Applies to:          Stayntouch PMS          

EMV Configuration for Shift4: For the Implementations Team

WHAT IS EMV? 

EMV—which stands for Europay, MasterCard, and Visa—is a global standard for credit cards that uses computer chips to authenticate (and secure) chip-card transactions. 

OVERVIEW OF THE CONFIGURATION PHASES

With Shift4 (our EMV provider), installation of the EMV devices is typically done in two phases.

BEFORE PHASE 1: ORDER DEVICES

Ordering devices involves Shift4’s Sales Team working with a technical contact at the property to order and deliver devices to the property contact. 

Both the status of properties onboarding onto the Shift4 platform as well as device delivery tracking for these sites is available on the Shift4 portal for Stayntouch here. 

Christopher Olson is the main point of contact at Shift4 and can be contacted at colson@shift4.com. Christopher Olson will order devices only for end-to-end Shift4 clients (meaning those clients who are using Shift4 as a gateway and a processor) at no cost to the client. For hotels only using Shift4 as a gateway, Shift4 will recommend 3rd party vendors from whom the client can purchase devices. See the list below. This is a list of key injection facilities that gateway only merchants can reach out to purchase devices with the Shift4 keys already injected.

• KIFS
• The Phoenix Group: info@phoenixgrouppos.com
• POSDATA Group, Inc.: www.posdata.com
• POS Portal: www.posportal.com
• JR POS Depot: www.jrorders.com

PHASE 1: INITIAL TESTING OF SETTINGS

• The interface PC needs to be either whitelisted for (or have a public IP NAT to internal IP also whitelisted for) the cloud server IP addresses listed below on port 277.

  • Please find below a list of Stayntouch IP addresses (for customers logging into the PMS with the https://pms.stayntouch.com/ link), which will need to be granted access to the interface PC (also referred to as the Comtrol PC).

    • 107.20.88.165
    • 18.204.122.217
    • 18.235.212.108
    • 35.175.41.146
    • 52.0.227.64
    • 54.144.36.255

  •  Please find below a list of Stayntouch IP addresses (for customers logging into the PMS with the https://pms.eu.stayntouch.com/ link), which will need to be granted access to the interface PC (also referred to as the Comtrol PC).

    • 3.122.11.225
    • 3.122.153.217
    • 3.122.160.30

  • Please find below a list of Stayntouch IP addresses (for customers logging into the PMS with the https://pms.us.stayntouch.com/ link), which will need to be granted access to the interface PC (also referred to as the Comtrol PC).

    • 54.225.198.118
    • 34.200.153.180
    • 34.193.10.117
    • 52.21.10.221
• This public IP needs to be provided in advance to ensure connectivity is tested and verified between Stayntouch and Shift4 UTG services. 

LISTENING ON PORT 277 FOR SHIFT4 UTG SERVICE

• The Stayntouch Implementation Consultant will reach out to the hotel to schedule a 30-minute remote session. During this session, the Stayntouch Implementation Consultant should gain access to the interface PC, go to the command prompt, and enter the following prompt: netstat -n -a -o | find "LISTENING". This will list all the addresses and ports that are being listened to on the machine, with the process ID that actually listens to each one. 

• We need to run the above prompt to make sure that port 277 is actually being used for the UTG service and not something else. For example, in the screenshot below, you can see that port 277 is listening to 4272. In this screenshot, we checked whether 4272 was the UTG service by going to the Task Manager. The Task Manager shows you all the processes that are running. As you can see 4272 is not the UTG service. Instead, the UTG service is 8716, so we'll need to make sure port 277 is listening to 8716. Only once port 277 is listening to 8716, can you move onto the next step.

• Once that is confirmed, the Stayntouch Implementation Consultant will need to perform a Telnet test from Stayntouch Admin > Tools > Telnet Tester. In the HOST field, enter the property IP address (below we have entered "x's"—these should be replaced with the property IP address), and in the PORT field, enter 277. Once you've entered that information, click TEST. If successful (indicated by the second screenshot below), you will then be able to connect to that public IP address from Stayntouch PMS.

• Items to Note: 
  • Please take a screenshot of the ports listening and the Task Manager like the sample above, whether successful or not.
  • An additional troubleshooting step you can take to verify you are listening to the UTG service on port 277 is to switch off the UTG service by ending the process through the processes list on the Task Manager. When the UTG service is switched off, the Telnet test should fail. Once you turn on the UTG service again, the Telnet test should be successful. If you're still seeing that the Telnet test is successful when the UTG service is turned off, it means something else is listening on port 277, not the UTG service.

