CUSTOMER SUPPORTWe’re Here to Help
Gift Card Solution
Credit Card 101
The payment processing industry isn’t getting any simpler. Between emerging technologies, adaptive tactics from data thieves, ever-changing federal and state legislation, and thousands of other factors, understanding how a payment is processed all but impossible.Shift4 Payments is here to guide you through the world of payment processing and provide a sound understanding of the many players and processes involved.
Sometimes it’s hard to believe how many organizations are involved in moving and handling a single transaction — especially since the whole process happens in a matter of seconds.
Merchants are the persons or businesses who are authorized acceptors of a credit card as payment for goods and services.
Merchant Banks (aka Acquiring Banks) are the financial institutions where the merchant has their merchant account. The merchant bank pays the fees owed to other banks and the card associations for transactions processed on behalf of its clients. In return, merchant banks are funded by the fee they charge the merchant, which is known as the discount rate.
Merchant Services Providers (MSPs) are independent organizations authorized to set up your merchant account(s) and are responsible for all of your communications and relationships with card associations, processors, and merchant banks. Essentially, they act as extended sales forces for one or more merchant banks, bringing in merchant accounts to the banks that they work with.
Payment Gateways are third-party applications that facilitate electronic payments and protect cardholder data (CHD) throughout the transaction lifecycle in exchange for a fee per transaction. They route the communications between merchants and banks, processors, or other payment providers to ensure transaction information is passed securely in physical locations (e.g., retail stores) and e-commerce environments (e.g., websites).
Issuing Banks are the financial institutions that actually provide a credit card to a consumer (or business) for use. Issuing banks earn money through interest charged to the cardholders and, in some instances, through fees charged for the use of the card or access to rewards programs. Issuing banks also profit from a portion of the fees charged by the card association known as interchange fees.
Card Associations (aka Card Brands) are the organizations behind the labels, or brands, on credit or debit cards, (e.g., Visa, Mastercard, American Express, and Discover). The card associations are responsible for following federal laws and statutes regarding all aspects of credit cards and their use, such as the Truth in Lending Act.
Processors provide the connections necessary for the merchant to authorize and then settle credit card transactions. Every credit card transaction requires a front-end and a back-end processor (although they can occasionally be the same organization). Front-end processors handle the upfront authorization of a credit card transaction. Back-end processors accept settlements from front-end processors and transfer the money from the issuing bank to the merchant bank via the Federal Reserve Bank (Fed). Processors bill on a per-transaction basis, which is covered by the discount rate you pay to your merchant bank.
Every time a cardholder presents a credit card to make a payment, a whole lot of activity takes place to ensure that the merchant is ultimately funded for the transaction — all within a matter of a few seconds.
Merchants must obtain authorization for any transaction. Allowing merchandise to leave your store without first having authorization is a big risk. However, the many stages that comprise a transaction can make it difficult for clerks to know when they should allow a customer to leave with their purchase. Read on to see how authorization should take place and which responses you are likely to see from the bank.
- A cardholder provides their credit card or payment information for payment.
- The payment information is entered into a point-of-sale terminal, e-commerce kiosk, website, or other application by swiping or inserting the card with a device that reads the magnetic stripe or EMV chip on the card or by manually keying in the card number.
- The card information, dollar value of the transaction, and specific information identifying you as the merchant is packaged, formatted, and sent electronically to the merchant’s processor.
- The processor identifies which brand is backing the card based on the first six digits of the card, commonly referred to as the bank identification number (BIN), then electronically routes the authorization request to the appropriate card association.
- The card association identifies which issuing bank maintains the card and sends the authorization request to that institution.
- Depending on the cardholder’s available balance, the issuing bank approves or declines the transaction and sends the response back to the card association.
- The card association sends the response back to the processor.
- The processor routes the transaction back to the merchant’s point-of-sale (POS) or property management system (PMS).
- The clerk receives an approved, declined, or referral response.
- Approved indicates that the card has enough funds to cover the purchase, and the transaction has been authorized.
- Declined means the card balance cannot cover the purchase and an alternate payment method must be requested. NOTE: Do not attempt another authorization on that card for at least 24 hours. The customer may plead for you to do so, but requesting an authorization a second time may flag your account for suspicious activity. After a true decline is received, it will not change at the issuing bank until the next day. If the customer insists on running their card again, offer to call the issuing bank by phone (calling about an authorization will not flag your account).
- Referral will either be a “voice authorization required” or “referral” response, in which case the merchant needs to call the voice center to retrieve a verbal authorization code to enter.
At the close of business or prior to opening the following day, businesses should submit all their authorized transactions. This group of transactions is typically referred to as a batch.
Here’s an example of how a settlement is conducted:
- The merchant packages the transactions into a batch and electronically submits the batch to the processor. (Shift4’s Lighthouse Transaction Manager prepares batches automatically.)
- The processor electronically sends the batch to the merchant’s bank.
- The merchant bank issues a credit for the amount of the batch.
- The merchant bank groups the transactions by card brand and then sends the transactions to the corresponding card associations.
- The card associations send the merchant bank payment for the batch of transactions.
- The card association then identifies the issuing bank for each transaction, routes these settled transactions to the respective issuing banks, and receives payment from the issuing bank.
- The issuing bank then posts the transaction to the cardholder’s account and sends the cardholder a monthly statement reflecting the transaction and requesting payment.
- The cardholder receives their statement and sends back a payment to the issuing bank.
If you’re a merchant, you cannot accept credit card transactions until you have a merchant account. With that in mind, let’s take a look at just what’s included in this account, and what it does for you.
You can’t accept credit card transactions without it. Using another business’s merchant account to accept credit cards is called “factoring” or money laundering, which is a serious violation of Visa and Mastercard rules — not to mention a felony.
When your transactions are settled and received at the issuing bank, certain identifying information is passed along with the charge. The merchant identification (MID) information populates your business name (or a portion of it) on your customer’s credit card statement. If the information provided to the customer is not easily recognizable, they may file a dispute with their issuing bank claiming they never charged anything at this unknown business. The more complete and accurate information you provide during account setup, the less likely you are to see this kind of chargeback.
Part of the merchant account process is choosing the right account type to match the type of business you run. Make sure that your MID is classified in the correct category for your business type. Not having the appropriate classification can mean serious downgrades on all of your transactions.
Retail merchant accounts are used for businesses that provide goods and services in a face-to-face environment. This is the most common form of merchant account. If a merchant will be relying on magnetic stripe and EMV chip data and doesn’t fall into any of the other card-present categories, this is the type of account normally used.
Restaurant merchants follow all of the same rules and requirements as retail merchants. However, “tip” and “clerk” are two additional fields that are required by the card associations in order for a transaction to be eligible for the quoted discount rate for a restaurant.
Lodging merchants typically have more information to handle than any other merchant type, including things like check-in date, number of nights stayed, and incremental authorizations. In the case of resorts and large full-service hotels, it’s not uncommon for there to be multiple merchant accounts of varying types on the same property.
E-Commerce has two different types of merchant accounts: physical and digital. A physical account represents a web merchant that is shipping or providing some form of tangible product to the cardholder, whereas a digital merchant provides a service.
Mail Order/Telephone Order (MO/TO) merchant account is used when the merchant’s primary mode of sales is not conducted face-to-face with the cardholder. Due to the higher risk of fraudulent activities with card-not-present transactions, additional security checks must be handled, such as Address Verification System (AVS) and Cardholder Verification Value (CVV2).
Auto Rental merchant accounts are used solely by organizations that rent vehicles. Auto rental merchants must provide a variety of additional information specific to the auto rental agreement along with their transaction data. The majority of these transactions will be carried out face-to-face with a card swipe or EMV chip will occur.
