PCI FAQ
Is AIMsi v9.0 PA-DSS certified?
Yes, Tri-Tech has spent a significant amount of resources, including development time and consultation, with reengineering the payment processes to adhere to the requirements set forth for PA-DSS certification. Currently Tri-Tech has engaged the services of Chief Security Officers (a certified QSA) for final certification of AIMsi v9.0.
Do I have to Upgrade to AIMsi v9.0 for my business to be PCI Compliant?
This question can only be truly answered by a certified QSA(Qualified Security Assessor). Tri-Tech is not a QSA. However, we can tell you that starting July 1st 2010 one of the requirements for PCI Compliance is that you use a payment application that is PA-DSS certified. Older versions of AIMsi are not PA-DSS certified.
Is Credit Card Information stored in AIMsi v9.0?
One of the key modifications in v9.0 was to no longer store credit card information in AIMsi. This fact alone greatly reduces the complexity for your business to be PCI compliant.
What if we need to store the customer's credit card information for Autopays or "Card On File"?
AIMsi now uses the latest credit card industry security standard known as tokenization to protect the sensitive cardholder data. We have been working closely with PPI over the past year to develop a seamless integration with AIMsi.
Why did Tri-Tech choose to partner with PPI rather than another company?
Tri-Tech has worked with PPI for many years. PPI is a valued partner to Tri-Tech and many AIMsi users. Prior to choosing PPI, 10% of AIMsi customers were already using PPI for their credit card processing. PPI has offered a price guarantee for Tri-Tech customers. These customers that already use PPI have had nothing but very positive things to say regarding PPI and their discount rates, support and customer service. PPI has also let us know that it is their intent to make sure they have the lowest rates possible.
What processors do PPI work with?
We know PPI works with FDMS and Paymentec for sure, Contact Alysha for more information.
Can I use PPI’s PayMover for tokenization and use another processor to authorize my credit cards?
The answer is no. Credit card tokenization is rapidly becoming one of the best ways to implement proper security and reach PCI compliance. However, there is not a standard for tokens to be shared by different parties. The service provider that generates the token is the only entity that is able to translate the token back to a card number.
Can I use PCCharge instead of PPI Paymover with AIMsi v9.0?
Yes, with the understanding that credit card information is not stored in AIMsi. Also, you will need to be using PCCharge v5.8.1 or higher along with installing SSL certificates on all computers that use PCCharge. Tri-Tech support will not be able to provide support with the installation of SSL certificates.
Update – PCCharge just announced the release of version 5.9. PCCharge version 5.8.1 has “grandfathered” PA-DSS certification until December 2010. After December you will need to upgrade again to PCCharge version 5.9 or higher.
How do I handle AutoPays with PCCharge if credit cards aren't stored in AIMsi?
You cannot use PCCharge to process autopays with the AIMsi software.
What if I have autopays to process but don't want to use PPI?
There are 3rd party companies like BGE Financial that can process your autopays for you. AIMsi v9.0 has a program to import a file of approved autopays from this 3rd party company and will post the payments for you automatically.
Update – AIMsi now works with FNMS and Mercury for credit card processing. Both gateways allow you to run autopays from AIMsi.
What are some of the benefits to using PPI's Paymover over PCCharge?
* PCCharge is single threaded. This means transactions from different terminals cannot be processed simultaneously. PayMover allows simultaneous transactions from multiple workstations.* PCCharge stores transaction history locally, including credit card information. This adds another layer of complexity to PCI Compliance. With Paymover, no credit card information is stored locally.
* PCCharge charges $129.00 anually for support. Paymover provides excellent 24/7/365 support at NO Charge
* As PCI Compliance evolves, retailers will continually need to pay for upgrades to PCCharge. PPI does not charge for Paymover upgrades.
* Paymover supports Terminal Services...PCCharge does not.
* PPI supports both US and Canadian Pin Debit.
* PCCharge charges extra fees per workstation. Paymover can be run on an unlimited number of terminals at no extra charge.
* With PPI, There is an optional comprehensive service that offers your business complete PCI DDS compliance. With this service you are eligible to be reimbursed up to $150,000 for forensic reviews, fines and card re-issuance costs resulting from a card data breach.
Will my current pin debit device work with PayMover (United States)?
No, you need a pin debit device supplied by PPI that is injected with the correct encryption. Pin pads should be ordered directly from PPI. The current price is $110.00.
Does PayMover work with Canadian Pin Debit?
Yes, we are in the process of obtaining a pin debit device for testing. Once we receive the device AIMsi needs to be certified by Global Payment Systems of Canada. We expect this to be completed soon. Canadian pin debit will only be supported with PayMover. PCCharge cannot be used for Canadian pin debit. Canadian stores can go ahead and upgrade to v9.0 and install pin debit when it is ready.
What is the charge for an encrypted swipe?
PPI will supply the encrypted swipes and they charge $100.00 for each swipe. Encrypted swipes should be ordered directly from PPI.
Do I need to use an encrypted swipe?
No, AIMsi can communicate with PayMover using either an encrypted swipe or your existing un-encrypted swipe. Both Tri-Tech and PPI recommend that you use encrypted swipes because they provide an extra layer of security. If you are using PCCHarge, you cannot use an encrypted swipe, you must use an un-encrypted swipe.
What type of swipes do I need to use with the Pin Pad?
If you are using a pin pad you will need an un-encrypted swipe. This is because the pin pad needs to receive the card number in the clear. If you want the extra layer of security for credit card transactions, you would have an un-encrypted swipe for debit transactions and an encrypted swipe for credit card transactions. You can connect both to the computer at the same time. The encrypted swipe has a picture of a padlock on it, so it is easy to tell the difference between the two swipes.
