Payment Industry Adopts Card Information Replacement Technology

  • Shift4 Corporation
  • 09.21.09
Shift4 Corporation, a leading developer of enterprise payment solutions, reports strong increase in merchant demand for Card Information Replacement TechnologySM (CIRT).

Shift4's DOLLARS ON THE NET™ payment gateway is fully integrated with CIRT to deliver fast, reliable and secure electronic transactions for merchants of all sizes while greatly simplifying PCI compliance.

"Shift4 is pleased and encouraged to see others in the payments industry introducing new technologies that may hold the promise of protecting cardholder data (CHD) throughout the entire transaction lifecycle. The market is showing strong demand for technologies that remove sensitive cardholder data from the merchant's payment system and replace it with something that merely represents the real numbers. At this critical point in the vetting of these new technologies, it is essential that merchants seek out and understand the differences between true tokenization and other offerings, which may be called tokenization but are in fact, encryption. Shift4 has been providing true tokenization to our merchants since 2005," said Dave Oder, president and CEO, Shift4 Corporation.

Card Information Replacement Technologies from Shift4 include: 4Go SafeSwipe™, i4Go™ and tokenization. These offerings safeguard the merchant payment environment by removing and replacing sensitive CHD from the payment process before it enters the point-of-sale (POS) system, property management system (PMS), or in the world of the Internet, the merchant's site or hosting provider's environment. CIRT simplifies the process of securing sensitive information by preventing it from being stored, processed or transmitted in the merchant environment, which greatly reduces the cost and complexity of Payment Card Industry (PCI) compliance. Essentially, merchants utilizing CIRT are much more likely to be able to achieve and maintain a state of PCI compliance while concurrently removing all cardholder data from their payment environment.

"As the industry continues to acknowledge and adopt technologies that address real security issues, it is important to understand the differences between true tokenization and offerings that are tokenization in name only. There are a lot of adaptations that use the name only but are, in fact, various encryption key handlers, hashing schemes, and at-once transaction schemes. Many of the new end-to-end encryption schemes limit merchants' choices regarding which bank or processor they will be able to work with. By working with Shift4, merchants retain the power of choice and can work with any bank or processor they see as most beneficial to their business," said Steve Sommers, senior vice president, applications development, Shift4 Corporation.

Tokenization was defined for the first time in the payment industry in 2005 at a Security Conference in Las Vegas, Nev. Shift4's tokenization replaces a card number with a randomly generated unique alphanumeric value that represents the card information for a particular transaction and merchant, used mostly, but not exclusively, for post authorization data retention. Some tokenization in name only adaptations, which use keys or partial keys, a key being compromised would have to be reported as a breach. Since, by definition, Shift4 tokens are not CHD and there are no keys associated with the true token, they have no value if stolen and do not need to be protected under PCI rules.

The power of the true tokenization is the token provider's system. The system must be robust and feature rich to provide the merchant with all the capability they would have if they had retained the card number, including reporting, retrieval and chargeback defense. Shift4's token is not a key, a partial key, a hash or any one-to-one relationship with a card number and can be stored up to 24 months or as long as the merchant's retention period dictates. This way, the token can be used in any checkin/checkout scenario like hotel and auto-rental, a book and ship scenario of mail-order/telephone-order (MOTO) and e-commerce, or other scenarios such as card-on-file and recurring billing scenarios.

Shift4®, a leading developer of secure financial transaction processing software and services, provides Web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, food services, auto rental and e-commerce markets. Through connectivity to most major processors, DOLLARS ON THE NET provides both high-speed and low-cost authorizations and settlements for credit, debit, check, private label and gift card transactions. DOLLARS ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and chargeback defense.

Related Articles
want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.