Since there are so many organizations involved in every single transaction, there are quite a few different types of fees that need to be distributed. Here are a few you should watch for:
These are the fees that card associations charge for processing each transaction. They are paid by the merchant bank to the issuing bank, which then pays the card association. This is to cover the cost and time associated with getting funds and billing information to the merchant bank and issuing bank, respectively. There are a variety of interchange fees that are based on how the transaction is sent and the type of merchant account. They are usually comprised of a percentage of the total bill as well as a flat, per-transaction rate.
The discount rate is the fee a merchant pays to their MSP or ISO to handle the deposit of credit card funds into the merchant account, while the effective rate is the true cost of each transaction.
All processors charge a flat fee per transaction for the authorization request. This fee may be listed as its own line item on your statement or it may be included in your discount rate.
Your communication cost is what a merchant pays for the connection that moves a transaction from one point to another. This cost varies greatly depending on your chosen method of connection. A dial-up connection is still often used but can be costly, since the processor has to maintain toll-free phone circuits and modems for the calls into its network. Another option is using an internet connection. Another form of communication is a private line between the merchant and the processor. Private lines are primarily used by very large merchants that process thousands of transactions per day and, since the merchant has a separate agreement for this line, there are no communication costs in the discount rate.
The most cost-effective communication option is for merchants to take advantage of a payment gateway provider, such as Shift4, which uses its own dedicated, private-line connection to the merchant’s processor and therefore merchants can save considerable money since the gateway pays to connect to the processor.
A large portion of the costs associated with credit card acceptance is the downgrading (non-qualification) of transactions. These are the transactions that do not qualify for the best possible discount rate because they don’t meet the data content or transaction timing regulations set by the card associations. There are many reasons for a transaction to be downgraded. A few of the most common are failure to settle within two days of initial authorization, missing/invalid transaction ID or Banknet data, missing or corrupt swipe data from the magnetic stripe read of the card, or no AVS attempt on manually keyed transactions.
Accepting card brands such as American Express and Discover can be an expensive endeavor for merchants. However, with nearly 40% of all business travelers utilizing American Express as their corporate credit card and millions of cardholders carrying Discover cards, it’s viewed as a necessary expense.
Another type of charge you may see is a chargeback. On any given credit card transaction, the cardholder has up to 60 days from the time he receives the statement referencing the transaction to dispute the charge. If the cardholder files a complaint with his issuing bank that a charge was not valid, the issuing bank generates a retrieval request that is sent to the merchant, who is charged a fee that runs from $10 to $50 per retrieval request (the average is $15). With Shift4’s two-year transaction archive at your fingertips through Lighthouse Transaction Manager, you will never have to pay another retrieval request fee.
Card brands and industry organizations, like those behind the Payment Card Industry Security Standards Council (PCI SSC), are constantly modifying their security requirements as a result of persistent and ever- increasing threats from hackers and data thieves. However, simply complying with industry regulations at audit time is not enough to counter these threats. As a merchant, security must be part of your daily routine in order to protect yourself and your customers from experiencing costly fraud and breaches.
In December 2004, the card associations came together to standardize the handling of credit card security. The Payment Card Industry Data Security Standard (PCI DSS) was the result of their efforts. PCI DSS is based on six practices:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
- Implementing strong access control measures
- Regularly monitoring and testing networks
- Maintaining an information security policy
Keeping current with PCI DSS is a must. Failure to comply with their procedures and standards can result in fines, financial and operational penalties, and even the loss of your merchant account.
The PCI SSC introduced the Payment Application Data Security Standards (PA-DSS) in 2008. PA-DSS is a comprehensive set of payment application security requirements. Vendors who develop and sell payment applications to merchants must have their products PA-DSS-validated by a Payment Application Qualified Security Assessor (PA QSA). Merchants who purchase and properly implement PA-DSS-validated payment applications as part of their overall data security program can be assured that cardholder data is not retained or stored post-authorization.
It’s important to note that merchants who are using payment applications that are not PA-DSS-validated will never be compliant with PCI DSS.
In 2019, the PCI SSC introduced the PCI Software Security Framework, which introduced new standards which will take the place of the PA-DSS by 2022. The components of the PCI Security Software Framework are:
- Secure Software Standard outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data.
- Secure Software Lifecycle (SLC) Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
There are a variety of federal and state laws that govern credit cards and transactions. A collection of these laws can be found at the FTC’s credit website, www.consumer.ftc.gov. Be sure to review the Fair Credit Billing Act found on that page.
As a consumer and cardholder, you have surely heard the stories of identity theft and credit card fraud that have showered the news. As a merchant, this news takes a whole new level of importance; you need to be well-educated on the common types of fraud and how to counteract fraud in your organization.
Each year, billions of dollars are lost to credit card fraudsters and identity thieves. These crooks are sophisticated and operate in organized, multinational groups rather than as individuals. While these attacks can result in huge financial losses for the merchant, it’s often the negative publicity that does the most harm. Creating distrust between the merchant and their customers can, in some cases, put the merchant out of business.
“Trusted-employee” fraud is typically the result of disgruntled or dishonest employees issuing credits to their own credit cards (or those of their friends) through the business’s merchant account. Another tactic these thieves employ is to void transactions after a sale to put money in their pocket from the register or to provide free goods or services to friends. Even more frightening are the cases involving criminals or groups of criminals who gain employment with the sole intent of committing fraud.
“Skimming” devices are counterfeit payment devices that are placed on top of the actual swipe or EMV terminal. Unsuspecting cardholders swipe or insert their credit card, giving the thief all of the card data — without the cardholder even knowing that something fishy even happened. With skimming devices, a single thief is able to collect and maintain thousands of card numbers, then using the stolen credit card information to make fraudulent online purchases or sell the card information to other criminals.
Probably the most difficult method of fraud to detect, phishing involves criminals setting up a website and creating emails that look like legitimate emails from established companies. In most cases, these spoof shops have no intention of running a transaction; they just collect a cardholder’s information, which could include their username, password, card number, and more. They store this information and use it for their own purchases — quickly selling anything they buy so they can pocket the cash. Some of these shops share the cardholder’s information with other fraudsters.
The employees of banks, processors, and other organizations have access to thousands of card numbers. They may use this information for themselves or sell it to criminals. They may even create fake merchant accounts, cardholder accounts, or credit cards.
Cardholder fraud (aka Chargeback Fraud or Friendly Fraud) is extremely difficult to identify and prevent. It occurs when a legitimate cardholder purchases goods or services and then files a dispute claiming that they never received the goods or services for the transaction. They may even report the card as stolen immediately after making the purchase. Other cases involve friends or family of the cardholder “borrowing” the card without permission to make a purchase and then returning it to the cardholder without them knowing it left their possession.
These are software applications that provide thieves with thousands of potential card numbers. Once the thief has these numbers, they simply have to figure out which ones are active. This is done with simple software that will run a small dollar transaction with each of the cards. When an approval is received, the thief knows they have a “real” card and can use it to make large purchases on the internet.
Once a card is in the possession of thieves, they will use it as quickly as they can to make as many purchases as possible before the card is reported stolen. An altered card has physical parts of it modified. This could be anything from changing the expiration date, signature panel, or even re-encoding the magnetic stripe with another card number. Fake cards are harder to identify than counterfeit currency. Criminals can produce legitimate-looking cards and then emboss and encode the card with a stolen credit card’s information.
Once an individual’s identifying information has been compromised, a thief can use it to set up new accounts in that person’s name or they can take over an existing account of that person. Whether it is a merchant’s dumpster or the cardholder’s own curbside trash, thieves will dig through garbage bins to look for any information that may have been discarded that they can use. Credit card numbers, social security numbers, address information, and birth dates mean big money to a thief and bigger headaches for the individual whose information is stolen.
