Execu/Tech Systems, Inc.
Knowledgebase
Search:
850-747-0581 Email Website
Contents
 
:
IndexBookmarkPrint This Article

Home > Credit Card Processing > Shift4 Credit Card Processing > Shift4 Data Flow



 

Execu/Tech Systems, Inc. software DOES NOT STORE CREDIT CARD NUMBERS.

We only store a token that's returned by Shift4. This is not a credit card number and does not contain the credit card number. Execu/Tech Systems, Inc. does not have access to the credit card numbers of your guests and can't provide them to you.
If you need to see a credit card number, you must contact Shift4 for assistance.

 

https://www.shift4.com/pdf/Shift4-TrueTokenization.pdf

 

It's important to understand the flow of data between Execu/Tech Systems software and Shift4. This understanding can help you determine if you are PCI compliant and can allow you to provide accurate information during a PCI audit.

If the proper procedures are used, there will never be any sensitive cardholder seen by or stored in Execu/Tech Systems software. To ensure that this is always true, you should never enter credit card data into comment, reference or note fields. 

  i4Go Credit Card Data Flow

 

It is highly recommended that you use EMV PIN Pads or encrypted card readers to enter cardholder data.

  1. Cardholder data is captured either by a card reader or manual entry and posted via HTTPS to Shift4's i4Go service.

  2. The Shift4 i4Go service returns to us a token consisting of a randomly generated alphanumeric string. The token is saved by Execu/Tech Systems software.
    • This token is all the Execu/Tech Systems software will see. This quote from Shift4 explains the benefit of this tokenization process:
      "The actual CHD is sent to one of Shift4's PCI-compliant data centers for storage while the TrueToken, and only the TrueToken, is used to process the transaction. Since the TrueToken only references the real data associated with the specific transaction, it can safely be stored and used for later authorization, settlement, and recurring charges."

  3. Execu/Tech Systems software submits the payment transaction to Shift4's UTG application, residing on the property's network, using this token.

  4. Shift4's UTG application will submit this transaction to Shift4's secure servers.

  5. Shift4's secure servers will submit this transaction to the back end processor.

  6. The back end processor will return the result of this transaction to Shift4's secure servers.

  7. Shift4's secure servers will return the result of this transaction to Shift4's UTG application.

  8. Shift4's UTG will return the result of this transaction and Execu/Tech Systems software will deal with it accordingly, whether it be a success, card declined, needs voice authorization, etc. The credit card number is not contained in this response from Shift4, only a token representing the card. Execu/Tech Systems, Inc. does not store credit card numbers.



 EMV PIN Pad Credit Card Data Flow

 

This information comes from the Shift4 UTG Installation and Configuration Guide

  1. The point-of-sale (POS) or property management system (PMS) initiates a non-debit transaction with the UTG.

  2. The authorization transaction is encrypted by the UTG using DUKPT w/ MTE.

  3. The authorization transaction is sent using Shift4 secure payment network.

  4. The authorization request is stored in the Lighthouse Transaction Manager database.

  5. The transaction is sent to the bank card processor for authorization. 

  6. The authorization response is sent from the processor to Lighthouse Transaction Manager.

  7. The authorization response is saved in the Lighthouse Transaction Manager database.

  8. The authorization response is encrypted by Lighthouse Transaction Manager using DUKPT w/ MTE.

  9. The authorization response is sent to the UTG over Shift4 secure payment network.

  10. The transaction response is sent back to the POS / PMS.

 

Cloud Hosting EMV Network Data Flow

 

   If you're using IP based EMV PIN Pads then you will likely only have a single UTG installed. In this case, only a single port needs to be used.
  1. The user initiates a credit card transaction (Sale, Pre-Auth, Validation, etc.). 

  2. The Execu/Tech software on the Hosted Server sends a transaction request to the Shift4 UTG via the customer’s Public IP Address and appropriate port number. No sensitive information is contained in this request. 

  3. The customer’s Router / Firewall will forward the request to the appropriate Shift4 UTG installation based on the port number of the request.

  4. The Shift4 UTG will communicate with the appropriate EMV PIN Pad until the transaction is competed. No sensitive cardholder information seen or passed through the Execu/Tech server or software.

  5. The Shift4 UTG returns the result of this transaction to the Execu/Tech server. No sensitive information is returned. If appropriate for the transaction type, the returned information may contain the expiration date, last 4 digits of the card, and a token that that can be used for any additional transactions. 

http://https//www.shift4.com/pdf/Shift4-TrueTokenization.pdf

* The IP addresses in this image are examples. Do not attempt to configure your network / firewall / router with these examples.


Article ID
 shift4_data_flow
Views
 4507
Last Modified
 5/18/2022 10:45 AM