Family business shields consumers by protecting credit card data

Advertisement

Swipe your credit card at a retail store. Take a chance that your personal information will be stolen.

The Federal Trade Commission reports that identity theft occurs every four seconds in the U.S.

That's where Shift4 Corp., 1491 Center Crossing Road, comes into play. Since it was established in 1994, the family-owned and operated business has been thwarting the theft of card holder information, as well as giving merchants more control over how they process electronic payments.

"When it comes to card-present payment gateways (physically paying by credit card), we're the largest," said Randy Carr, vice president of marketing.

How large? The company helps process more than $36 billion each year for more than 18,000 merchants in 60,000 locations.

Shift4, a name chosen for its reference to a keyboard function, namely, the dollar sign, has 110 employees. Most are housed in cubicles, keyboards clattering away 24/7, as the company refuses to outsource customer support to countries halfway around the world.

The business was founded by Dave and Kathy Oder. JD, their son, is chief technology officer. Stephanie, their daughter, is the senior vice president of customer service. Susan Cooper, Dave's sister, is executive projects manager. Tom Stowers, a son-in-law, is the vice president of operations. And Carr is the nephew of the founders.

Surprisingly, outwitting the bad guys does not mean trying to think like them, searching for a weak link in the security of the system.

"Thinking like a bad guy implies we're trying to keep hackers from breaking into the system," Carr said. "Our view of how to approach security is slightly different -- if the bad guys really want to get into the system, they probably will. The question is, when they get in, what's there for them to steal?' "

He likened it to protecting a princess in a castle. Build a virtual moat, place archers atop turrets, install a draw bridge -- those are all things that a smart hacker, or data thief, can bypass.

But what if the princess isn't even in the castle to begin with?

That's how Shift4 operates. It removes all of the data that is at risk and stores it securely in its data centers. The merchant no longer has the burden of storing the at-risk data or protecting it.

"We take the princess out of the castle," he said.

Steve Harst, owner of Surf City Bar & Grill, 1435 W. Craig Road, has been in business eight years. In the summer of 2008, he implemented Shift4's technology.

"It's streamlined our credit card processing system, and we're no longer vulnerable to fines from American Express, Visa, MasterCard to Discover," he said. "Plus, I can go online any time ... from any location and access my transactions, even when I'm on vacation."

Harst said it also was an inexpensive tool against credit card and employee fraud.

As for its own castle, the Shift4 headquarters in Summerlin is taking no chances. The 17,000-square-foot building features double-gated entry systems -- the first door must close before the next one can open -- and all areas are video and audio monitored. Also, all interior entries require electronic ID cards, which record each entry and exit, as well as movement within the building.

"And every phone call is recorded, too," said Cooper.

It had better be, when all code for its programs are written on site. In addition to the tight security, the facility has redundant power with its own half megawatt backup generator.

"This place is a digital Fort Knox," Carr said.

According to Digital Transactions, a trade magazine published by Bob Jenisch, breeches of major companies' databases, despite them following payment card industry rules for safeguarding them, are on the rise -- in 2005, there were 158 breeches; in 2006, 312; in 2007, 466; and in 2008, 588.

In 2005, Shift4 invented the concept of Tokenization, replacing real credit card numbers stored in merchants' payment systems with information that had no value to anyone who might steal it.

Its newest technology is called 4Go and takes things a step further. It intercepts the card holder's information before it enters the merchant's system and replaces it with what's called false data. The false data is used to complete the transaction, and the real information never goes into the merchant's point of sale or property management system.

Hence, the princess is never even in the castle.

Best of all, the transformation does not require that the consumer or the merchant do anything different. As more pressure is put on merchants to become more secure, Carr said he sees Shift4's business experiencing exponential growth in the next couple years.

"I believe we can end card data theft from merchant systems using this type of technology," he said. "We like to tell our merchant clients 'They can't steal what you don't have.' "

For more information, visit www.shift4.com.

Contact Summerlin View and South Summerlin View reporter Jan Hogan at jhogan@viewnews.com or 387-2949.