CFXWorks

Improves Security

Reasons to Swap Out Your Current Credit Card Solution and replace it with PaymentCardXpress® (PCX) – #1 Improves Security

PCX has been confirmed by CoalFire, a PA-DSS QSA, to be Out-Of-Scope. For details on what we do and don’t do relative to PCI DSS please see our blog entry PCI DSS Validation.

CFXWorks‘ CEO, Al Nickles, spent 25 years at IBM. He was the inventor of IBM’s System Application Architecture (SAA) and of MQ Series and ran the initial MQ Series development lab.  Shortly after leaving IBM, he formed CFXWorks as a consulting and services company that functioned as a sub-contractor to both IBM and HP. For several years CFXWorks focused on designing and developing secure messaging solutions for government agencies and businesses that had specialized needs relative to security.

In 2001, CFXWorks received a request from a customer to develop a payment gateway. It began with a 250-page specification from NOVA Information Systems, now called Elavon. Incidentally, a payment gateway is an example of a secure messaging solution that implements a messaging protocol and syntax that is proprietary to the payment card processor.

Over the past seventeen years, CFXWorks has developed payment gateways supporting Elavon, Paymentech, Vital, First Data, Global Payments, Authorize.Net, American Express, and TSYS. Our encryption and payment offerings are installed by over 500 organizations.

CFXWorks learned by experience that the design and development of a secure messaging system begins with the design, development, and validation of a security model. We build our payment solutions on top of our security model using a design that we have refined over the past twenty-seven years. Our development process is a bottoms-up build process starting at the base with all the security components in place. Some vendors do the opposite starting by designing and building their solution then, attempting to insert security. This is a tops-down approach somewhat like closing the barn door after the horse got out. Our security model defines an integrated security architecture that contains the following components:

Note that CFXWorks defined our original security model over twenty-seven years ago and continues to refine it every year. Our CreditCardXpress™ and PaymentCardXpress® offerings implemented predecessors of our current security model. To our knowledge, neither of these payment solutions have ever been compromised.

Exit mobile version