A Letter from Shift4 Concerning the Terrible Tragedy in Las Vegas

thumb To our Merchants, Partners, and Colleagues,

By now all of you have heard about the tragic act of evil perpetrated last night on the Las Vegas Strip at the Route 91 concert. We wanted to wait to write to all of you until we had determined the status of our Shift4 family.

Are You Still Using Early TLS? It's Time to Take Action!

image By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation

Update 05/10/2018: Beginning May 10, 2018, Shift4 Payments will be officially ending support of TLS versions 1.1 and earlier. If you are a merchant still using one of these unsupported versions,  you will not be able to use any of our gateway services. Please contact Shift4’s Customer Support team immediately at 702.597.2480, option 2, or email support@shift4.com.

How to Identify and Eliminate a New Malware Threat

thumb Visa recently published an alert warning merchants and acquirers of a new type of JavaScript-based malware that is specifically targeting merchants with e-commerce payment processing environments. As your neighborhood merchant advocate, we are passing this along to you. Here is what you need to know.

Shift4 Pioneers Hand Over Day-to-Day Operations

thumb Shift4 founders Dave and Kathy Oder have officially entered their well-deserved “semi-retirement” and have handed over the day-to-day operations of the company. J.D. Oder II has been promoted to president and CTO and Stephanie Stowers has been promoted to executive vice president and COO. Please join us in congratulating these two hard-working visionaries who will lead Shift4 to continued success. Click here for official announcement.

Executive Insight: True P2PE – What You Need To Know (Part 2)

image By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation

Riding on the fantastic news that Shift4’s True P2PE® solution is PCI validated, which means that you may be able to significantly reduce the scope and time of your PCI DSS assessments by using the Self-Assessment Questionnaire (SAQ) P2PE, I'm sure you have a ton of questions about your particular environment.

True P2PE Is Now PCI Validated!

thumb Big news! Our advanced point-to-point encryption solution, True P2PE, is now on the list of PCI-validated P2PE technologies. By encrypting cardholder data (CHD) at an approved payment terminal or device you can prevent CHD from entering your system. Now, you can continue taking advantage of same speed, security, and reliability of True P2PE with the added benefit of saving time and money by the use of the Self-Assessment Questionnaire (SAQ) P2PE “short form.” Click here for official announcement.

Introducing the New 4Word

thumb More security, added versatility – and a new look, too. Shift4’s 4Word gives merchants a way to share and control cardholder data (CHD) with a trusted third party so that payments can be processed according to the merchant’s business requirements or need, whether that third party is a Shift4 customer or not. We’ve recently completed a major update to the 4Word web app that helps merchants increase login security and the application’s usability – especially for those doing business internationally.

New Options in the UTG and DOLLARS ON THE NET

thumb We’ve added some useful new options to the UTG and DOLLARS ON THE NET. Here's what's new:

With this UTG update, merchants processing directly to American Express (AMEX) will be able to more accurately and securely verify AMEX cardholders using online PIN verification (if supported by the card) instead of relying solely on a signature.

Fraud Speak: Learn the Lingo to Beat Scammers

thumb As you are well aware, hackers and scammers pose an ongoing threat to your payment data. A single data breach can do enough damage to your company’s brand and finances to last years – if not bring an end to, or at least greatly hamper, your business operations. This is one of the reasons why we suggest layering the strongest payment security tools available. But, it also doesn’t hurt to stay up to date on the methods that are being used to steal payment data.

Avoid Suspended Batches Using New DOLLARS ON THE NET Viewing Option

thumb Did you know that fake authorization codes are the number one cause of suspended batches? No one wants to take the time to call a card issuer’s voice authorization center to get a referral code when facing a line of customers. But, when a busy clerk enters a fake code to force an authorization, it doesn’t just cause problems with that transaction in DOLLARS ON THE NET, it causes a portion of the batch – or even the entire batch of transactions – to suspend, leaving your auditor stuck with extra work or even a delay in funding.

