Showing posts with label Executive Insight. Show all posts
Showing posts with label Executive Insight. Show all posts

Tokenization IS Encryption - NOT! - Part 4

This is the first addendum post of a three (now four)-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first three sections can be found here, here, and here.

PCI's Not-So-Open Global Forum

This post was written by Shift's Director of Information Security, Stephen Ames, CISA, CISSP.

I just wrapped up onsite PA-DSS validations with my PA-QSA this month and a question came up about PA-DSS Requirement 4.2.7, which aligns with DSS Requirement 10.2, which is all about user access. Just so we’re all on the same page, you need to know that none of Shift4’s PA-DSS applications have a user database; hence, all of PA-DSS Requirements 3 and 4 are not in scope for us. That’s the way it has been since Visa’s PABP days and beginning with Version 1 of the PA-DSS.

Credit Unions Push to Increase Breach Liability for Merchants

This post was written by Steve Sommers, Shift4's SVP of Applications Development. His insights and expertise are shared regularly on his personal blog, http://paymenttidbits.blogspot.com.

Executive Insight: Take Advantage of Fraud Sentry!

The most effective security system in the world can’t protect you if you don’t turn it on. That’s the first thought that struck me after I heard a report of one of our merchant customers falling victim to “trusted-employee” fraud last month.

Executive Insight: Election 2012

The following letter was distributed by Shift4 Founders Dave and Kathy Oder to all members of the Shift4 staff. We are posting it here as an encouragement for all of our partners, merchant customers, and friends in the United States to exercise their right to vote in the pivotal upcoming election.

PCI Provides No Benefit to Merchants

This post was written by Steve Sommers, Shift4's SVP of Applications Development. His insights and expertise are shared regularly on his personal blog, http://paymenttidbits.blogspot.com.

Executive Insight: Birdies4Shriners

If you’ve been on www.shift4.com recently or seen any of our press releases or social media sites, you are probably aware of our Birdies4Shriners campaign. It’s a fundraiser we have put together to support our friends at Shriners Hospitals for Children. We are likely all familiar with this organization and the wonderful work they do for children. Many of us personally know someone who has benefitted from their generosity and expertise.

Executive Insight: All or Nothing Tokenization

Are you the all-or-nothing type? Are you the type that can’t even get started if you know going in that 100% success is an impossibility? Many people take this view with tokenization, but let me tell you why that’s a dangerous position to support.

Executive Insight: Who is PCI Really Protecting?

By now, most in our industry have heard of the restaurateurs in Park City, Utah who are suing their merchant bank and, consequently, might end up taking on the whole PCI. For those unfamiliar with the story, Wired has a good article, which you can find here.

Executive Insight: US EMV - A Necessary Evil?

A New Payment Process
Those who have traveled to Europe in the past few years or to Canada within the last year or so, know there is a new payment process that uses a microchip on the card to communicate the payment capabilities of the card to the point of sale, and then uses a PIN (personal identification number) to authenticate the cardholder as the owner of the card.

Tokenization IS Encryption - NOT! - Part 3

This is the final post of a three-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first two sections can be found here, and here.

Tokenization IS Encryption - NOT! - Part 2

This is the second of a three-part series written by Steve Sommers, Shift4's SVP of Applications Development. The first section can be found here. The final installment will be published later in the week.

Tokenization IS Encryption - NOT!

This is the first of a three-part series written by Steve Sommers, Shift4's SVP of Applications Development. Additional sections will be published later in the week.

Tokenization, the Newest Horse - err, Camel - in the Stable

As the old saying goes, “a camel is a horse designed by a committee.” This saying perfectly describes the recently published PCI DSS Tokenization Guidelines from the PCI SSC. While the original intent of the document was a noble one, the final version fell way short.

Executive Insight: Trace is the Light!

From time to time, if you are experiencing an issue, we may ask you to “send us trace” or we may even talk you through “turning on verbose trace” and ask you to send it to us the next day.

Executive Insight: Resilience + Redundancy = Reliability

Companies that processes payment transactions talk about ”five nines” or 99.999% reliability – but none truly deliver it. In reality, a really good processing company delivers around 99.8%. That seems pretty good, too. But is it? It means in a given year, they average less than two hours a month of service disruption.

Executive Insight: QSAs - Conflict of Interest?

In last month’s article, we discussed that your Merchant Services Provider (MSP) is responsible for informing and assisting you with your payment processing security. Because MSPs often don’t have the expertise in payment security, many will refer you to a Qualified Security Assessor (QSA), causing you to have to pay for the expertise that should already be included in the fees you pay your MSP for card processing.

Executive Insight: Credit Card Security

As a merchant advocate, Shift4 strives to make you aware of your obligation to protect the cardholder information in your possession (card swipes, primary account numbers and associated expiration dates, etc.). This information can be of a physical nature or of an electronic nature within your Point-of-Sale (POS) or back-office accounting systems.