As a payment technology provider, you depend on your customers to make the correct decisions about the logical and physical security of their systems. But what if they don't? Unfortunately, if a breach should occur in their environment, your company and product name could incur the same amount of bad press and brand damage as your customer.

If your customer has cardholder data (CHD) - encrypted or not - on their system and it is breached (logically) or stolen (physically), they are required to report that breach to their bank, to the card associations, and under various state and federal non-public information laws, to the government. Some states even require that the merchant report the breach to individual cardholders.

If you choose to equip your product with encryption, you will still have to go through PA-DSS every year and pay to have your solution listed, every year. If your customer is using a method of encryption in the attempt to protect their data, they are responsible to manage encryption keys. If they do not manage the keys or if they manage them incorrectly, they are out of PCI compliance.

TrueTokenization is a technology solution that replaces CHD to address the vulnerability issues associated with the storage of sensitive CHD. With TrueTokenization, merchants no longer need CHD past the initial electronic payment authorization request, so there is no reason to store this potentially hazardous information. Instead, when a transaction is authorized, Shift4 replaces CHD on the POS or PMS with a 16-character, globally unique, randomized, alphanumeric representation of the data called a "TrueToken."

With True Tokenization and Shift4's front-end 4Go application and i4Go service, your system does not act as a payment application and thus does not require PA-DSS certification. Your product would then simplify your customers' PCI requirements to a point that virtually eliminates all costs involved with PCI-an amazing selling proposition. Contact Shift4 today to find out how to integrate this functionality into your product.

4Go is a PA-DSS certified and listed payment application that runs on the POS/PMS terminal and intercepts cardholder data (CHD) as soon as it is swiped-before it ever enters the POS or PMS-and replaces it with either false cardholder data (FCHD) or a token. With its hardware-monitoring functionality, it also warns if card swipes are tampered with.

i4Go is a Web-based service that accepts card data at the Shift4 data center, not at the merchant's location, and returns a TrueToken, prohibiting cardholder data to enter the merchant's system.