ROVER WINDOWS SERVICE INSTALL

• During this same session, the Stayntouch Implementation Consultant should connect to each workstation at the front desk to install the Rover Service file ( Rover Windows Service Version 1.8.0.2) and name each of the front desk workstations. See below standard for naming workstations:
  • WORKSTATION NAMING GUIDELINES: Please note that for each workstation, there is a WORKSTATION NAME and a WORKSTATION ID.

TROUBLESHOOTING STEPS FOR ROVER WINDOWS SERVICE

• If the Rover Service file is not running (see error below), the Stayntouch Implementation Consultant will need to go into the host file on each workstation and add 127.0.0.1 localhost.stayntouch.com.
  • File path: C:\WINDOWS\system32\drivers\etc\hosts – right-click and open as administrator
  • Save and overwrite host file.
• Once the host is updated, the CONNECTION STATUS should be successful.

• Once the CONNECTION STATUS is successful, upon login, each workstation will prompt for entry of a WORKSTATION NAME and WORKSTATION ID. Please follow workstation naming conventions above and enter per standards specified.
• Once the Rover Service file is installed on a Front Desk workstation, you will now see an additional menu item from Settings called Device Status (see screenshot below). This confirms that Rover Service and your workstation are communicating.

HOTEL CC DESKTOP SWIPE

To enable desktop credit card swipe at a hotel, a Stayntouch team member will need to navigate to Stayntouch Admin > Hotels > Hotels > Select Hotel > Hotel CC Desktop Swipe and enable the ALLOW DESKTOP SWIPE toggle. From there, you'll be required to enter a CC SWIPE LISTENING PORT number and a CC SWIPE LISTENER URL. Please note, even though we no longer use credit card swipe devices or MagTek readers, the Hotel CC Desktop Swipe section needs configured in order for the PMS to accept an external system.

PHASE 2: SHIFT4 INTEGRATION AND SWITCHOVER TO EMV

• Initiate EMV cutover on the decided upon Go Live date. The property, Shift4, and Stayntouch ALL need to be on the “switchover” call. Credit card testing on the new EMV terminals will follow the cutover. 
• Stayntouch to schedule Shift4 resources using booking link provided, on required cutover date and time based on discussion with the property and availability of a resource. 
• Stayntouch Implementations Team contacts are as follows:
  1. Onboarding Email: <onboarding@stayntouch.com>
  2. Project Coordinators: Angelique Aviles <angelique.aviles@stayntouch.com> and Britt de Roij <britt.deroij@stayntouch.com>

NOTE: During cutover, Shift4 will ask the property to inform the front desk staff to stop accepting credit card swipes. (Swiping credit cards will result in additional pending transactions, which will result in more mix batch scenarios.)
 

• Shift4 resources will connect to the interface PC on the scheduled date and install the UTG.
• Once Shift4 is done, Shift4 will provide the following:
  • Self-signed SSL certificate (see below)
  • Private key for that certificate (see below)
  • 
  • Password for the private key
  • Which port UTG is running (should generally be 277)
  • Terminal identifiers for each EMV terminal workstation
• In Stayntouch PMS, go to Settings > Integrations > Utilities > EMV Terminals > + ADD NEW, and enter a TERMINAL NAME and TERMINAL ID (e.g., 001, 001).
• The Shift4 installer will email the cert.key and cert.crt to the Stayntouch Implementation Consultant.
  • Note: If this is not done, they will have this saved on the interface PC in the (C://shift4) folder.
• The Stayntouch Implementation Consultant will run a script to modify and merge the self-signed SSL certificate and private key.
• Steps below to modify and merge self-signed SSL certificate and private key files:
  • To combine the two certificate files, you will need to use a tool called openssl. This is readily available on MacBook machines through Terminal.app. Shift4 should give the Stayntouch Implementation Consultant a zip file with two files: cert.crt and cert.key. 
  • On the MacBook, extract the zip file (provided by Shift4) to the Downloads folder on the MacBook. There should be a Downloads directory. In this directory, create a folder titled Shift4.
    • For example, /Downloads/Shift4/
  • Open the Terminal.app.
  • Enter the following:
    • cd ~/Downloads/Shift4/
    • Press Enter/Return on the keyboard.
  • Enter the following:
    • openssl rsa -in cert.key -out cert2.key
    • Press Enter/Return on the keyboard.
  • The next command will prompt the password (provided by Shift4)
    • Enter the password.
    • Press Enter/Return on the keyboard.
  • Enter the following:
    • cp cert.crt server.pem
    • Press Enter/Return on the keyboard.
  • Enter the following:
    • cat cert2.key >> server.pem
    • Press Enter/Return on the keyboard.
  • You will now notice a new merged server.pem file appear in the directory. This is your combined self-signed cert to upload to Stayntouch Admin > Hotels > Hotels > Hotel Payment Gateway Settings. Attach this where it says UTG CERTIFICATE.
    • Note: When you attach the UTG certificate and click SAVE CHANGES, it will not show that the certificate is attached if you go back and check.

