- Question 1: Why would a merchant want to be "Out-Of-Scope" for PCI DSS?
- For the answer to this question, please review our Blog Post.
- Question 2: Is CFXWorks’ PaymentCardXpress (PCX) "In-Scope" or "Out-Of-Scope"?
- Coalfire, a PCI DSS QSA, has confirmed that PCX is "Out-Of-Scope". PCX does not capture, store, process, or transmit the PAN. PCX uses Elavon’s Fusebox and Simplify technology to perform these services. PCX has NO visibility to the PAN. Since the PAN is the “defining factor” for card holder data, PCX is Out-Of-Scope for PCI-DSS/PA-DSS. Also, PCX does not store the service code, track data, CVV2, or PIN/PIN block.
- Question 3: If CFXWorks’ PCX is "Out-Of-Scope", are users of PCX "Out-Of-Scope"?
- This could be a trick question because PCI DSS applies to a using organization’s:
- Application Software
- Operating System level software
- Network hardware and software
- Policies and Procedures
- Basically, everything in the using organization’s environment that has anything to do with capturing, storing, processing, or transmitting the PAN; and/or has any visibility to the PAN is subject to PCI DSS. Therefore, any one component, including PCX, could be "Out-of-Scope" for PCI DSS causing the merchant to be "Out-of-Scope".
- Question 4: What does PCX cost, including the license fee and support?
- Call CFXWorks for pricing information (678-455-0952). Ask about our special pricing for existing CFXWorks customers and for non-profit organizations.
- Question 5: Does CFXWorks offer "non-profit" organizations a discount?
- YES. Call CFXWorks for pricing information (678-455-0952).
- Question 6: Does PCX have a tiered based pricing model that imposes volume limitations?
- NO. PCX has NO VOLUME limitations.
- Question 7: Does PCX support multiple merchant accounts?
- Yes. PCX supports one to multiple merchant accounts.
- Question 8: Does PCX change extra for multiple merchant accounts?
- Yes. Our base product supports three merchant accounts. There is an added fee for over three merchant accounts.
- Question 9: Does CFXWorks charge any per transaction fees?
- NO. CFXWorks charges NO PER TRANSACTION fees.
- Question 10: Does CFXWorks charge any fees other than a license fee and an optional annual support fee?
- Only support fees which are optional.
- Question 11: What integration options are supported by PCX?
- CFXWorks supports many integration options. Our assumption is that our users tend to be larger organizations with significant front and back office system integration requirements. Therefore, we specialize in offering many options. Please view our blog Integration Options for a brief discussion of these options or call us at 678-455-0952 to discuss.
- Question 12 What integration option is best for my organization?
- This is the subject of a new CFXWorks’ blog entry that is currently work-in-progress. Call us at 678-455-0952 to discuss.
- Question 13: CFXWorks’ PCX offering is written in Java. Do programmers need to know Java to integrate PCX with front and back office systems?
- NO. But I think you will find that Java runs on nearly every platform you can imagine. Go ahead use the language of your choice, but if you choose to use Java CFXXWorks can provide you many Java source code examples that illustrate how to perform most or your integration tasks. Maybe this is the time to kick the Java tires. You won’t regret it. Believe me, once you try Java, you will never look back!
- Question 14: Does PCX support processors other than Elavon?
- Our PCX solution supports Elavon's Fusebox and Simplify gateways. However, these gateways support several other processors. The list is growing but currently it includes American Express, Chase Paymentech (Tampa), First Data (International Settle, NB, South RM3, and Nashville), Heartland, Moneris, TSYS, Vantiv (Fifth Third), Worldpay (RBS Lynk). Please view our blog entry Processor Redirect for additional information.
- Question 15: Must my organization purchase an Elavon merchant account to run test transactions on PCX?
- PaymentCardXpress users do NOT NEED TO PURCHASE an Elavon merchant account to run test transactions sent to Elavon’s test server. Elavon will provide the using organization with a test merchant account.
- Question 16: Must my organization purchase an Elavon merchant account to run production transactions on PCX?
- PaymentCardXpress users MUST PURCHASE an Elavon merchant account to run production transactions sent to Elavon’s production server. This account must be registered by Elavon as a user of CFXWorks’ PaymentCardXpress payment solution.
- Question 17: What does an Elavon merchant account cost?
- Please contact Rodrigo Almeida @727-431-4464 Rodrigo.Almeida@elavon.com
- Question 18: If your organization already has an Elavon merchant account, must you purchase a new merchant account from Elavon to run production transactions using PaymentCardXpress?