Enhanced Support for Verifone PIN Pads in the Latest UTG Update

thumb We’ve added a few enhancements to our UTG 2290 release. If you use EMV with Verifone PIN pads, then you’ll be excited to learn we’re giving you more control over handling debit and credit cards in EMV processing (if the customer’s card allows for it).

Most Common Passwords Used in 2016

thumb Password manager and security vault company Keeper Security recently looked into 2016’s most commonly used passwords, and their research shows a shocking trend in using weak passwords across various websites. Because a weak password can lead to the very data breaches that they are meant to help prevent, it’s important to read this article about their research, originally featured in Security Week, and share it with your staff.

Fight Fraud: Authorize Every Guest’s Card at Hotel Check-In

thumb If your hotel supports EMV and accepts reservations or purchases via an app, website, or call center, please be sure to authorize each guest’s card at check-in to avoid falling prey to an increasingly popular fraud scheme.

Updated Features in Our Latest DOLLARS ON THE NET Release

We routinely update our solutions to optimize your payment processing efficiency, security, and cost savings. As such, we’ve recently added a few new features to our DOLLARS ON THE NET payment gateway.

Chargebacks: Fraud or Fiction?

thumb In a post-EMV world, some merchant services providers are making it difficult for merchants to fight chargebacks. Are their practices legitimate? This article tells you how to identify unfair chargebacks and hold your provider accountable.

IMPORTANT: You May Be Required to Update to the TLS 1.2 Protocol

thumb If you are you using an old web browser or a server-to-server setup to connect with Shift4’s DOLLARS ON THE NET payment gateway and/or our i4Go solution, you will soon be required to update to the TLS 1.2 protocol. If you do not make this update, your payment processing may be impacted.

Executive Insight: Don’t Be Misled by False Claims About EMV

thumb By Steve Sommers – Senior Vice President of Applications Development, Shift4 Corporation

The U.S. payments industry has been talking about EMV for years, but it’s still the subject of a lot of inaccuracy and misinformation. I’d like to make a few comments about something that I read recently.

52 Days Until We End Support for SSL and Early TLS

Many servers in the U.S. are still vulnerable to the Heartbleed Bug and other malicious software. It’s time to say goodbye. On March 31, Shift4 is ending support for SSL and TLS 1.1 and older.

Faster PIN Pad Reset and More

thumb As dedicated merchant advocates, we routinely update our solutions to optimize your payment processing efficiency and security. As such, we’ve recently made a few enhancements to our Universal Transaction Gateway (UTG).

VT4 Shined at the PGA Merchandise Show

We showcased our mobile point-of-sale (mPOS) solution, VT4, at the recent PGA Merchandise Show in Orlando, FL. We loved the positive feedback and reactions.

Executive Insight: True P2PE – What You Need to Know

image By Stephen Ames, CISA, CISSP – Senior Director, Security Compliance, Shift4 Corporation

Riding on the fantastic news that Shift4’s True P2PE (point-to-point encryption) solution will soon be PCI validated, I want to impart some important information you need to know, regardless of whether or not you choose to implement True P2PE.

VT4 Continues to Prove its Versatility With New Functionality

This past year, we were happy to see the VT4 family grow as golf courses, retail stores, and hotels across the country decided to make us their mobile point-of-sale (mPOS) solution of choice. They chose us because our award-winning mPOS solution lets business owners in any industry securely accept mobile payments throughout their business without the challenges and limitations they’d face with other solutions.

Set Limits for Manual Card Entry With the UTG 2287 Update

image This month’s UTG update enables you to set a minimum and maximum number of digits for manual card entry (MCE), giving you more control over the types of cards your staff members can manually enter. For example, you can allow MCE for only gift card, employee card, and/or loyalty card numbers. You can also set a maximum number of digits to catch keying errors before you attempt to process a 17-digit credit card number, saving you from additional transaction fees.

Start Spreading the News: Shift4 Is Headed to NRF

image Retail’s BIG Show in New York City is just a few weeks away. You already know that Shift4 solves your biggest payments problems, and we can’t wait to get the rest of the retail industry up to speed. If you’ll be there, stop by booth #818 to say hi to the Shift4 team and enter our raffle to win a $250 Visa gift card. Click here to get all the info you need.