PURPOSE: This article provides an overview of the main stages and considerations before an APEXX implementation.



TABLE OF CONTENTS





1. What are the stages of an APEXX Implementation?


An implementation project with APEXX consist of the following phases:


1. Sign contract and fulfil legal prerequisites

2. Project kick-off

3. Meet compliance requirements

4. Integrate merchant application

5. Sandbox setup and testing

6. Production setup and testing

7. Train users and go live

8. Post-live support


A breakdown of tasks for each area of responsibility can be found in attached sample implementation plan. Please note that this is for guidance only and will vary according to individual merchants' requirements.


Merchants will be assigned a dedicated implementation consultant to support them throughout the project.


2. Do I need to be PCI compliant to be accepted as a merchant by APEXX?



The PCI Security Standards Council describes the scope of PCI DSS Requirements as follows:


"The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data."


APEXX will discuss with you how much access to and control over your customers' cardholder data you expect. We will then request the compliance document that is applicable to that level of control (SAQ/ROC/AOC) from you.


The reason we require merchants to demonstrate that they are compliant is that any non-compliant system within the cardholder data environment puts the entire CDE at risk.


 NOTE 

You will be able to review your individual situation with your APEXX Implementations Manager to understand the documentation and compliance requirements applicable to your specific merchant environment.




3. How long does an APEXX implementation normally take?

The duration of an implementation project is influenced by numerous factors, including


  • Merchant's own priorities and deadlines
  • Complexity and extent of compliance requirements
  • Whether the merchant is introducing a new acquirer/PSP at the same time
  • Size and complexity of of the merchant organisation
  • Whether the integration is direct (merchant collecting card data) or indirect (payment page hosted by APEXX)
  • Number of payment types to be integrated
  • Availability of the merchant's own development team to carry out integration and testing work


Your Implementation Manager will create a project plan with timelines reflecting your specific requirements. This will be kept under constant review during the implementation.