 20 years in the industry, we’ve noticed that far too many of them seem motivated only by the dollar, and not by any real desire to help the merchants they supposedly serve. For years, we’ve warned our merchant customers about the shady business practices of some merchant services providers (MSPs) and independent sales organizations (ISOs).

Come See Us at HITEC

HITEC, the hospitality industry’s largest technology conference, is coming up in just a few weeks. We’ve been regulars there for more than 15 years. Along the way, we’ve seen the resort/lodging industry grow and technologies come and go. We’ve made plenty of great friends, built many strong partnerships, and gained thousands of customers.

Our New Data Center at Switch SUPERNAP

Last year, we told you about plans for a new data center that would provide another layer of redundancy for Shift4’s DOLLARS ON THE NET® payment gateway, which equates to even more reliable payment processing for you, our merchant customers. And now we’re proud to announce the new data center in the Switch SUPERNAP facility is officially up and running!

News From the Development Team

Our Development team is constantly working to improve our offerings so DOLLARS ON THE NET® and all of our other solutions work faster and better for you. We hope you’re enjoying the enhanced usability of DOLLARS ON THE NET. Below are some other updates.

Coming This Summer to a Mobile Device Near You: VT4®

We announced our mobile payments product, VT4®, during last month’s Transact 14: Powered by ETA conference. Our team has been hard at work creating the fastest and most secure mobile payment solution for you. VT4 will provide merchants a convenient way to accept credit, debit, gift card, and cash transactions from a smartphone, tablet, or laptop. VT4 turns mobile devices into a point of sale, and will be accessible through our iOS app or a Web browser.

New U.S. Executive Order for Russian-Issued Cards

As your merchant advocate, we want to take just a moment of your time to let you know about a recent United States Executive Order impacting all U.S. processors. It may have an impact on your business, especially if a high percentage of your clientele uses internationally-issued payment cards.

Executive Insight: Merchant-Focused Innovation

We’re proud of what we’ve done over the past 20 years, and most of all, we’re proud to still call ourselves merchant advocates. While most other payments companies have sold out and taken buyout offers that left their customer loyalty questionable at best, Shift4 retains our independence and we continue to pioneer technologies that do what’s best for our merchant customers.

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 is aware of the “Heartbleed” vulnerability that is being reported by security bloggers and the mainstream media. None of Shift4’s technologies have been affected by the Heartbleed bug. Because we’re your merchant advocates, we have put together the following information to help you protect your personal information from other sites that may have been compromised.

Expecting Increased Transaction Volume?

As the weather is warming up and many of you are gearing up for your busy season, Shift4 is springing into action as well! Odds are good that you have something planned this year that will result in a significant increase or spike in your transaction volume.

Spring Clean Your DOLLARS ON THE NET® Account

Spring officially arrived last month, which means it’s time to start thinking about spring cleaning your DOLLARS ON THE NET® account by removing former users that might be remaining. Doing so will protect against unwanted access to your account.

VISA Issues POS Malware Alert

Being merchant advocates, we at Shift4 strive to inform our merchant customers about the importance of maintaining updated software, Web browsers, and recently, operating systems. This alert comes from VISA.

Windows XP Warning: The Time to Update Is NOW

In January, we warned you that Microsoft would cease support for Windows XP very soon. Well, that time has come. After April 8, 2014, Windows XP is no longer receiving security patches or end-user updates from Microsoft, thereby making the operating system highly vulnerable after a new attack vector is discovered. This impacts you in two ways: first is the loss of PCI compliance, and second is the loss of system security.

Communication Costs: We Pick Up the Tab for You

As a Shift4 merchant customer, you get the benefits of a 100% bank- and processor-neutral payment gateway with connections to every major bank and processor in North America. What are those benefits? You have the freedom to switch banks and/or processors as needed so you can negotiate for the best interchange rates and fees while keeping your transaction archives and payment data completely secure. And since we have the connections in place, you don’t have to pay communication costs.

Shift4’s 20 Years: A Look Back

A long time ago, in a galaxy, ahem, desert, far, far away…seven Founders completed the incorporation of a company that would go on to be a protector of merchants and forever change the world of payments. They named it Shift4, and this year, we’re celebrating its 20th anniversary of delivering the fastest, most secure payment processing in the galaxy.

