Questions to ask your solution provider before you select a payment solution for your IBM POWER processor?

Don’t let some smooth-talking sales weasel bluff you into making the wrong decision. Get the facts first, and then make an informed decision. Ask the following questions:

  • License Fee - Why should I pay a license fee of $10,000, $20,000, or $30,000 for a payment card solution that needs to support tokenization, point-2-point-encryption (P2PE), and EMV? What are alternatives to significantly reduce this fee?
  • Support Cost - What are your annual support fees for your payment card solution?
  • System Upgrades - What IBM upgrades are required to install your solution and what are the costs of these upgrades?
  • Skills and Resources - What skills and resources are necessary to install your solution and complete the IBM upgrades?
  • Scope - Is your solution considered In-Scope or Out-Of-Scope for PCI-DSS. In other words, does your solution have any visibility to the primary account number (PAN).
  • PCI DSS Costs - What impact will your solution have on the skills, resources, and costs I will require to maintain PCI-DSS compliance?
  • Hidden S/W Vendor Fees - Does your organization charge per transaction fees or impose volume limitations tied to your license fee?
  • Cloud Considerations - Do you offer a Cloud solution including the necessary hosting services? What are your qualifications for providing hosting services? Do you house your cloud solution in a PCI-DSS compliant data center?
  • Payment Solution Impact on Performance of Production Systems - What will the performance and security impact on your production systems be if they are run on the same system as your payment solution?
  • Production Systems Impact on Performance of Payment Solution - What will the performance and security impact on your payment solution be if it is run on the same system as your production systems?
  • Solution Portability - Do you plan to run your business on an iSeries in the future, or perhaps move to another platform? Will your payment solution port to your future platform?
  • PCI-DSS Exposure – If you run your payment solution on the same system as you run other production software, how do you intend to address the following PCI DSS requirement... PCI_DSS_v3-1 and PCI_DSS_v3-2 - 2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.) Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
  • Integration and Deployment Options - When you run your payment solution on POWER, what will be your integration options and what restrictions will be imposed on your deployment options?
  • Certifications/Validations - Is your solution provider certified and IBM Validated for POWER?
  • Test Software – Does your software vendor provide fully functional test software at NO CHARGE so you can install, test, and integrate before making a purchase decision!

We hope you find the above useful. If you have questions or suggestions, please call CFXWorks at 678-455-0952.