Another simple tactic employed by thieves is to covertly watch people in the checkout line or at the ATM. Driver’s licenses, ID cards, checkbooks, and credit cards are often exposed in wallets and purses as their owners make purchases. All a thief has to do is snap a quick picture with their cell phone and your information is theirs. Once this information is acquired — whether by rummaging through garbage or looking over a person’s shoulder — there is nothing to stop the thief from making purchases or setting up new accounts in the victim’s name.
When hackers find a way into a merchant’s website, POS, or PMS, the system is theirs. Hackers use viruses against their victims’ computers, which turns these infected computers into fraud machines that send out malicious software to infect more systems. Recent headline-making data breaches have shown us that these threats are increasing.
The vast majority of credit card fraud perpetrated against Americans is committed overseas. Many e-commerce merchants will not even conduct business with foreign-issued credit cards. There are criminal organizations in some countries that have ties to their local banks and therefore access to illicit information that can then be used to do fraudulent business with U.S. merchants via the internet.
Want to prevent fraud at your business? Here are a few things to watch for:
- Customers who make major purchases without asking any questions should raise a red flag. You know what your typical customer is like; if someone is buying the most expensive item in your store without asking you the kinds of questions you would normally receive about that item, you may have a problem.
- Customers who purchase a large quantity of merchandise and you feel like something is out of place or suspicious. Either a variety of items, different sizes of the same thing, or similar items with big price differences can indicate something is off with a purchase. If it looks like the customer didn’t put a lot of thought into his shopping, chances are he didn’t. Be vigilant.
- Customers who are pushy or rushing through the checkout process. They may be trying to throw the clerk off guard before slipping them a fake or stolen card. Make sure that your staff knows to take their time when going through the transaction process.
- Customers who make a purchase, leave the store, and then return shortly afterward for another, larger purchase. The first may have been a test run before the big take.
- Customers making high-dollar purchases at these unusual times. Thieves attempt to make fraudulent purchases when businesses open in the morning or just before closing, when clerks have many things to do and may be too busy to notice a suspicious transaction.
- Customers who are insistent about you not knowing where they live. Be wary of a customer who declines free delivery on a large item and scrutinize the transaction even further.
We hope this guide gave you a better understanding about our industry and can help you foster security for yourself, your business, and your customers on a daily basis. Of course, Shift4 is always here to help. If you have any questions about how Shift4 can provide a reliable solution to secure your enterprise, please don’t hesitate to contact us using the form below.
What is an authorization code?
An authorization code, also known as an auth code, is the response code direct from the issuing bank returned to the merchant at the time of authorization/sale. This code is usually a 6 or 7 digit number and is recorded either by the point of sale terminal or software, as well as printed on any receipt or sales draft. If doing a phone or voice authorization, the merchant should record the authorization code for reference. The code serves as proof of authorization.
What is a BIN?
A BIN is a bank identification number. Shift4 deals with two types of BINs — one for merchants and another for cardholders. For a merchant, this number identifies the merchant bank. It is typically a six-digit number that begins with a 4.
For cardholders, a BIN is an identification number consisting of a two-part code assigned to banks and savings associations. The first part shows the location and the second identifies the bank itself. This identifies the institution that issued the card to the cardholder, as well as the card type (e.g., debit, credit, gift card).
Which terminals and devices does Shift4 support?
Please visit our devices page for a complete list of supported payment devices.
What backup options do I have in case my internet goes down?
Shift4 Payments offers a Secure Offline Stand-In (SOS) feature for our Universal Transaction Gateway (UTG) users. SOS allows you to set a threshold (i.e., minimum and maximum dollar value) and if your connection to the Internet is lost, SOS delivers automatic authorizations for all transactions within your threshold, keeping your lines moving while customers — and front-line employees — remain totally unaware of any disruption in service. All this happens while your environment remains completely PCI compliant.
Contracts and Installations
I’ve signed my contract, what do I do next?
After the contract has been signed, the implementation process begins. Here’s a general outline of the process:
Project Planning – Shift4 will contact you to review your contract and verify all pertinent information. We will also define what work needs to be done and further educate you about the implementation process.
Account Setup Forms – Shift4 will work with you and your MSP to create your Shift4 account and verify information with processors to ensure proper funding.
Installation and Training – This part of implementation is when we integrate your POS/PMS with our solution. Appointment durations will vary depending on work to be done. After installation, you will have Lighthouse Transaction Manager training so that you can get started.
24/7 Customer Support – Once implementation and training is complete, our Customer Support team is there to provide operational support for Lighthouse Transaction Manager.
What address should I use when filling out Shift4 account setup paperwork?
Typically, you should use the physical address where the business is located. If you have multiple locations that will be processing payments, please contact your Account Setup Coordinator for guidance.
Do I need a separate merchant ID (MID) for each revenue center?
Yes. Shift4 does not allow the same bank-issued MID to be used for multiple locations. This best practice helps you more effectively track revenue sources and helps in defending your business against chargebacks.
How long does it take to set up a new account?
Once a contract is signed, a typical implementation can be completed in as little as one week. Actual time will depend on the customer’s involvement and POS or PMS availability.
What is required for installation of the UTG?
Please review the New Customer Account Implementation Guide for technical requirements. Usually, a UTG installation doesn’t take very long, but it does need to be done by a Shift4-certified installer or certified partner. If you would like to learn more about the UTG, please visit our UTG webpage.
What are the system requirements to run Shift4’s security features and software?
Please review the New Customer Account Implementation Guide for technical requirements.
Does Shift4 support gift cards?
Yes. In addition to processing numerous third-party gift cards, Shift4 offers a full-featured gift card solution. This program gives merchants the flexibility of designing their own gift card program to meets the needs of their business. For more information on Shift4’s gift card solution, click here.
How do I implement Shift4’s gift card solution?
To add Shift4’s gift card solution or third-party gift card processing to your account, please contact Shift4’s Account Maintenance team at 702.597.2480 (option 4).
How do I give my customers the ability to look up their gift card balances from my website?
Shift4’s gift card solution features a SiteBuilder tool that allows you to create your own custom gift card website to specifications set by you or by the users you designate, including the ability to look up card balances. Simply pick your template, upload your company logo, select a profile image, and pick your colors. You can preview your site before you publish, and just one click will make your site live.
Does Shift4 provide specialized reporting for gift card transactions?
Yes. Shift4’s gift card solution offers a wide range of reporting tools. If you are using a third-party gift card provider, your options may be limited by the provider.
What URL should I print on my gift cards?
We recommend that you create a gift card marketing page on your website to promote your gift cards. On this page, you can include a link to the balance inquiry or purchase page that we will host for you. Once you have completed the setup and configuration of your SiteBuilder page, you will also be assigned a URL that is associated with your SiteBuilder page.
Does Shift4 supply the gift cards?
No. Shift4 can generate e-certificates for you. However, for physical gift cards, below is a reference list of card production company contacts. It is provided for your reference only. In no way does Shift4 Payments recommend or endorse any of the card manufacturers listed.
Bristol ID Technologies
Plastic Graphic Company
Printing Concepts, Inc.
Vanguard ID Systems
Western Business Systems
What is an e-certificate?
An e-certificate is a virtual gift card that Shift4 Payments supports through their gift card solution.
Can I transfer my existing gift card program to Shift4?
Yes. With your assistance, we can convert existing gift cards to Shift4’s gift card solution. We will need a file with all of the card numbers and balances, which can be obtained from your current gift card provider.
Can I use an existing gift card program along with Shift4’s solution?
Yes. In many cases, your existing card numbers and balances can be imported so you can carry on with your existing stock until it runs out.
Will my gift cards work in all my locations?
As a general rule, your gift cards will work at all locations that have a Shift4 account set up (provided that the POS or PMS in use at that location supports gift card functionality). However, it is best to contact us to verify your account(s) are configured properly to support this.
