Execu/Tech Systems, Inc.
Knowledgebase
Search:
850-747-0581 Email Website
Contents
 
:
IndexBookmarkPrint This Article

Home > Credit Card Processing > Shift4 Credit Card Processing > Shift4 Installation > Shift4 EMV Setup

Shift4 EMV Setup

API Terminal ID and PMS Terminal Numbers

IP Address and Port

Critical Information for Hosted Customers

 


Credit Card Masking

If this is a new install (you have never had Shift4) or your Shift4 install hasn't been updated in years, you must run a program to properly mask existing card numbers and prevent entry of unmasked card numbers in the future. The program name is MENUS4MK. See Run Program by Name.

  1. Please contact your Shift4 representative for information on where to purchase EMV PIN Pads and what kind are compatible and fit your needs.
  2. Shift4 will facilitate installing and configuring the UTG service as well as the EMV PIN Pads. Shift4's UTG (Universal Transaction Gateway) is an application that facilitates communication between Shift4, the EMV PIN Pad, and Execu/Tech software.
  3. Each Execu/Tech terminal that needs to process credit cards via EMV PIN Pad will need a dedicated EMV PIN Pad. We do not support sharing a PIN Pad between multiple terminals.

    If the Execu/Tech terminal will not handle physical cards (call center, reservation office, etc.) then an EMV PIN Pad isn't required although it's recommended. This terminal can use the i4Go V2 interface which allows secure manual card entry into an encrypted window.

API Terminal ID and PMS Terminal Numbers (They aren't random)
When Shift4 is ready to perform the configuration of the PIN Pads, you must let them know which terminal numbers need to be configured. Please read the information below that explains how to number the PIN Pads. It's very simple, but if not followed, the PIN Pads won't work.  


Access Tokens

You may need to obtain a new Access Token, especially if you're upgrading to EMV PIN Pads.

Check with Shift4 to determine if this is necessary. https://www.shift4.com/support

  • If it is, either Shift4 or the customer must provide an Auth Token.
  • This Auth Token will be used to generate a new Access Token.
  • Verify with Shift4 that any current "card on file" tokenized cards can be used with the new Access Token.
  • If you are processing cards at any terminal without an EMV PIN Pad, make sure Shift4 provides an Auth Token that is also compatible with Shift4 i4Go V2. Failure to do this may result in an inability to process cards outside of an EMV PIN Pad. 
  • This page will help clarify the difference in security tokens used by Shift4: Shift4 AuthToken, AccessToken, AccessBlock.

 

API Terminal ID and PMS Terminal Numbers (They aren't random)

  • In the UTG TuneUp, DO NOT USE LEADING ZEROS in the API Terminal ID!
  • When configuring the EMV PIN Pads in the Shift4 UTG TuneUp, make sure that the API Terminal ID matches the Execu/Tech software terminal number WITHOUT leading zeros. For example:

      PMS Terminal 01   =     API Terminal ID 1 
      PMS Terminal 10   =     API Terminal ID 10 
      PMS Terminal 23   =     API Terminal ID 23 

IP Address and Port

  • Execu/Tech software does not communicate with the EMV PIN Pad, it communicates with the Shift4 UTG (Universal Transaction Gateway). Because of this, you will need to provide us with the IP Address and Port of each UTG that's been installed. The default port is 17476 but can be changed to any unused port.
  • Execu/Tech software communicates with the TCP/IP API. This must be installed in the UTG TuneUp.
  • If only a single UTG was installed, we only need the IP address and Port of this UTG. This is common when Direct TCP/IP EMV PIN Pads are used.
  • If each computer with an EMV PIN Pad has its own UTG installed, we need the IP Address and Port of each UTG and the corresponding Execu/Tech terminal number.

Critical Information for Hosted Customers
  • To maintain proper security, the UTG is installed locally, at your property. This ensures that no credit card data is sent to, or travels through, Execu/Tech software or the cloud server.
  • You must have a static public IP address. Please let us know what this IP address is so we can configure our application, hosted on the cloud, to communicate with your locally installed UTG.
  • Execu/Tech will provide you with the IP address of the hosted server so that you can whitelist it.
  • All computers where the UTG is installed must have a static internal IP address.
  • If only one UTG will be installed at your location, make sure that it's installed on a computer that is always on and all employees know this is a requirement.
  • The communication will occur over the TCP protocol.
  • The default port is 17476, but can be changed to any unused port. This port will need to be opened for incoming traffic on your router / firewall.
  • Hosted customers will install Shift4's UTG at their location, on the same local network with their terminals and EMV PIN Pad devices.
  • The customer's IT professional will need to modify any routers and firewalls to provide access to the hosted server to the UTG.
  • If more than one UTG has been installed, multiple ports will need to be configured to allow access.
    If multiple UTGs are installed, configure the router to forward a different port to each UTG. Let us know the IP address and which port corresponds to which Execu/Tech Terminal.
  • We will provide you with the IP address of the hosted server where the connection will come from so you can properly secure your network.
 Router / Firewall Example Configuration

The default port is 17476, but can be changed to any unused port. This port will need to be opened for incoming traffic on your router / firewall.

***These are only examples, not necessarily your actual IP addresses. Private IP Address Ranges


Computer / Device IP Address
Hosted Server 10.10.10.10* (Public IP Address) *This is just an example using a private IP address. The actual IP address will not begin with 10.
The Hosted Server will send requests to your public IP Address.
The Hosted Server is on the cloud, located in one of Microsoft's Azure Datacenters.
Your Router   10.0.0.1* (Public IP Address) *This is just an example using a private IP address. The actual IP address will not begin with 10.
Your Router will take this request, see that it's coming from the Hosted Server's IP Address, on the specified Port, and forward it to the UTG computer.
Your Router is likely located at your property but may be accessible to IT professionals from outside of your local network.
Your Firewall
Your firewall may be on your router, as a separate device or even on each computer. Make sure that the communication from the Hosted Computer isn't blocked by your firewall. 
UTG Computer (one or more) 192.168.1.1 (Internal IP Address)
The UTG Computer receives this request, processes it, communicates with the EMV PIN Pads or Shift4, and then replies to the request.
The UTG Computer is located at your property on the same local network as the EMV PIN Pads.
*Keep in mind that the UTG Computer may have a firewall that needs to be adjusted to allow communication with the Hosted Server.

 
CLICK HERE for Cloud Hosting EMV Network Data Flow

 

We can't tell you how to modify your firewall and router. If you don't know how to modify the settings in your router and firewall, you should not be attempting to make these changes - you could cripple your network and lose internet access. Please contact an IT professional who is comfortable performing these tasks.






Article ID
 shift4_emv1
Views
 4039
Last Modified
 10/1/2024 5:29 PM