Don’t let some smooth-talking sales weasel bluff you into making the wrong decision. Get the facts first, and then make an informed decision. Ask the following questions:
- License Fee - Why should I pay a license fee of $10,000, $20,000, or $30,000 for a payment card solution that needs to support tokenization, point-2-point-encryption (P2PE), and EMV? What are alternatives to significantly reduce this fee?
- Support Cost - What are your annual support fees for your payment card solution?
- System Upgrades - What IBM upgrades are required to install your solution and what are the costs of these upgrades?
- Skills and Resources - What skills and resources are necessary to install your solution and complete the IBM upgrades?
- Scope - Is your solution considered In-Scope or Out-Of-Scope for PCI-DSS. In other words, does your solution have any visibility to the primary account number (PAN).
- PCI DSS Costs - What impact will your solution have on the skills, resources, and costs I will require to maintain PCI-DSS compliance?
- Hidden S/W Vendor Fees - Does your organization charge per transaction fees or impose volume limitations tied to your license fee?
- Cloud Considerations - Do you offer a Cloud solution including the necessary hosting services? What are your qualifications for providing hosting services? Do you house your cloud solution in a PCI-DSS compliant data center?
- Payment Solution Impact on Performance of Production Systems - What will the performance and security impact on your production systems be if it is run on the same system as your payment solution?
- Production Systems Impact on Performance of Payment Solution - What will the performance and security impact on your payment solution be if it is run on the same system as your production systems?
- Solution Portability - Do you plan to run your business on an iSeries in the future, or perhaps move to another platform? Will your payment solution port to your future platform?
- PCI-DSS Exposure – If you run your payment solution on the same system as you run other production software, how do you intend to address the following PCI DSS requirement... PCI_DSS_v3-1 and PCI_DSS_v3-2 - 2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.) Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
- Integration and Deployment Options - When you run your payment solution on POWER, what will be your integration options and what restrictions will be imposed on your deployment options?
- Certifications/Validations - Is your solution processor certified and IBM Validated for POWER?
- Test Software – Does your software vendor provide fully functional test software at NO CHARGE so you can install, test, and integrate before making a purchase decision!
We hope you find the above useful. If you have questions or suggestions, please call CFXWorks at 678-455-0952.