How do I whitelist IP addresses to receive tokenized reservations?
Both reservation services IP addresses and merchant IP addresses must be submitted to Shift4 in advance of installation to prevent delays. Each IP address must indicate whether it is inbound to Shift4 or outbound from Shift4.
Send Shift4 Payments the following information for every source or destination:
- Reservation Company Name
- Reservation Company Contact Name
- Reservation Company Contact Phone Number
- Reservation Company Website URL
- Reservation Company IP Addresses
- Merchant Company Name
- Merchant Contact Name
- Merchant Contact Phone Number
- Merchant Website URL
- Merchant Company IP Addresses
Does Shift4 Payments support my new POS or PMS?
Visit shift4.com/integrations to view a list of the software applications we are integrated with. If you do not see your system listed, please contact our Account Maintenance team at firstname.lastname@example.org, as we may be able to with — or maybe in the processing already — with your POS or PMS provider.
Can I add an additional POS or PMS to my existing account?
Yes. Please contact our Account Maintenance team at email@example.com to explore this option. You may need to add an additional revenue center to support this addition.
How do I add a new revenue center?
Please contact our Account Maintenance team at firstname.lastname@example.org to start this process. You will need to provide Shift4 Payments with a completed profit center form that can be found here.
How do I change contacts for existing accounts?
In order for us to make contact changes, a financial officer listed on the account will need to send an email to email@example.com indicating the reason for the update. If the financial officer is not listed on the account, the request can be made via fax or can be scanned and emailed to firstname.lastname@example.org. The request must include the reason for the update and be accompanied by photo ID and business card.
Regardless of which option is chosen, the request to modify contacts on the account needs to be specific, as we will only make the changes expressly requested. For example, please include first and last name, title, contact phone number, and email address (if applicable) for any individuals that need to be added or removed.
How do I assume ownership of an existing Shift4 account?
In most cases, when a business is sold, the new owner will be required to execute a new contract with Shift4. We will coordinate with you to gather all necessary details before referring you to our Sales team to prepare the contract agreement and to our Account Setup team for installation and training on our product (if desired).
I need to reinstall Shift4’s UTG software on my computer. What do I do?
Contact the Shift4 Account Maintenance team at email@example.com or call 888.857.9751 (option 4) to schedule a reinstallation.
Can I still process transactions if my POS or PMS goes down?
Yes. We have an Online Entry feature that allows you to manually charge a credit card even when the PMS/POS is down. In order to use Online Entry you simply need an internet connection and a login to your Shift4 account.
What are the risks of auto-settling?
Successful auditing is vital, which is why we typically discourage our customers from relying heavily on auto-settle. Manual pre-settlement auditing allows you to manually correct any issues before submitting the batch, helping you avoid unnecessary delays in funding and downgrade costs. Please contact firstname.lastname@example.org for more information.
Lighthouse Transaction Manager
What is a batch?
A group of approved credit card transactions, usually accumulated during a single business day. This is also referred to as a settlement.
How do I close a batch?
It is good auditing practice to close your batches daily to avoid delayed funding of your transactions or higher processing costs. Our daily batching procedures can be found on the Auditing Checklist within Lighthouse Transaction Manager. Additional information on the auditing and batching process can be found in the Help menu. If you need further assistance, please contact the Shift4 Customer Support team at 702.597.2480 (option 2).
How long will it take to receive my money from my credit card payments?
All payments are transferred within 1-2 business days from the day the terminal is batched.
I have not received funding for my batch. What should I do?
Many things outside of Shift4’s control can impact funding. To trace the source of your issue, first verify in the archives that the batch was submitted successfully and then refer to your merchant bank to verify that they show receipt of your batch. If your merchant bank does not have a record of the batch, contact our Customer Support team for further assistance by calling 702.597.2480 (option 2).
How many transactions can be submitted in a batch?
Your processor decides the number of transactions you can send in an individual batch. However, since we send out your batches to your processor, we will split the batch for you when needed.
What do I do if the end-of-day totals in my POS or PMS do not match the totals shown?
The best thing to do is to compare the end-of-day report from your POS or PMS to Lighthouse Transaction Manager’s daily batch totals. We suggest breaking up this audit by card type to more easily determine where the problem is. If discrepancies appear in multiple card types, you should perform a line-by-line audit. If you are still having trouble finding the discrepancy, please contact our Customer Support team by calling 702.597.2480 (option 2).
What do I do if I have a suspended batch?
Batches suspend for a number of reasons, including corrupt or missing card numbers or incorrect authorization data in the settlement file. Unfortunately, settlement batches are an all-or-nothing proposition. It only takes bad data in one transaction to cause a batch to suspend. As soon as you see a suspended batch, please contact the Shift4 Customer Support team email@example.com or call 702.597.2480 (option 2) so we can assist you in resolving this issue to ensure timely funding.
What causes a batch to show as “pending”?
A “pending” batch usually happens when your processor is unavailable at the time the batch is sent for settlement. Sometimes this is due to a settlement outage or because the settlement is attempted during the processor’s daily maintenance window. Generally, our team monitors such batches and resubmits them when the processor becomes available. If your batch remains in the “pending” status for more than 24 hours after submittal, please call the Shift4 Customer Support team at 702.597.2480 (option 2).
How do I find a transaction?
Lighthouse Transaction Manager has a simple search function for you to find a transaction. You can filter your search by card type, sale date, sale status, or by the last four digits of the card used for the transaction. After logging into your account, you can search either your current or archived transactions by simply selecting those menus and clicking “Search.” If you can’t find a transaction after performing a search, please contact the Shift4 Customer Support team.
How do I edit a transaction?
Editing is only allowed before the transaction has been settled. Before settlement, you can perform offline, online, clone, or void edits. Review the “Editing Transactions” document available in our Help menu for more information. If you still need help after reviewing the document, contact our Customer Support team at 702.597.2480 (option 2).
How do I void a transaction?
Voiding a transaction means you will not obtain funding. Once you are certain this is the most appropriate action, please review the “Editing Transactions” document available in our Help menu for information on voiding transactions. If you still need help after reviewing the document, contact our Customer Support team at 702.597.2480 (option 2). Shift4 Payments automatically removes all voided transactions from the archives after six months.
Why would a transaction need to be deleted or voided?
There is more than one reason why an invoice may need to be voided. It could be due to a mischarge, a problem transaction that cannot be corrected, or a problem transaction that has been corrected but the bad transaction is still showing. Shift4 Payments automatically removes all voided transactions from the archives after six months. Contact our Customer Support team at 702.597.2480 (option 2) if you have any additional questions.
Can I edit a transaction after it has been settled?
Unfortunately, once a transaction has been closed in a batch, you are unable to make any further changes to it. If needed, you can charge the card again for additional funds or post a credit to the card using the clone function. This new charge or credit will be included in an additional batch. Contact our Customer Support team if you have any additional questions at 702.597.2480 (option 2).
How do I clone a transaction?
Review the “Editing Transactions” document available in our Help menu for more information. If you still need help after reviewing the document, contact Customer Support at 702.597.2480 (option 2).
How can I release an authorization on a customer’s card?
Unfortunately, we are unable to release authorizations that have been processed. The authorization comes to Shift4 from the processor after they have verified with the customer’s issuing bank that they have enough credit available to cover the charge. The issuing bank is the only organization able to remove any authorizations from the card. Your best bet is to call the 800-number listed on the back of your client’s card and ask them for assistance.
What does a red circle with an exclamation point to a transaction mean?
Transactions with this type of symbol on the left-hand side are “problem transactions” and cannot be submitted with the batch until corrected. Please see our Help menu for more information on correcting these transactions.
How should I handle an insufficient authorization?
