News | February 25, 2008

PCI Compliance: PCI DSS Compliance Simplified For Merchants Using Shift4's 4Go Technology

Source: Shift4 Corporation

SOURCE: Shift4 Corporation

On February 19, 2008, Shift4 published a press release incorrectly titled: "PCI DSS Does Not Apply to Merchants using Shift4's 4Go Technology." While the body of the release was 100% accurate, the headline was incorrect because PCI DSS does apply to Shift4 customers. As the first company of its type to be certified under CISP, and later one of the first companies certified under PCI DSS, Shift4 is a staunch proponent of PCI DSS and apologizes for the misleading headline.

Merchants concerned about PCI DSS compliance have an option that enables them to avoid many of its arduous requirements. Shift4's 4Go SecureSuite™ product offering is designed to streamline PCI DSS compliance for merchants while ensuring ongoing security. 4Go SecureSuite from Shift4 Corporation uses Card Information Replacement Technologysm to provide an alternative approach to PCI DSS Version 1.1, which states:

"PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."

Tokenization is a process whereby a random string of numbers and characters, or token, that would be useless to anyone who stole it, is substituted for card information. Traditional tokenization and the tokenization process that Shift4 released to the public domain early 2005 is utilized during and subsequent to the authorization process.

The patent-pending 4Go SecureSuite, on the other hand, sits in front of the Point-of-Sale (POS) application and produces another form of a token which is passed to the POS. With this technology, the POS never handles real card information, only tokens, and is therefore removed from the PCI DSS scope. These tokens cannot be decrypted and thus are useless to anyone outside the system. Useable credit card information is never retained in the POS device.

"Shift4's solutions help merchants and their integrators become secure and maintain system security, thereby helping them meet the requirements of PCI DSS. These solutions lower the cost of securing an existing system, at a fraction of the cost of an upgrade or total system replacement," said J.D. Oder II, CTO for Shift4 Corporation. "By streamlining PCI DSS compliance, Shift4 4Go lets merchants and integrators spend their time and efforts focusing on product and solution innovation and improving their customers' experience," Oder added.

In addition to protecting the merchant, Shift4's approach to credit card transaction security directly benefits acquiring banks that are ultimately responsible for the fines associated with breaches resulting in card information theft. Consumers also benefit from the assurance that their personal information is protected in a secure, end-to-end encrypted third-party environment.

"As the last major independent credit card payment gateway, not owned or controlled by a processor or a bank, Shift4 is uniquely positioned to provide services designed around the needs of the merchant," said Randy Carr, Shift4 Vice President of Marketing. "In the fight to achieve and maintain compliance with the PCI DSS, merchants need every advantage available to them. Shift4's mission is to protect the merchant and its customers," Carr added.

About Shift4 Corporation
Shift4, a leading developer of secure financial transaction processing software and services, provides web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, foodservices, auto rental and e-commerce markets. Through connectivity to most major processors, DOLLARS ON THE NET® provides both high speed and low cost authorizations and settlements for credit, debit, check, private label and gift card transactions. DOLLARS ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and charge back defense. For technical information, contact J.D. Oder II, CTO, (702) 597-2480 x3452 or jd@shift4.com, or visit www.shift4.com.

SOURCE: Shift4 Corporation