- PaymentCardXpress uses Elavons Fusebox Gateway which is a new Elavon offering. There is little probability that your organization is a current user of this new gateway. Elavon may be willing to switch your current account to Fusebox. However, Elavon must registered this new account as a user of CFXWorks’ PaymentCardXpress payment solution.
- Question 19: What if I need to change credit card processors in the future?
- CFXWorks’ PaymentCardXpress solution supports Elavon's Fusebox Gateway. Elavon's Fusebox Gateway supports many processors . Please view our blog entry Processor Redirect for additional information or discuss this directly with Elavon. Please see question number 15 for a list of processors supported.
- Question 20: My organization has an IBM iSeries (AS/400) installed. Does PaymentCardXpress support this platform.
- Yes. PaymentCardXpress will run on the IBM iSeries, the AS/400, or the IBM POWER platform, whatever IBM chooses to call this system. However, PaymentCardXpress does require a current Version of the IBM i operating system and Java 1.8 to be installed.
- Question 21: What market segments does PaymentCardXpress support?
- PaymentCardXpress supports the eCommerce, Mail Order Telephone Order (MOTO), and the Retail market segments.
- Question 22: Your documentation refers to "Fusebox" and "Simplify". What are these two things?
- Fusebox is a payment gateway intended to mitigate risk by ensuring that card holder data is stored behind Elavon’s firewall. Fusebox is built on proven and redundant switch technology to deliver maximum uptime. Fusebox adheres to the latest PCI-DSS security standards.
- Simplify is Elavon’s PIN Pad-based terminal application designed to process electronic payment transactions from a Point of sale (POS) system. Simplify supports point-to-point-encryption and EMV.
- Question 23: Our organization uses an order entry system written in RPG and 5250 emulators to interface with our users. The 5250 emulators may run on thin clients. Can PaymentCardXpress support this environment using point-to-point-Encryption and/or EMV technology?
- Question 24: Our organization requires support for IBM iSeries data queues and DB2 residing on an iSeries. Can PaymentCardXpress support this environment?
- Question 25: PCI DSS requires that we replace use of SSL with TLSv1.2 to connect to Elavon. Does PaymentCardXpress support TLSv1.2?
- Yes. PaymentCardXpress does support TLSv1.2. However, TLSv1.2 does require use of Java 1.8. It may also require an operating system upgrade. Call us if you have questions about TLSv1.2. We have had a lot of experience dealing with this issue.
- Question 26: We are being told by our consultant that to be "Out-of-Scope" we need to use iframe technology and tokenization to integrate our shopping cart with our payment card solution. Can PaymentCardXpress support this requirement?
- Yes. PaymentCardXpress does support iframe technology as one of our integration options. The iframe technology does support tokenization.
- Question 27: If my management team demands that I change platforms (computer hardware, operating system, and/or database server) what options does PCX support?
- CFXWorks tests PaymentCardXpress on many platforms and database servers including the following:
|Platforms:||Operating Systems||Database Servers:|
- (1) IBM Certified
- CFXWorks does not charge you a new license fee if you choose to change platforms. If your platform of choice isn’t on our list of tested platforms… call us 678-455-0952.
- Question 28: Is PCX a “Cloud” based offering or can I run it internally on my own systems?
- There is NO REQUIREMENT to run our software in the cloud (public or private). However, many of our customers run PCX on a VMWare Virtual Machine (private cloud environment) and simply connect to their IBM POWER processor, or whatever system they are running their other production software on, across the Internet or Intranet. This way they can delay paying for unnecessary IBM POWER upgrades (software and possibly hardware) that they don’t currently need. Also, they can isolate their payment solution from systems being used to run their front and back office systems. In addition to saving, or delaying, upgrade costs, there are positive performance and PCI-DSS reasons for using this deployment scenario. CFXWorks has been very aggressive in building and testing cloud solutions over the past half dozen years. We love the technology for building test systems. Also, we are convinced that cloud offerings will someday be in our future. But today, we don’t believe that for security reasons, they are ready for prime time!
- Question 29: Is a demo software available from PCX?
- Absolutely YES! Call us to discuss how this can be done allowing you to not only kick the PCX tires at NO CHARGE from CFXWorks, you can also complete you front and back office systems integration efforts without paying any CFXWorks license or support fees.
- Question 30: Can the demo be installed on my internal system?
- Our intent is that you install it on your system.
- Question 31: If I am interested in PCX, how do I get started?
- Call CFXWorks at 678-455-0952, we love to talk to prospective new customers.
- Question 32: If I have technical or business questions?
- Call CFXWorks at 678-455-0952 or send us an email to firstname.lastname@example.org