A problem transaction showing “insufficient authorization” means you do not have enough authorization to cover the total amount of the transaction. You must decide whether you intend to settle the transaction for the full amount or less. If you intend to settle for the full amount, you will need to obtain an additional authorization. This can be done through the Online Edit tool. If you intend to settle for a lesser amount, you can adjust the transaction using the Offline Edit tool. For more information on editing transactions, see the Help menu.
How should I handle an invalid authorization?
A problem transaction showing “invalid authorization” means the authorization code indicated for the transaction does not meet the standard criteria. This most often occurs when a clerk enters a false authorization code rather than actually calling for a voice referral. In all cases, an invalid authorization prevents the transaction from being settled.
If you intend to settle the transaction, you will need to obtain a legitimate authorization code using the clone tool, or by manually keying the transaction using Online Entry. The original transaction will then need to be voided. For more information on cloning transactions, see the Help menu.
What is a declined transaction?
This indicates that the issuer does not approve the transaction. Please do not continue with the transaction or attempt to run it again. Instead, request an alternative method of payment.
How should I handle a decline?
We cannot force a decline to process. The only way to resolve this issue is to request another form of payment from the cardholder. In order to close your batch, you can either hide the transaction or delete/void the transaction.
What do I do when a transaction shows as an authorization only instead of a sale?
Provided you do not intend to change the amount of a transaction, you can change it into a sale through the Offline Edit tool by unchecking the “Auth Only” box and clicking “Submit.” However, this problem could be the result of your POS or PMS system not completing its end-of-day settlement process correctly. It is best to verify this has taken place successfully before editing a transaction, otherwise, duplication can occur. If you are unsure what to do, please contact the Shift4 Customer Support team at 702.597.2480 (option 2).
What is the minimum and maximum dollar value for a transaction?
Some processors cannot accept charges or credits for less than $1.00 or more than $99,999.99. If you need to process a transaction above this threshold, please contact our Customer Support team at 702.597.2480 (option 2) to discuss your options.
How do I give a credit after I have settled the transaction?
In order to create a credit transaction, you will need the appropriate permissions from your Account Administrator. A credit transaction can be created by manually keying the information via Online Entry or by cloning the original transaction and changing the amount to a credit. For assistance with this, please contact our Customer Support team at 702.597.2480 (option 2) or refer to the Lighthouse Transaction Manager Help menu.
How do I fix an “Error 9842 – Not in Card Range or Invalid Card”?
If the card number was entered manually, first check the number on the card and re-enter it just to be sure there’s not a typo. This error can also occur if the card type is not supported in your merchant account or if the card number is invalid. If the card number is one of the card types you accept, there are several things you can do. If the card was swiped, try re-swiping the card once. If this error re-occurs and also occurs when you try other cards, you may have a faulty swipe device. If the error re-occurs but does not occur with other cards, there is likely something wrong with the card. Try entering the card number manually or collecting a different form of payment.
Account Password / Access
What do I do if I forget my password?
Account Administrators can reset standard user account passwords. Further instructions for resetting user passwords can be found in the “Managing User Accounts” document found in the Help menu.
If the password for the Account Administrator is lost or forgotten, the Shift4 Customer Support team can help. Please click here for more information on accessing your account or resetting your password.
Does Shift4’s Customer Support team have access to my account?
For security purposes, our agents do not have access to log into your account; however, we are able to talk you through transaction research and auditing steps.
Shift4 representatives will never ask you for your login information. If you receive a message from anyone claiming to be from Shift4 Payments requesting this information, please send a report to firstname.lastname@example.org.
How do I modify user permissions?
Information on modifying user permissions can be found in the Help menu. Select the Help tab, click Account Management, then select the “Managing User Accounts” document. Or, click here to watch a tutorial video.
What do I do if a user does not have access to see one or more revenue centers (MIDs)?
Account Administrators can configure user permissions to view specific revenue centers. These permissions can be modified within the User Maintenance menu of the Administrator account. For further information, please see the Account Administrator Guide in the Help menu.
What do I do if I forget my account number?
Your account number is listed on the top of your Shift4 invoice. If you don’t have access to your invoice, please contact our Customer Support team at 702.597.2480 (option 2) for further assistance.
How do I refer another merchant?
Fill out the Merchant Referral Form from your welcome kit and fax it to the number on the form. This form can also be mailed or emailed.
How do I increase my high ticket limit?
To obtain the required form, you can contact Customer Support at 702.597.2480 (option 2) or email@example.com. This form must be submitted with your current financial information.
What is a fraudulent transaction?
This is when the cardholder claims that they were not in possession of the card at the time of sale and that they did not authorize or participate in the transaction. The merchant must supply proof that the transaction occurred, was authorized, and that the cardholder had knowledge of the sale, etc. (Refer to “Merchant Action Necessary” portion of Chargeback documentation).
How do I change my bank account information with Shift4 Payments?
In order to change your bank account information, a Bank Change form must be filled out and submitted along with a copy of the voided check to our account maintenance team. Contact Customer Service to obtain the required documentation.
How do I change my business address, phone number or business name on my account?
For change in business information, a letter specifying the changes can be emailed to us at firstname.lastname@example.org. This letter must also state that the federal tax ID will not be changing. For address or phone change, the same procedures apply. If legal name or federal tax ID will change, additional paperwork is required. Contact Customer Service to obtain the required documentation.
How can I obtain Visa/Mastercard/Discover/American Express signage for my business?
You can obtain various signage at no cost by visiting DiscoverSignage.com.
How do I sign up to accept American Express?
Contact Customer Support at 702.597.2480 (option 2) to set up these payment options.
What is a chargeback?
A challenge to a transaction initiated by the issuer or cardholder that is returned to the acquirer for resolution.
What is a retrieval request?
A request by the issuer to the acquirer for a copy of the original sales ticket.
What is a reversal?
When an acquirer successfully represents a chargeback to the issuer, the chargeback is reversed and the funds are returned to the merchant.
When will I be notified of a chargeback and when are funds removed from my checking account?
The Chargeback Processing Center will mail a chargeback notification when the debit is transmitted to your bank. It can take 2-3 business days for this debit to reach your bank account. Typically, you will receive notification at the same time your checking account is debited if not using an Online IMS Service. To ensure you receive the most time possible to respond to your case, ensure that your mailing address is up to date on your account.
Why is there a reserve on my account?
If the Chargeback Processing Center encounters difficulty at ANY point when deducting the chargeback amount from the merchant’s DDA, etc., it is the processor’s obligation to remedy any amount not collected. In most cases, a reserve is set up for security purposes to protect the Merchant Processor from any loss due to chargebacks. The reserve is held in case of default by a merchant.
What is arbitration?
Arbitration occurs when a disputed transaction cannot be settled through the chargeback process. The deciding body is the relevant card association. The merchant covers the cost for all fees, penalties and the transaction value where the case is not successfully defended.
What is an inadequate descriptor fee?
This is charged when the retrieval request or chargeback is responded to with inadequate information, descriptors don’t match what the merchant submits with the retrieval request. This is completely in the hands of the issuing bank.
Does anyone cover bounced check fees because this chargeback was taken from my bank account?
Per your Merchant Account Agreement and the Terms & Conditions, the merchant agrees to keep sufficient funds in their bank to cover any chargebacks.
Can a credit card processor protect me from a chargeback?
It is extremely limited as to what a processor can do to protect a merchant from chargebacks. Shift4 Payments offers a chargeback support team which can explain chargeback case documents and help the merchant respond to the case. However, the cardholder does hold certain liberties in questioning and disputing transactions made to their credit card account per the card association.
Please contact email@example.com for additional information.
I was told that an authorization guaranteed payment. Is this the case?
An authorization will only verify that a credit card account is active and that there are funds available. However, there are many different reason codes as to why a cardholder or their issuing bank initiates a chargeback.
How do I receive my monthly invoices?