Shift4 Live and In Person – Come Say Hello!

April is going to be a busy month for us. We’ll be attending five different industry events. And we’d love to meet you if you plan to attend any of them!

Don’t Let Old Terminals Leave You Open to Fraud

Our merchant customers know we are proud merchant advocates. In that spirit, here’s a quick loss prevention tip about switching out old terminals that will prevent the possibility of fraudulent charges and the potential exposure of your sensitive merchant account information. This is especially pertinent if you’ve recently switched to Shift4 or are upgrading or replacing your terminals.

Shift4 Celebrates 20 Years of Payments Innovation

Shift4 Corporation, provider of DOLLARS ON THE NET®, the world’s largest independent payment gateway, celebrates 20 years of payments industry innovation and merchant advocacy.

Our Secure Solutions Make a Big Splash at NRF

This year’s Retail’s BIG Show by National Retail Federation (NRF) was a huge success for us! While the loud Hawaiian shirts our team was wearing in our surf-themed booth stood out in the crowd, it was our company tagline “secure payment processing” that drew the most attention.

Internet Explorer 8 Users: Time to Update

Last month we warned our merchants using Windows XP about upcoming deadlines that will affect PCI compliance. This month, our announcement goes out to our users with Internet Explorer 8 (IE 8). As of early 2015, Shift4 will no longer support IE 8 and therefore you will not be able to access DOLLARS ON THE NET® if you’re running that browser.

Breaches: Don't Be Next

If you were comparing new POS swipe device models, and I explained that one provided zero protection from the type of breach major retailers have recently experienced, while the other provided complete protection from a card data security breach for about $50 more, which would you choose? Pretty easy choice, right? What you would be purchasing is a P2PE-enabled swipe device. And then I’d congratulate you for taking a much-needed step toward protecting your business and your customers against a devastating security breach.

Come See Us at Retail’s BIG Show!

Hey, retailers! We’ll be packing our warmest coats and heading to NYC for National Retail Federation’s (NRF) Retail’s BIG Show held January 13-14, at the Javits Convention Center. Our customer support and sales teams will be there in booth #1659 (level 3) to answer your questions about PCI compliance, how DOLLARS ON THE NET® works as an omni-channel gateway for you, and they'll be raffling off $250 VISA gift cards every 2 hours!

Windows XP Sunset Event Could Affect Your PCI Compliance

On April 8, 2014, Microsoft’s extended support for Windows XP will cease. Merchants running this operating system should start preparing now to upgrade to a supported operating system. But of course, in standard Shift4 style, we’re here to explain why and how these changes affect you so you can keep your business compliant and safe.

Introducing the MetaToken

At Shift4, we do all that we can to get cardholder data out of your merchant environment. We use P2PE on the front end to keep the data from entering your environment at the point of swipe, then return a TrueToken® on the back end so that you can keep a record of the transaction without having to worry about storing card data.  We also have solutions for tokenizing e-commerce form entries and even reservation data.

PCI Says Most Tokens Won’t Reduce Scope

We’ve spent much of the last five years warning merchants about companies that claim to offer tokenization when what they really have is nothing more than a weak encryption scheme. We call these solutions “tokenization in name only,” or TINO for short, and they annoy us to no end. But we’re happy to announce that something is finally being done about them.

A New DOLLARS ON THE NET®: We've Made the Best Even Better!

Get Ready! We’re kicking off 2014 with exciting changes to DOLLARS ON THE NET, beginning January 21st.

You already know DOLLARS ON THE NET is a powerful tool that securely interfaces with nearly every major bank and processor in North America, and provides industry-leading uptime with the ability to easily audit and report on transactions. Starting later this month when we roll out a sleek update, you’ll be able to take advantage of the numerous enhanced features – many of which were based on your valuable feedback.

Why EMV Isn't the Answer to Breach at Target

This post was written by Shift4's VP of Business Development, Bob Lowe.

By now, I’m sure most all of you have heard about the credit and debit card information breach at Target stores. If not, get caught up here and then this post will make more sense.