PCI DSS Compliance Simplified for Merchants Using Shift4’s Technology
(CORRECTION: PCI DSS Does Apply to Merchants Using Shift4’s Technology)

Shift4’s removes applications from PCI DSS scope, using card information replacement technology to benefit merchants, customers and banks

Las Vegas (February 25, 2008) – On February 19, 2008, Shift4 published a press release incorrectly titled: “PCI DSS Does Not Apply to Merchants using Shift4’s Technology.” While the body of the release was 100% accurate, the headline was incorrect because PCI DSS does apply to Shift4 customers. As the first company of its type to be certified under CISP, and later one of the first companies certified under PCI DSS, Shift4 is a staunch proponent of PCI DSS and apologizes for the misleading headline.

Merchants concerned about PCI DSS compliance have an option that enables them to avoid many of its arduous requirements. Shift4’s SecureSuite™ product offering is designed to streamline PCI DSS compliance for merchants while ensuring ongoing security. SecureSuite from Shift4 Corporation uses Card Information Replacement Technologysm to provide an alternative approach to PCI DSS Version 1.1, which states:

“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply.”

Tokenization is a process whereby a random string of numbers and characters, or token, that would be useless to anyone who stole it, is substituted for card information. Traditional tokenization and the tokenization process that Shift4 released to the public domain early 2005 is utilized during and subsequent to the authorization process.

The patent-pending SecureSuite, on the other hand, sits in front of the Point-of-Sale (POS) application and produces another form of a token which is passed to the POS. With this technology, the POS never handles real card information, only tokens, and is therefore removed from the PCI DSS scope. These tokens cannot be decrypted and thus are useless to anyone outside the system. Useable credit card information is never retained in the POS device.

“Shift4’s solutions help merchants and their integrators become secure and maintain system security, thereby helping them meet the requirements of PCI DSS. These solutions lower the cost of securing an existing system, at a fraction of the cost of an upgrade or total system replacement,” said J.D. Oder II, CTO for Shift4 Corporation. “By streamlining PCI DSS compliance, Shift4 lets merchants and integrators spend their time and efforts focusing on product and solution innovation and improving their customers’ experience,” Oder added.

In addition to protecting the merchant, Shift4’s approach to credit card transaction security directly benefits acquiring banks that are ultimately responsible for the fines associated with breaches resulting in card information theft. Consumers also benefit from the assurance that their personal information is protected in a secure, end-to-end encrypted third-party environment.

“As the last major independent credit card payment gateway, not owned or controlled by a processor or a bank, Shift4 is uniquely positioned to provide services designed around the needs of the merchant,” said Randy Carr. “In the fight to achieve and maintain compliance with the PCI DSS, merchants need every advantage available to them. Shift4’s mission is to protect the merchant and its customers,” Carr added.

About Shift4 Corporation

Shift4, a leading developer of secure financial transaction processing software and services, provides web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, foodservices, auto rental and e-commerce markets. Through connectivity to most major processors, DOLLARS ON THE NET^® provides both high speed and low cost authorizations and settlements for credit, debit, check, private label and gift card transactions. DOLLARS ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and charge back defense. For technical information, contact J.D. Oder II, CTO, (702) 597-2480 x3452 or jd@shift4.com, or visit www.shift4.com.

Media Contacts

Randy Carr
Vice President of Marketing
Shift4 Corporation
702-597-2480 ext. 3433
randy@shift4.com

Bill Graulty
Account Supervisor
Mintz & Hoke
860-679-9761
shift4@mintz-hoke.com

About Shift4 Corporation
Shift4, a leading developer of secure payment processing software and services utilizing the Software as a Service (SaaS) model, provides real-time enterprise payment solutions for leaders in the hospitality, retail, food services, auto rental, mail/telephone order, and eCommerce markets. Leveraging connectivity to every major processor, DOLLARS ON THE NET provides both high-speed and low-cost authorizations and settlements for credit, debit, check, private label, and gift card transactions. DOLLARS ON THE NET® also features the ability to access, review, report, and edit transactions prior to settlement combined with a searchable 24-month archive of transactions for retrieval and chargeback defense. Shift4 is an innovator in payment security, being the first to deliver a tokenization solution for long-term card data protection as well as 4Go® and i4Go® to protect payment data in transit and legacy applications.

Top