In order to view and access your monthly invoices, you must have your email address registered as an authorized billing contact with the Shift4 Accounting team.
Once your email address is registered with Accounting, you must create a user profile on the MyPortal section of the Shift4 website. To create your user profile, please follow these instructions:
- Go to shift4.com then on the top right-hand side of the webpage under Client Center click on “MyPortal Login.”
- Click “New User” and then “Click Here to Register.”
- Please fill out the contact information and then click “Register.”
You will receive an email with a temporary password and an Internet link that you must click on in order to change your password. Once you change your password you are ready to log in and view your invoices.
Your invoice is available in both PDF and CSV formats. There are 13 months’ worth of archived invoices available to you.
(Please note: Your MyPortal login is specific to the billing contact email addresses on file with Accounting.)
If you have any questions regarding which billing contact email addresses are on file or how to make changes to these email addresses (including adding and removing email addresses), please email our Accounting team at firstname.lastname@example.org or call 702.597.2480 (option 5).
How do I know when my invoice is ready?
On or around the 10th of every month your authorized billing contact(s) will receive an emailed billing notification that their invoice is ready to be viewed online via MyPortal. At that time you will be able to log into MyPortal via the Shift4 website to access your invoices.
Do I need to send payment for my invoice if I have a payment method on file?
You can always pay your invoice via check as long as Shift4 receives it by the due date of the invoice. If payment is not received by the due date of the invoice, Shift4 will deduct the balance owed per the Fallback Payment Agreement (FPA) on file.
When are my invoices due?
The payment terms for your account can be found in your contract and are also included on the monthly billing notifications that are emailed to the billing contact(s) on your account.
How do I update the payment method for my account?
Please contact our Accounting team by email at email@example.com or by calling 702.597.2480 (option 5) and the necessary form will be sent to you.
Sometimes it feels like the payments industry speaks its own language. While not comprehensive, this list of common terms and acronyms should help you understand what you read and hear on our website and elsewhere.
– A –
See merchant bank.
A security feature that requires merchants to supply address information for the cardholder in card-not-present transactions, such as those made on a website. The merchant’s system verifies that the address entered matches the one the issuing bank has on file and then confirms whether the information is valid or not.
A set of rules and protocols that tells separate software programs how to communicate with one another.
The initial request a merchant makes for a customer’s issuing bank to release funds for payment.
– B –
A financial institution that handles merchant accounts and issues lines of credit. Also see merchant bank or issuing bank.
For cardholders, a BIN is an identification number consisting of a two-part code assigned to banks and savings associations. The BIN makes up the first 6-8 digits of a card number, with the first part showing the location and the second identifying the bank itself. This identifies the institution that issued the card to the cardholder, as well as the card type (e.g., debit, credit, gift card).
One hundredth of one percent. A merchant’s discount rate will usually be quoted in this format, as a percentage or a fraction. Also see discount rate.
A group of authorized transactions, typically used by the merchant in the settlement process at the close of business each day. Also see settlement.
The card associations or organizations behind the labels on a credit card. Visa, Mastercard, American Express, and Discover are often referred to as “the brands” within the payments industry. Also see card association.
An exploitation of security measures to access and compromise a merchant’s cardholder data environment.
– C –
Credit-card-granting organizations, including Visa, MasterCard, American Express, and Discover, that make the rules regarding credit card acceptance in conjunction with the government.
The authorized user of a credit card who has established a line of credit (e.g., a typical customer), and is financially responsible for transactions completed using the card.
Sensitive information belonging to the authorized user of a credit/debit card, including an individual’s name, address, payment card number, PIN, and verification codes.
A three- or four-digit number that is printed on a card to verify its authenticity. The “2” refers to the printed code on the card. (CVV1 is encoded on the magnetic stripe of the card.)
When a customer does not receive his goods or services or says he didn’t place an order or make a purchase, he can ask his issuing bank to charge back the purchase to the merchant within a 60-day timeframe. The issuing bank will notify the merchant when this happens, after which the merchant will need to validate and defend the purchase by providing such information as the amount, an invoice or folio, customer signature, or shipping documents. Also see retrieval request.
Also known as friendly fraud, occurs when a consumer makes a purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services.
A specific set of authentication, encryption, message authentication code (MAC), and key exchange algorithms that is used to negotiate the security settings for a network connection using a network protocol such as TLS or SSL.
Merchants that accept credit card transactions must meet or exceed regulations set by the local government, federal government, the card associations, and the Payment Card Industry Security Standards Council (PCI SSC). Also see Payment Card Industry Security Standards Council (PCI SSC).
A payment card that authorizes the person named on it to charge goods or services to his account. Credit card issuing banks earn money through interest charged to the cardholders and, in some instances, through fees charged for the use of the card or access to rewards programs. Credit card issuing banks also profit from a portion of the fees charged by the card association known as interchange fees. Also see issuing bank or issuer.
– D –
Debit cards let buyers pay for goods and services with funds from their checking account and are an important part of any merchant’s business. Debit cards give consumers more flexibility in their payment options and can be used in two ways: online debit and offline debit.
- Online Debit – Sometimes referred to as PIN debit, online debit is processed on the ATM network of the cardholder’s bank. The card is swiped or inserted at the point of sale and the consumer is asked to enter their Personal Identification Number (PIN). As a merchant, you must be specifically set up to accept these types of transactions through your merchant account and you must have special hardware to accept the PIN entry from the customer.
- Offline Debit – Sometimes referred to as signature debit, offline debit is processed in a manner similar to a credit card transaction. If the debit card carries a card brand, such as Visa or Mastercard, the card may be processed by simply swiping it through a credit card terminal that supports that card’s brand. The transaction is processed over the merchant’s credit card network and the customer provides their signature as approval of the transaction.
The electronic system used for debit card transactions to make purchases, get cash from ATMs, and pay bills online. The debit network’s logo, such as STAR, NYCE, or MAESTRO, is usually printed on the card.
This is the fee paid to a merchant bank to handle the deposit of credit card funds into a merchant account. It is usually quoted as a percentage to hundredths (or the basis point) on the monthly bill. For a more in-depth explanation of the discount rate and other fees, read our Credit Card 101 tutorial. Also see basis point.
– E –
This is the true amount charged by the merchant bank when processing each transaction. It is often more than the quoted discount rate because it is the calculated, bundled rate including the discount rate, assessments, and other per-item transaction fees. For an in-depth explanation of why monthly fees are likely more than was originally quoted, read our Credit Card 101 tutorial.
EMV is a smart chip technology that offers an additional step for authentication beyond the traditional magnetic stripe card payment for card-present transactions (commonly called chip-and-PIN or smart cards). EMV verifies the cardholder’s identity with the use of a PIN or signature. However, EMV cards still pose a security risk and will not protect merchants or their customers with the level of security offered by the use of point-to-point encryption (P2PE), nor will EMV protect purchases made through websites. Also see NFC, point-to-point encryption (P2PE), and tokenization.
Information has been encoded when it has been put into a cipher or encryption, requiring a specific key in order to be used. Also see encryption and key.
Encryption is a process of encoding or scrambling data so that it can be read only by authorized people or programs with a decryption key.
– F –
12 Fed banks comprise the central banking system for the United States and are a large part of the Federal Reserve System, which implements the policies set forth by the Federal Open Market Committee. Each Fed bank is also responsible for the regulation of the commercial banks within its own particular district. As most large businesses and issuing banks have accounts in the Fed banks, much of the money that changes hands during the settlement process moves only from one Fed account to another.
An integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
Any illicit method used to access or use another person’s cardholder data. There are quite a few different types of payment fraud, including card-present, card-not-present, trusted-employee fraud, chargeback fraud, and more. For detailed explanations of each of these types of fraud and more, check out the Fraud section of Credit Card 101.