BEFORE STARTING SETUP

• Once EMV is activated, the property CANNOT use any other card swiping devices (MagTeks, iCMPs, etc.). 
• In Short: If EMV is ON, only use EMV compliant devices. 
• During the cutover from their current device to the EMV devices (Shift4, a team member at the property, and a Stayntouch team member are all present), there will be approximately 10-15 mins of “downtime”. 

  • Please note, check-in activity does not need to come to a halt; the front desk staff can continue checking in guests by manually entering credit card numbers into Stayntouch PMS. Only device usage will be unavailable for this short duration.

  • If switching from non-EMV to EMV, old batch will be closed and settled at that time, so all EMV transactions will now be recorded as a new batch post-downtime.

STAYNTOUCH ADMIN SETUP

• Navigate to Stayntouch Admin > Hotels > Hotels > Hotel Payment Gateway Settings.
• Configure the following settings:
  • Enter the SHIFT4 AUTH TOKEN: This is provided by Shift4.
  • Enter the SHIFT4 UTG URL: The IP address to be used here will be provided by the property IT. Make sure to replace the "x's" (see sample URL below) with the IP address the property shares.
    • Sample SHIFT4 UTG URL: https://xx.x.xx.xx:277
    • Please note, the IP address shared by the property will always be followed by port :277
  • The SHIFT4 SANDBOX MODE toggle should NEVER be enabled. It is only for testing.
  • You'll also need to attach the UTG CERTIFICATE. Refer to Phase 2 above to get the .pem file to upload. (link)

INITIAL EMV CONFIGURATION IN STAYNTOUCH PMS

Terminal Settings 

• Enter the TERMINAL NAME and TERMINAL ID from Settings > Integrations > Utilities > EMV Terminals.
• Reminder: TERMINAL ID will be provided by Shift4.

Configure Terminal With A Workstation

• Proceed to Settings > Integrations > Utilities > Workstations. 
• Choose the workstation to which you need to connect the EMV device.
• Navigate to EMV TERMINAL space under Edit Workstation.
• Select your EMV TERMINAL from the dropdown menu. 
• Choose SAVE CHANGES at the bottom of the page. 

REQUIREMENTS 

Requirements for EMV Setup to Begin: 

• Devices On Site:The property must have their EMV devices on hand/in their possession. 
  • Delivery of devices typically takes 6-8 weeks. (Expediting devices may be possible; contact Shift4 for assistance.) 
• One-to-One Ratio: The property will need ONE dedicated EMV device for EACHworkstation.

  • Each workstation will be assigned its own iPad/computer. 

• Label Devices: Once Shift4 shares the EMV’s Lane Number (aka Terminal ID), make sure to label the devices. This will help to prevent confusion during testing/activation and during troubleshooting if needed. 

GET TO KNOW THE HARDWARE

(1) EMV Device 

Requires:  A network cord (that allows the EMV to connect to a power source and provides network access).  Shift4’s logo will need to appear on the screen.  *There is more than one type of EMV device. The device in the image on the left is the Lane/3000. Here is a link for all types of devices supported.

(2) Interface PC

Requires:  Please find below a reminder of the hardware requirements that need to be met in order to proceed with your interface installation (if not a direct interface with Stayntouch PMS). Windows Server 2022/Windows 11 Professional Minimum Drive Requirements: 250GB HDD or 128GB SSD (Not sure what the difference is? Read about it here.) Minimum 8GB RAM Minimum Processor Intel Pentium i3 dual-core Minimum of 2 VACANT USB ports Computer must be connected to the local network as well as have access to the Internet. Please name this PC “SNT- Property Code- Interface PC”. For serial connections, the property will need to have the proper cable in place at the time of integration. If you are looking for a recommendation, we have had success with this type of cable. If you will need an IP/serial converter, this recommendation comes directly from Comtrol. Virtual PCs are not permitted; this must be a dedicated interface PC. Note: The same interface PC may be used for Comtrol installation for other serial connections at the property.

(3) Stayntouch PMS