Las Vegas, NV, March 23, 2006 – Breaches of credit card data seem to be an almost daily occurrence, affecting well over 40 million cardholders last year alone. While merchants have been subject to the card association’s security regulations for nearly 5 years, they are now falling victim to a new trend: the use of the application as the route to unauthorized disclosure of credit card information. To combat this issue, Shift4 has released secure versions of the MICROS 3700 and 8700 point-of-sale payment drivers, which bring these systems in line with the latest card associations security requirements.
According to Fortrex Technologies, Inc., a fast growing Visa Qualified Data Security Company (QDSC) and Qualified Payment Application Security Company (QPASC), the majority of its national clientele have significant vulnerabilities in their applications. In order to address these vulnerabilities, Visa USA developed a set of guidelines to be used in the development of payment applications (shopping carts, point-of-sale systems, property management systems, etc.). The guidelines, the Payment Application Best Practices (PABP), consist of 13 requirements that assist in securing the application against disclosing credit card information to unauthorized individuals.
The problem is, while payment applications may cause the majority of the issues, they are not something that the merchant generally has direct control over. It is a problem that Shift4 found many of its existing customers were facing with their legacy MICROS systems. Therefore, Shift4 took it upon itself to design and create a secure version of both the MICROS 3700 and 8700 payment drivers.
In creating secure versions of these applications, Shift4 utilized a combination of its Tokenization technology, which replaces the credit card number with a randomly generated unique ID, and data truncation (see figure 1 below). Tokenization eliminates the need to store credit card data anywhere in the system, enabling the systems to comply with the PABP requirements while still allowing for full reporting, incremental authorizations, credits and so forth.
Shift4 had its MICROS 3700 and 8700 solutions independently audited by Fortrex Technologies, which validated both systems’ compliance with the PABP guidelines. The audit covers the 3.1 version of MICROS 3700 and all 2.11 though 2.8 versions of 8700.
“In our experience, this is a unique situation – a gateway taking it upon themselves to release a secure version of a third party’s point-of-sale system,” stated Mr. Chris Konrad, Senior Vice President of Client Services at Fortrex Technologies. “I think it shows an amazing dedication to the security of their merchants, even beyond the piece of the process that Shift4 has traditionally handled, and a real commitment to the security of the industry as a whole.”
Shift4’s PABP validated 3700 and 8700 solutions support the complete feature suite of the MICROS system, while also offering integrated gift card, PIN debit, signature capture, customer initiated tip and dynamic currency conversion capabilities. In short, merchants not only get a more secure system, but one that comes with powerful additional functionality as well.
“Our goal was to help our customers who have a heavy investment in legacy applications. These customers are highly concerned about security. Unfortunately, the cost of replacing all of their systems was prohibitive,” stated J. David Oder, President CEO, Shift4. “With Shift4’s new validated MICROS driver, merchants can update a 100 location chain for what it would cost them to purchase just a handful of new systems. Plus, no new hardware, except perhaps a network card, is required and there is no need to retrain staff or recreate menus or back-end reports.”
The audit has been completed for both the 3700 and 8700 drivers and the report of the successful validation has been filed with Visa and is currently pending Visa’s approval and inclusion on the List of Validated Payment Applications on www.visa.com.
About Shift4 Corporation
Shift4, a leading developer of secure financial transaction processing software and services, provides web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, foodservices, auto rental and e-commerce markets. Through connectivity to most major processors, DOLLARS ON THE NET provides both high speed and low cost authorizations and settlements for credit, debit, check, private label and gift card transactions. DOLLARS ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and charge back defense. For more information contact Shift4 at (702) 597-2480 or visit Shift4 online at www.shift4.com.
About Fortrex Technologies, Inc.
Fortrex Technologies, Inc. is an information security firm located in Frederick, Maryland, and thirty miles northwest of Washington, D.C.. John M. Edison originally founded Fortrex in 1997 and since has served over 450 customers nationwide. Fortrex provides consulting services that enable their clients to showcase their compliancy to applicable regulations and standards to auditors, clients, partners, and investors. Fortrex personnel are experts with regulations and standards, such as but not limited to ITIL, PCI-DSS, PABP, ISO 17799:2005, FFIEC Handbook, SOX (COBIT) and HIPAA.