– G –
A payment processing solution that facilitates the transportation of data between the merchant and the processor and also offers additional protection of cardholder data during the payment transaction process.
A stored-value payment card for a specific merchant that is usually preloaded with a set monetary value.
The time frame set by the issuing bank during which a cardholder is allowed to pay their credit card bill without any interest or late fees assessed.
– H –
Occurs when a consumer has applied for or is seeking some form of credit or loan (e.g., a credit card application).
A hold is placed on a portion of the customer’s credit limit or debit balance if the final transaction balance is unavailable or unknown, such as during a hotel stay. For example, at a hotel, after calculating how many drinks the customer took from the mini bar or room service charges, the merchant can finalize the transaction for the total amount.
– I –
A combination of two or more individual software components to create something larger. Shift4’s secure payment gateway enables a variety of technological integrations for a comprehensive solution featuring the most advanced fraud controls and auditing tools, as well as true bank and processor neutrality.
The exchange of transaction data — in this case credit card payments — between a merchant bank and the issuing bank.
The fee charged by Visa and Mastercard to complete a transaction and deposit money into a merchant’s account. The fee is based on credit card regulations and the capture of appropriate data, including card swipe, address, and electronic signature, as needed.
Note: American Express and Discover do not participate in the interchange process. Instead, American Express and Discover each act as their own issuing bank, merchant bank, and card associations, handling all aspects of the card transaction and not sharing any of their fees. Merchants must have a separate agreement with American Express and/or Discover in order to process transactions using their cards.
A bank or other financial institution that issues credit cards. Issuers charge cardholders interest and associated fees as they apply to the use of the various branded cards. Issuing banks hold the majority of the power in the credit card industry because they set the rates and terms of credit issued and repaid.
– J –
An instance in which two or more people share credit. For example, the credit of two individuals may be required to make a big purchase, such as a house.
– K –
The generic term for a password or table needed to decipher encoded or encrypted data. It’s usually used in the data storage and encryption process that takes place during credit card authorization.
Service provider who has been certified to securely inject encryption keys onto payment terminal devices in order to protect cardholder data.
– L –
Usually imposed on a borrower when he does not make the minimum payment on a credit card by the payment deadline.
The Lighthouse Business Management System offers numerous management features and customer engagement tools, including reporting, employee scheduling, POS and menu management, online reputation management, customer loyalty, social media management, and a POS marketplace full of the latest integrations to third-party solutions. Lighthouse helps boost your bottom line. Available on any computer or mobile device, it gives you complete control over your business.
Shift4’s web-based transaction auditing, accounting, and reporting portal, featuring advanced fraud controls, pre-settlement auditing tools, enterprise-wide reporting, virtual terminal, in-depth tutorials, a complete gift card solution, and more. Manage you transactions from any computer — any time.
Used by many credit card issuers to maintain and generate new customers, loyalty programs offer incentives for the use of a specific card.
A simple mathematical formula used to validate the number on a credit card. It may also be called the LUHN formula or LUHN modulus 10.
– M –
A type of card, sometimes called a mag stripe, capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card.
The MATCH List provides a list of all merchants and individuals that have had accounts terminated with cause. MATCH is an acronym for Member Alert to Control High Risk. It is also known as the terminated merchant file (TMF).
Merchants are authorized to accept a credit card as payment for goods and services.
A specific line of credit that enables merchants to accept credit card transactions for goods and services, enabling the bank to pay for authorized credit requests prior to receiving funds from the issuing bank. There are a few different types of merchant accounts, described below.
Card-Present Merchant Accounts:
- Retail – The most common form of merchant account, retail merchant accounts are used for businesses that provide goods and services in a face-to-face environment. If a merchant will be relying on magnetic stripe data and does not qualify for any of the other card-present categories, then this is the type of account normally used.
- Restaurant – Restaurant merchants follow all of the same rules and requirements as retail merchants. However, “tip” and “clerk” are two additional fields that are required by the card associations in order for a transaction to be eligible for the quoted discount rate for a restaurant.
- Hospitality – Hospitality merchants have more information to handle than any other merchant type. Things like check-in date, number of nights stayed, incremental authorizations, etc., make it difficult (but not impossible) for hospitality merchants to qualify for their quoted discount rate. In the case of resorts and large, full-service hotels, it’s not uncommon for there to be multiple merchant accounts of varying types on the same property.
- Auto Rental – Auto rental merchant accounts are used solely by organizations that rent vehicles. Auto rental merchants must provide a variety of additional information specific to the auto rental agreement along with their transaction data. The majority of these transactions will be carried out face-to-face and a card swipe will occur.
Card-Not-Present Merchant Accounts:
- Mail Order/Telephone Order (MO/TO) – MO/TO is used when the merchant’s primary mode of sales is not conducted face-to-face with the cardholder. There is a higher risk of fraudulent activities, and, as a result, MO/TO accounts carry higher discount rates than the previously mentioned account types. Additional security checks must be handled as well, such as Address Verification System (AVS) and Cardholder Verification Value (CVV2).
- e-Commerce – e-Commerce merchant accounts carry the highest quoted discount rates. There are two different types of e-commerce accounts: physical and digital. A physical account represents a Web merchant that is shipping or providing some form of tangible product to the cardholder, whereas a digital merchant provides a service.
A bank where merchants hold one or more of their accounts. The bank provides merchants with the money from a transaction before the actual funds have been processed via interchange from the various cardholders’ issuing banks. The charge for this service is the discount rate, but the merchant bank also shares in the interchange fee charged by the card associations.
An identification number that, to the merchant bank, represents a single merchant’s profit center or revenue center for the purpose of processing and tracking credit card transactions. For instance, a hotel may have multiple MIDs for its operation, such as a front desk, retail shop, or restaurant. Each of these should have its own merchant bank MID, as doing otherwise would result in higher processing fees and assessments. To Shift4, a MID is a specific profit or revenue center that may exist in a one-to-one relationship with a merchant bank’s MID or may, when combined with a unique merchant Terminal ID (TID), “break out” revenue into “logical pools” of transactions based on the revenue source of those transactions, such as retail vs e-commerce in merchant categories that allow such comingling.
This organization handles the setup of the front-end and back-end processors and the paperwork required in order for a merchant account to be able to receive transaction funds. A merchant services provider can work directly for a merchant bank, but is usually an independent sales organization with ties to many merchant banks. In some rare cases, merchant services providers and independent sales organizations are agents for American Express and/or Discover who can enable the acceptance of those cards.
A MetaToken is a token that remains constant for a cardholder’s primary account number (PAN) and shares a similar composition to a TrueToken. MetaTokens allow merchants who don’t want PAN data in their system to still maintain a one-to-one relationship with the PAN for marketing and loyalty analysis. MetaTokens allow merchants to track, trend, and analyze card usage for the life of the cardholder’s PAN. A single MetaToken can reference one or more TrueTokens and may be continually (automatically) updated to include new and subsequent transactions such as credit returns, card-on-file, bill-backs, membership, subscriptions, etc.
A virtual wallet that stores payment card information on a mobile device. Mobile wallets are a convenient way for a user to make in-store NFC payments and can be used at merchants listed with the mobile wallet service provider. Leading providers include Apple Pay, Google Pay, and Samsung Pay.
– N –
A set of close-range wireless technologies that enable a connection for processing a payment.
– O –
A multi-channel approach to sales and payment processing, enabling consumers to experience a brand wherever they are, mostly with reference to online channels. With Shift4, merchants can add an e-commerce outlet to their business without increasing their breach profile. Shift4 offers industry-leading security features, supporting mobile, contactless (NFC), and EMV (Chip and PIN) payments for merchants of all sizes — whether you’re a small boutique retailer or have hundreds of stores with online sales. Also known as omni-commerce.
When a cardholder’s account that has exceeded its credit limit.
