Our experience designing and developing secure messaging solutions suggests that the first step in the process is to define and implement a security model. Some software vendors build their application first, then try to add security on top. Experience proves that security must be a bottoms-up design and implementation process that includes such capabilities as an Identity Access Management (IAM) system, audit trails, strong encryption, application layer security, two-factor authentication, and much more. CFXWorks' approach for each of our payment and gift card solutions has been to start with the security model.
Our basic belief is that PCI-DSS isn't working. Merchants have spent millions of dollars implementing it, but the results don't seem to reflect millions of dollars of improvement. PCI wants you to think the problem is with the merchant. CFXWorks thinks the problem is that the payment process is flawed. Who owns the payment process? Isn't it the major credit card networks? It certainly isn't the merchants. As long as the major credit card networks control PCI-DSS, rather than fix the flaws in their process, they will continue to play the blame-game. Therefore, CFXWorks supports the request by the National Retail Federation (NRF) for the Federal Trade Commission (FTC) to critically evaluate the structure and membership of PCI, the proprietary nature of PCI-DSS (and their effects on their businesses), and the significant anti-competitive and conflict-of-interest problems associated with PCI-DSS. We believe that there is significant value in PCI-DSS as a "guideline", but as a "regulation", it is a negative. Isn't letting PCI-DSS be controlled by the major credit card networks like letting the fox in the chicken coop?
In spite of our concerns about PCI-DSS, we have attempted to implement the PCI-DSS requirements in the code we designed and authored. Our PaymentCardXpress (PCX) solution supports TLSv1.2, Tokenization, and EMV. PaymentCardXpress has no visibility to the Primary Account Number (PAN). Therefore, according to PCI-DSS, it is an “Out-of-Scope” payment solution. CoalFire, a PA-DSS QSA, has confirmed PaymentCardXpress to be "Out-Of-Scope".
CFXWorks has also developed other custom secure gateway solutions including: shipping APIs, fraud protection APIs, as well as custom secure gateways for several government and law enforcement agencies.
CFXWorks' CEO, Al Nickles, spent 25 years at IBM. He was the inventor of IBM's System Application Architecture (SAA) and of MQ Series and ran the initial MQ Series development lab. Shortly after leaving IBM, he formed CFXWorks which initially was a consulting and services company that functioned as a sub-contractor to both IBM and HP.
In the early 1990 time frame, it became obvious that for the Internet to become commercially viable, it needed major security improvements. From his MQ Series experiences, Al knew that MQ lacked the needed capabilities, so he began to develop a cost effective solution that did not seriously degrade performance. Ultimately, he developed the technology called WebMaster Commander, patent #6,134,591. Some experts claim that this patent is infringed upon by both firewalls and EMV. Over the next several years, under contract to various government agencies, he custom designed and developed several secure messaging solutions for these organizations.
In 2001, CFXWorks received a request from a customer to develop a payment gateway. It began with a 250 page specification from NOVA Information Systems, now called Elavon. Incidentally, a payment gateway is an example of a secure messaging solution that implements a messaging protocol and syntax that is proprietary to the processor the gateway supports.
Over the past seventeen years, CFXWorks has developed payment gateways supporting Elavon, Paymentech, First Data, Global Payments, Authorize.Net, American Express, and TSYS. Our encryption and payment software is installed by over 500 organizations.
Meet the Team
CFXWorks has been, and plays to continue as, a family owned and operated business. We also work with consulting organizations and independent consultants who provide CFXWorks and our customers value added technical and industry expertise. We do not attempt to compete with these consultants by offering services that compete with them nor do they pay us a referral fee.
Vice President Development
Implements our websites, the database activities within our products, and is currently working to integrate the Magento shopping cart with our payment and gift card solutions.
Al worked for IBM where he invented several products including MQ Series. He is our chief architect and is responsible for implementing all our payment and gift card gateways and the security features required to support PCI DSS.
Chief Financial Officer
Manages our financial affairs and is responsible for identifying risk, compliance and reducing cost.
Establishes relations with development partners and independent contractors who do custom design and programming work for CFXWorks and our customers.
Resolves technical issues and responds to questions related to our products.
Responsible for sales, pricing and managing customer and reseller relations.
If you are concerned about any of the following, please contact CFXWorks today to discuss our Credit Card and Gift Card Payment solutions in more detail:
- Thinking about moving your payment solution to another platform or operating system?
- Thinking about switching to a different database server?
- Thinking about cloud based deployment of your payment solution?
- Thinking about switching to a different processor?
- Thinking about whether or not EMV makes sense for your organization?
- Concerned about the cost of license, support, or transaction fees associated with your payment solution?
- Concerned about the cost of upgrading your platforms and system software to support TLSv1.2?
- Concerned about the cost of integrating a payment solution with your front and back office systems?
- Concerned about the best way to integrate your payment solution with your front and back office systems?
- Concerned or confused about PCI-DSS?
Contact CFXWorks today and give us the opportunity to explain why our payment solutions are more affordable, more flexible and more secure than our competition!