Las Vegas (February 25, 2008) On February 19, 2008, Shift4 published a press release incorrectly titled: “PCI DSS Does Not Apply to Merchants using Shift4’s Technology.” While the body of the release was 100% accurate, the headline was incorrect because PCI DSS does apply to Shift4 customers. As the first company of its type to be certified under CISP, and later one of the first companies certified under PCI DSS, Shift4 is a staunch proponent of PCI DSS and apologizes for the misleading headline.
Merchants concerned about PCI DSS compliance have an option that enables them to avoid many of its arduous requirements. Shift4’s SecureSuite® product offering is designed to streamline PCI DSS compliance for merchants while ensuring ongoing security. SecureSuite from Shift4 Corporation uses Card Information Replacement Technologysm to provide an alternative approach to PCI DSS Version 1.1, which states:
“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply.”
Tokenization is a process whereby a random string of numbers and characters, or token, that would be useless to anyone who stole it, is substituted for card information. Traditional tokenization and the tokenization process that Shift4 released to the public domain early 2005 is utilized during and subsequent to the authorization process.
The patent-pending SecureSuite, on the other hand, sits in front of the Point-of-Sale (POS) application and produces another form of a token which is passed to the POS. With this technology, the POS never handles real card information, only tokens, and is therefore removed from the PCI DSS scope. These tokens cannot be decrypted and thus are useless to anyone outside the system. Useable credit card information is never retained in the POS device.
“Shift4’s solutions help merchants and their integrators become secure and maintain system security, thereby helping them meet the requirements of PCI DSS. These solutions lower the cost of securing an existing system, at a fraction of the cost of an upgrade or total system replacement,” said J.D. Oder II, CTO for Shift4 Corporation. “By streamlining PCI DSS compliance, Shift4 lets merchants and integrators spend their time and efforts focusing on product and solution innovation and improving their customers’ experience,” Oder added.
In addition to protecting the merchant, Shift4’s approach to credit card transaction security directly benefits acquiring banks that are ultimately responsible for the fines associated with breaches resulting in card information theft. Consumers also benefit from the assurance that their personal information is protected in a secure, end-to-end encrypted third-party environment.
“As the last major independent credit card payment gateway, not owned or controlled by a processor or a bank, Shift4 is uniquely positioned to provide services designed around the needs of the merchant,” said Randy Carr. “In the fight to achieve and maintain compliance with the PCI DSS, merchants need every advantage available to them. Shift4?s mission is to protect the merchant and its customers,” Carr added.