– P –
The global security standard created by the Payment Card Industry Security Standards Council (PCI SSC) that is meant to provide the definitive data handling standard for software providers that develop payment applications. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data, including magnetic stripe, cardholder verification value (CVV2), or PIN. Also see Payment Card Industry Security Standards Council (PCI SSC).
PCI requires any system that stores, processes, or transmits cardholder data to be subject to annual reviews to verify compliance with the PCI Data Security Standard (PCI DSS).
Created in 2004 by the four major credit card companies (American Express, Discover, Mastercard, and Visa) and maintained by the PCI Security Standards Council (PCI SSC), the PCI DSS is a widely accepted set of policies and procedures intended to optimize the security of credit, cash, and debit card transactions and to protect cardholders against the misuse of their personal information.
An open global forum established in 2006 by five founding global payment brands (American Express, Discover, JCB International, Mastercard, and Visa), the PCI SSC is responsible for the development, management, education, and awareness of the PCI Security Standards, which are intended to help organizations ensure the safe handling of cardholder information. In the payments industry, the PCI SSC is commonly referred to simply as PCI. Also see Payment Application Data Security Standards (PA-DSS) and Payment Card Industry Data Security Standards (PCI DSS).
A company that is qualified by the Payment Card Industry Security Standards Council (PCI SSC) to assess another organization’s compliance to the Payment Application Data Security Standards (PA-DSS).
A personal identification number commonly used to verify a transaction being made with a debit card. EMV cards may also require entering a PIN to verify card-present purchases, a process known as chip and PIN.
An application through which a payment transaction is processed in exchange for goods or services. The term “point of sale” may refer to the actual mechanism or application that processes transactions, or it may also be used in reference to the point-of-sale system that manages all point-of-sale mechanisms or applications for a retailer.
A security solution that immediately encrypts cardholder data at the swipe device so sensitive data is never actually processed or stored in your point-of-sale system. As soon as a credit card is swiped, the information is intercepted, encrypted, and sent to Shift4 for processing. This tool, when used along with Shift4’s tokenization technology, has the ability to drastically reduce your entire enterprise’s PCI scope. Shift4’s Lighthouse Transaction Manager includes P2PE at no additional cost.
A company (often a third party) that handles credit card transactions for merchant banks and is usually paid per transaction. They are usually broken down into two types: front-end and back-end. In the simplest sense, front-end processors tell merchants if the card is authorized and back-end processors settle the charge and move the money. These processors have connections to various card associations and they supply authorization and settlement services to merchant accounts. Back-end processors accept settlements from front-end processors and, via the Federal Reserve Bank (Fed), move the money from the issuing bank to the merchant bank. In some cases, the merchant bank gets the settlement information from front-end processors and in other cases, from the back-end processors.
A computerized business management system that streamlines operations by simplifying processes through the use of a single software solution for coordinating tasks and activities such as accounting, budgeting, reservations, scheduling, forecasting, maintenance, and more.
– Q –
Lenders use ratios to gauge a credit applicant’s ability to meet the requested debt responsibilities.
– R –
A prepaid card on which a customer is able to load additional credits multiple times.
REST or RESTful API design (Representational State Transfer) is designed to take advantage of existing protocols. While REST can be used over nearly any protocol, it usually takes advantage of HTTP when used for Web APIs. This means that developers do not need to install libraries or additional software in order to take advantage of a REST API design. It is considered to be more developer-friendly than other APIs because it uses a familiar syntax and set of protocols.
A request sent by the issuing bank for a merchant to verify that a transaction has taken place. A customer has a 60-day window during which they may dispute a given charge. Merchants are charged by their merchant services provider (MSP) for each retrieval request. If the merchant does not respond in a timely basis, they can be charged an additional timeliness fee or lose the transaction completely. Also see chargeback.
– S –
The process merchants must complete — typically at the end of the day — in order to be paid for their transactions. The merchant sends all of the transactions authorized that day back to the front-end processor, who forwards them to the back-end processor (or occasionally directly to the merchant bank). Transaction records are then forwarded to the Federal Reserve Bank (Fed), where funds are moved from the issuing bank to your merchant bank. By this point the merchant bank has typically already deposited the money into your merchant account, making this payment a “repayment” to them fronting you the money.
Note: The product or service must be delivered or performed before settlement can take place. In the case of mail order/telephone order, this specifically means the goods must be shipped before the settlement process is performed.
Electronic capture of the cardholder’s signature is a powerful tool for chargeback defense. If you have your customer sign over a digital device at the point of sale, their signature is captured to allow a program such as Lighthouse Transaction Manager to faithfully store and reproduce it in chargeback defenses, if need be.
– T –
An identification number that, to the merchant bank or card association, represents a particular point-of-sale register or terminal/device collecting payment information. It is often important that the device collecting payment information has its own TID, or another such equivalent value so that the card associations can, for fraud mitigation purposes, track the origin of a particular transaction.
See MATCH List.
A unique ID to reference the actual data associated with a card number or specific transaction.
A payments industry term, first coined by Shift4, describing the concept of using a non-decryptable piece of data to represent, by reference, sensitive or secret data. Tokenization replaces cardholder data with false cardholder data in the merchant’s environment to remove the vulnerability issues associated with the long-term storage of sensitive cardholder data. Shift4 invented tokenization and introduced it to the payments industry in 2005.
Shift4’s tokenization capability that allows merchants to securely grant another Shift4 merchant the use of their TrueTokens, further ensuring cardholder data is not reintroduced to the merchant’s payment environment when processing transactions that involve another merchant, location, or merchant ID. For example, a retailer can securely grant a tailor using Shift4 the ability to process an authorized transaction for a customer who is requesting alterations. Similarly, a merchant can process a return for a purchase made at a different location of a chain using the TrueToken instead of cardholder data, keeping the transaction out of PCI scope.
Think token storage, not a place to buy tokens. This program allows merchants using Shift4 to register payment cards prior to authorization in exchange for TrueTokens. Merchants can set the retention period (up to 24 months) and decide whether to configure individual cards (in the form of a TrueToken) for single-transaction or multiple-transaction usage.
Unlike many other companies, Shift4 only considers authorizations and settlements to be transactions, so we only charge transaction fees for those two items.
The set of rules for how computers and other electronic devices should connect to the Internet and how data should be sent between them. Essentially, this is how a Web browser can communicate to a Web server and how a merchant’s email program sends and receives mail over the Internet. While these are two distinct network systems, the transport layer and network layer respectively, they are so often used together that TCP\IP is the standard terminology.
Shift4’s proprietary, unique ID to reference the actual data associated with a card number or specific transaction. The composition of a TrueToken is a 16-character value comprised of the last four digits of the primary account number (PAN) followed by a random 12-character alphanumeric code. A TrueToken can be registered in Shift4’s secure data centers and then has the ability to be regenerated for up to 24 additional months ongoing for the same payment card.
– U –
Shift4’s virtual private network (VPN) software, which protects the transport of sensitive financial data from interfaced systems to Shift4’s secure data centers. Offered as an easy-to-install application for any existing PCI-compliant computer, within an organization’s trusted network segment, the UTG facilitates a seamless and highly-secure transaction connection to Shift4’s data centers. This ensures that our merchant customers can process fast and secure payments. It is a PA-DSS-validated application that encrypts and securely transmits data from your point of sale, product management system, or e-commerce shopping cart directly to Shift4.
The process during which the identity of an authorized credit card user is validated.
– V –
A type of network that provides a secure and reliable connection over the internet for processing payments, such as Shift4’s UTG. The VPN works to deny unauthorized users’ access and encrypts data to prevent unauthorized users from reading the information.
A merchant that displays the Visa symbol and accepts Visa cards.
A cancellation of a transaction that has been recorded for settlement, but has not yet been settled.