Shift4 Releases PABP Validated Versions of MICROS 3700 & 8700 Systems

Share Article

Gateway provider designed solution to reduce security vulnerabilities within legacy payment applications and make them compliant with Payment Applications Best Practices (PABP) without requiring merchants to make a significant resource investment.

Breaches of credit card data seem to be an almost daily occurrence, affecting well over 40 million cardholders last year alone. While merchants have been subject to the card association’s security regulations for nearly 5 years, they are now falling victim to a new trend: the use of the application as the route to unauthorized disclosure of credit card information. To combat this issue, Shift4 has released secure versions of the MICROS 3700 and 8700 point-of-sale payment drivers, which bring these systems in line with the latest card associations security requirements.

According to Fortrex Technologies, Inc., a fast growing Visa Qualified Data Security Company (QDSC) and Qualified Payment Application Security Company (QPASC), the majority of its national clientele have significant vulnerabilities in their applications. In order to address these vulnerabilities, Visa USA developed a set of guidelines to be used in the development of payment applications (shopping carts, point-of-sale systems, property management systems, etc.). The guidelines, the Payment Application Best Practices (PABP), consist of 13 requirements that assist in securing the application against disclosing credit card information to unauthorized individuals.

The problem is, while payment applications may cause the majority of the issues, they are not something that the merchant generally has direct control over. It is a problem that Shift4 found many of its existing customers were facing with their legacy MICROS systems. Therefore, Shift4 took it upon itself to design and create a secure version of both the MICROS 3700 and 8700 payment drivers.

In creating secure versions of these applications, Shift4 utilized a combination of its Tokenization technology, which replaces the credit card number with a randomly generated unique ID, and data truncation (see figure 1). Tokenization eliminates the need to store credit card data anywhere in the system, enabling the systems to comply with the PABP requirements while still allowing for full reporting, incremental authorizations, credits and so forth.

“Tokenization not only assisted with our validation process, but it enabled us to create a system that is even more secure than Visa outlined,” stated Steve Sommers, Vice President, Applications Development, Shift4. “There can be no assurances that payment applications are invulnerable to unauthorized access or ‘hacking,’ even if they are PABP compliant, but without stored card numbers on the system, Tokenization eliminates the risk by rendering compromised data useless. If the system is ever breached, a Token represents nothing in the hands of a criminal.”

Shift4 had its MICROS 3700 and 8700 solutions independently audited by Fortrex Technologies, which validated both systems’ compliance with the PABP guidelines. The audit covers the 3.1 version of MICROS 3700 and all 2.11 through 2.8 versions of 8700.

“In our experience, this is a unique situation – a gateway taking it upon themselves to release a secure version of a third party’s point-of-sale system,” stated Mr. Chris Konrad, Senior Vice President of Client Services at Fortrex Technologies. “I think it shows an amazing dedication to the security of their merchants, even beyond the piece of the process that Shift4 has traditionally handled, and a real commitment to the security of the industry as a whole.”

Shift4’s PABP validated 3700 and 8700 solutions support the complete feature suite of the MICROS system, while also offering integrated gift card, PIN debit, signature capture, customer initiated tip and dynamic currency conversion capabilities. In short, merchants not only get a more secure system, but one that comes with powerful additional functionality as well.

“Our goal was to help our customers who have a heavy investment in legacy applications. These customers are highly concerned about security. Unfortunately, the cost of replacing all of their systems was prohibitive,” stated J. David Oder, President & CEO, Shift4. “With Shift4’s new validated MICROS driver, merchants can update a 100 location chain for what it would cost them to purchase just a handful of new systems. Plus, no new hardware, except perhaps a network card, is required and there is no need to retrain staff or recreate menus or back-end reports.”

The audit has been completed for both the 3700 and 8700 drivers and the report of the successful validation has been filed with Visa and is currently pending Visa's approval and inclusion on the List of Validated Payment Applications on

About Shift4 Corporation

Shift4, a leading developer of secure financial transaction processing software and services, provides web-based, real-time enterprise payment solutions for leaders in the hospitality, retail, foodservices, auto rental and e-commerce markets. Through connectivity to most major processors, $$$ ON THE NET provides both high speed and low cost authorizations and settlements for credit, debit, check, private label and gift card transactions. $$$ ON THE NET also includes the ability to access, review and edit transactions prior to settlement, as well as a searchable, 24-month archive of transactions for reporting and charge back defense. For more information contact Shift4 at (702) 597-2480 or visit Shift4 online at

About Fortrex Technologies, Inc.

Fortrex Technologies, Inc. is an information security firm located in Frederick, Maryland, and thirty miles northwest of Washington, D.C. John M. Edison originally founded Fortrex in 1997 and since has served

over 450 customers nationwide. Fortrex provides consulting services that enable their clients to showcase their compliancy to applicable regulations and standards to auditors, clients, partners, and investors. Fortrex personnel are experts with regulations and standards, such as but not limited to ITIL, PCI-DSS, PABP, ISO 17799:2005, FFIEC Handbook, SOX (COBIT) and HIPAA.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Rebecca Kalogeris