Showing posts with label Payments Buzz. Show all posts
Showing posts with label Payments Buzz. Show all posts

Shift4 Doesn’t Use SSL (And You Shouldn’t, Either!)

ssl image

You may remember that back in November, we released an alert about protecting yourself from the POODLE SSL vulnerability. For those of you who are less familiar with SSL, it refers to a type of encryption that was once used to secure communications between a user’s Web browser and a website in order to protect transmitted data from eavesdropping or tampering.

3 Hot Topics at NRF 2015

NRF The Shift4 team is back from National Retail Federation’s (NRF) 104th Annual Convention and EXPO, also known as Retail’s BIG Show. Omni-channel, mobile, and EMV were three of the hottest topics for retailers at the show this year, so we’re discussing each of these issues from a payments perspective because they’ll apply to other industries, too.

The Hacker Who Tried to Steal Christmas

While you enjoy all the treasures this season holds, We hope you'll take a moment to watch as a story unfolds, About a hacker who tried to spoil Christmas day, Until merchants using Shift4 got in his way…

EMV Update

thumb The chip cards are coming! We are now just 10 months away from the October 2015 liability shift date for U.S. EMV. That’s the date the card brands set to have all U.S. merchants supporting EMV (Chip card) technology. After that date, whichever organization breaks the “EMV chain” will be held responsible for fraudulent card activity that could have been prevented had they supported EMV.

Shift4, P2PE, and PCI Validation

thumbnail Update 4/19/17: Shift4’s point-to-point encryption solution, True P2PE, is now PCI validated. We were able to build a unique solution that met the PCI SSC validation requirements without compromising our own high standards for speed, security, and reliability. Because of this, some of the information in this article (which was published in 2014) may not reflect our current stance and policies on the topic.

Shift4 Now Supports Apple Pay

thumbnail We told you last month that adding support for Apple Pay™ was going to be quick and easy, and it was. We’re happy to announce that Shift4 now supports Apple Pay contactless (NFC) payments. In fact, a few of our customers have already starting processing Apple Pay transactions.

Executive Insight: Have You Actually Been Breached?

This piece is part 2 of a series on the differences between fraud and breaches, written by J.D. Oder, Shift4’s CTO/Sr. Vice President of R&D. The first article in the series can be found here.

Re: Bob Russo: Breached! published an article last week that featured an unusually candid Bob Russo. For those who aren’t familiar with that name, Russo is the recently retired GM of the Payment Card Industry Security Standards Council (PCI SSC). As GM and cheerleader-in-chief, Russo spent most of the last decade trying to get merchants to buy into PCI’s standard and convince us all that PCI compliance was the be-all, end-all.

100 Businesses Breached in One Attack

thumbnail It seems like we’re hearing about a new major card-data breach on an almost weekly basis. It’s both incredibly frustrating and incredibly sad to see millions of people paying the price for businesses’ failures to adequately secure their data. What’s even more concerning is that it’s happening so often that we’ve heard people say, “Breaches are just part of the cost of doing business these days.”

Consumers Care About Card Data Security

For years, we’ve been warning merchants about the brand damage that can come as a result of a card data breach, and recently a series of articles and research studies have made it clear just how harmful it can be. If you’re not currently taking full advantage of our suite of security technologies, including both TrueTokenization® and point-to-point encryption (P2PE), here are a few reasons to make the change.

The Fight for Tokenization

We recently came across an article published by Digital Transactions that discussed “The Furious Battle to Control Tokenization.” The article laid out the politics and power struggles within the payments space and did a good job of explaining the current state of the industry.

EMV: Silver Bullet or Red Herring?

In the wake of the major retail breaches late last year, the card brands (and a few of the larger issuing banks) dumped huge amounts of money into PR campaigns that positioned EMV as the solution to our card-data security troubles. Now, those of you who follow our blog closely will remember that we very quickly spoke out and warned that this is not true and that EMV wouldn’t have stopped the recent breaches.

Are Constant Breaches the New Norm?

Target, Michael’s, Neiman Marcus, White Lodging, and now P.F. Chang’s. It seems like every month there is a new, major data breach making headlines. In the most recent case, P.F. Chang’s appears to have been compromised for close to nine months, and experts say more than seven million card numbers may have been stolen.

The FTC is Prosecuting Shady MSPs and ISOs

After 20 years in the industry, we’ve noticed that far too many of them seem motivated only by the dollar, and not by any real desire to help the merchants they supposedly serve. For years, we’ve warned our merchant customers about the shady business practices of some merchant services providers (MSPs) and independent sales organizations (ISOs).

New U.S. Executive Order for Russian-Issued Cards

As your merchant advocate, we want to take just a moment of your time to let you know about a recent United States Executive Order impacting all U.S. processors. It may have an impact on your business, especially if a high percentage of your clientele uses internationally-issued payment cards.

Shift4 NOT Affected by OpenSSL “Heartbleed” Vulnerability

Shift4 is aware of the “Heartbleed” vulnerability that is being reported by security bloggers and the mainstream media. None of Shift4’s technologies have been affected by the Heartbleed bug. Because we’re your merchant advocates, we have put together the following information to help you protect your personal information from other sites that may have been compromised.

Breaches: Don't Be Next

If you were comparing new POS swipe device models, and I explained that one provided zero protection from the type of breach major retailers have recently experienced, while the other provided complete protection from a card data security breach for about $50 more, which would you choose? Pretty easy choice, right? What you would be purchasing is a P2PE-enabled swipe device. And then I’d congratulate you for taking a much-needed step toward protecting your business and your customers against a devastating security breach.

PCI Says Most Tokens Won’t Reduce Scope

We’ve spent much of the last five years warning merchants about companies that claim to offer tokenization when what they really have is nothing more than a weak encryption scheme. We call these solutions “tokenization in name only,” or TINO for short, and they annoy us to no end. But we’re happy to announce that something is finally being done about them.

Why EMV Isn't the Answer to Breach at Target

This post was written by Shift4's VP of Business Development, Bob Lowe.

By now, I’m sure most all of you have heard about the credit and debit card information breach at Target stores. If not, get caught up here and then this post will make more sense.

Tokenization IS Encryption - NOT! - Part 4

This is the first addendum post of a three (now four)-part series written by Steve Sommers, Shift4’s SVP of Applications Development. The first three sections can be found here, here, and here.