Don’t let some smooth-talking sales weasel bluff you into making the wrong decision. Get the facts first, and then make an informed decision. Ask the following questions:
- License Fee – Why should I pay a license fee of $10,000, $20,000, or $30,000 for a payment card solution that needs to support tokenization, point-2-point-encryption (P2PE), and EMV? What are alternatives to significantly reduce this fee?
- Support Cost – What are your annual support fees for your payment card solution?
- System Upgrades – What IBM upgrades are required to install your solution and what are the costs of these upgrades?
- Skills and Resources – What skills and resources are necessary to install your solution and complete the IBM upgrades?
- Scope – Is your solution considered In-Scope or Out-Of-Scope for PCI-DSS. In other words, does your solution have any visibility to the primary account number (PAN).
- PCI DSS Costs – What impact will your solution have on the skills, resources, and costs I will require to maintain PCI-DSS compliance?
- Hidden S/W Vendor Fees – Does your organization charge per transaction fees or impose volume limitations tied to your license fee?
- Cloud Considerations – Do you offer a Cloud solution including the necessary hosting services? What are your qualifications for providing hosting services? Do you house your cloud solution in a PCI-DSS compliant data center?
- Payment Solution Impact on Performance of Production Systems – What will the performance and security impact on your production systems be if they are run on the same system as your payment solution?
- Production Systems Impact on Performance of Payment Solution – What will the performance and security impact on your payment solution be if it is run on the same system as your production systems?
- Solution Portability – Do you plan to run your business on an iSeries in the future, or perhaps move to another platform? Will your payment solution port to your future platform?
- PCI-DSS Exposure – If you run your payment solution on the same system as you run other production software, how do you intend to address the following PCI DSS requirement… PCI_DSS_v3-1 and PCI_DSS_v3-2 – 2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.) Note: Where virtualization technologies are in use, implement only one primary function per virtual system component.
- Integration and Deployment Options – When you run your payment solution on POWER, what will be your integration options and what restrictions will be imposed on your deployment options?
- Certifications/Validations – Is your solution provider certified and IBM Validated for POWER?
- Test Software – Does your software vendor provide fully functional test software at NO CHARGE so you can install, test, and integrate before making a purchase decision!
We hope you find the above useful. If you have questions or suggestions, please call CFXWorks at 678-455-0952.