paygate
paygate
paygate is a feature-rich payment platform that works with any ERP, Payroll or accounting system to manage all your Bacs payments, Faster Payments and Direct Debit collections. Driving payment efficiency by reducing time, cutting costs and eliminating risk from one robust, ultra-secure solution.
Features
- Secure cloud solution with replication between multiple instances in AWS
- Support for Bacs Direct Credits, Direct Debits & Faster Payments
- Support for Direct, Indirect & Bureau payment submissions
- Expert support provided by a highly experienced UK team
- Compatible with any ERP system or accounting package
- Customisable workflows to suit your unique business sign-off processes
- Intuitive user-friendly interfaces with context-sensitive help
- Consolidate multiple bank accounts across multiple banks
- Secure alternatives to smartcards using two-factor authentication
- Audit friendly - retains a digital audit trail of actions
Benefits
- Stay up-to-date – navigate regulatory change and access new features
- Built-in disaster recovery aids contingency planning
- No transaction charges means predictable costs as your business grows
- Check and validate data at multiple stages to ensure accuracy
- Avoid non-compliance risk with rock solid reporting
- Demonstrate evidenced monitoring with full audit trails
- Manage and simplify complexity with easy process automation
- Set rules, policies and limits to ensure accurate processing
- Facilitate supremely secure mobile and flexible working
- Manage spend and ROI with modular components
Pricing
£1,750 an instance a year
Service documents
Framework
G-Cloud 12
Service ID
1 7 5 8 5 0 9 4 5 5 5 9 4 1 9
Contact
paygate
Sales Team
Telephone: 01462 482 333
Email: sales@paygate.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- ERP, CRM, Payroll, Finance and Accounting Packages - any source system that generates input data for your payments (Credits, Debits, DDIs etc)
- Cloud deployment model
- Hybrid cloud
- Service constraints
- Planned maintenance to the service is undertaken outside of standard business hours and Bacs processing times. Customers are advised in advance and service interruptions are kept to a minimum.
- System requirements
-
- Any mainstream browser can be used for access
- Internet Explorer required if using smartcards for signing
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- For Priority 1 issues our standard SLA is to respond within 1 business hour. For lower priority issues, in practice most email tickets are responded to within 2 hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
As standard you are given a dedicated account manager as your key point of contact. For any technical issues, our customer support team are also available to you within your contracted support hours, for which we provide two levels:
- Standard Support, provided by default, covers Monday to Friday (excluding UK bank holidays) from 0900-1700 (UK time)
- Enhanced Support, provided at an additional cost, covers Monday to Friday (excluding UK bank holidays) from 0900-2100 (UK time)
Pricing for Enhanced Support is included on our price list.
Remote support is provided by default, should a technical support engineer be required to visit your site directly, this would be chargeable as per our price list. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
A dedicated account manager is assigned for each customer, and contact details of our support team provided as part of onboarding.
Full training on the use of paygate is provided. This includes checks on all the users that have been configured for the customer – including access rights, permissions and how the user can create, process and approve payments - as well as test submissions using the customer's service user numbers and file formats. An extensive online help library is also available within paygate, and our support team are on hand to answer telephone and email queries, or to provide additional training if requested. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
-
Users can access, view and download reports and data relating to each individual submission that has historically been processed through paygate. Reports can also be run and downloaded to show all data held against an individual bank account and sortcode.
Users can access, view and download system configuration reports that set out how groups, users and user roles have been configured within paygate.
Users can run and download audit logs that show what and when system changes were made by whom.
Any files that remain unprocessed within the platform can be downloaded. - End-of-contract process
- At the end of the contract, the customer's access to paygate is revoked with all user profiles disabled. Customers can export any required data direct from the application.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- Description of service interface
- Paygate is accessed via a browser. Users log in to perform desired functions by selecting options from menus and shortcuts. An action list allows quick access to key items that require the attention of the user. Intuitive screens and prompts guide users through required steps and alert them to items that require action.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The design of paygate is such that all efforts have been made to ensure the software is accessible. There is no audio/video only content, non-text content is minimal and always has a text alternative to ensure understanding. Information is presented in a structural and sequential manner on clearly titled pages/sections so that the process to be followed can easily be inferred. Colour is not used as a sole means of conveying information or as a prompt for action, and there is no flashing/scrolling content.
- Accessibility testing
- Our standard testing process as part of software development always ensures that logical and commonsense processes and design elements are used - our focus is always on clarity and ease of use rather than on graphical design for it's own purpose. The accessibility as described above is covered as part of this common testing process.
- API
- Yes
- What users can and can't do using the API
- APIs exist across the product and the scope and range of these is expanding all the time. Please contact us to discuss your requirements more fully so that we can best advise you on what APIs can be used.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Paygate includes powerful file mapping tools so that it will work with any input files (from your CRM/ERP etc) that you are using. Business Process Automation options also allow workflows to be created and customised to suit your ways of working and drive increase efficiency. Whether that is enabling lights-out submission to Bacs, downloading and transforming reports, or simply manipulating and moving files before emailing users.
Scaling
- Independence of resources
- Overall volume of activity and available capacity is monitored 24x7 to ensure system resources are reviewed and enhanced accordingly.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Transaction reports, Submission reports, Collection reports, Audit reports, Workflow reports
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Reports and summaries held in paygate can be viewed and downloaded at any time if a user has the relevant access permissions assigned to them (control of these permissions is under the remit of the customer).
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- HTML
- XLSX
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- We can work with any input data format
- Bacs Standard18
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
-
SSH for SFTP
Optional AES256 data encryption for file upload - Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
SSH for SFTP
AES256 data encryption for all data
Availability and resilience
- Guaranteed availability
- We offer at least a 99.5% uptime availability in a given month - with a credit given for each full hour that paygate is unavailable.
- Approach to resilience
- Paygate employs full data replication and resilience across multiple instances in high availability mode. Further details are available upon request.
- Outage reporting
- In the event of an outage, we would automatically transfer connection to our secondary instance, and advise customers by email or telephone as required. There is a portal that you can subscribe to for scheduled maintenance windows and this same portal can also alert subscribed users to any messages via email / slack messaging etc.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- Only our dedicated and security cleared support team are given access, via a separate and secure network, to the live customer platform. This access is controlled by username/password as well as two factor authentication, and audit logs of who is accessing the live platform and the activities being undertaken are recorded, stored and reviewed regularly.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials Plus
- Bacs Approved Software Supplier
- Bacs Approved Bureau
- Bacs Approved Software Supplier to Bureaux
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
- We operate an Information Security policy that protects all our owned and 3rd party owned Information Assets (including people, data, media, devices or systems) which are transferred to our care. We also adhere to our responsibilities to protect Information and Personal Data through our own systems or via 3rd party providers. We maintain a number of further policies and procedures such as an Acceptable Use policy, Access Control policy, Change Management policy, Disaster Recovery policy & a Business Continuity policy, and ensure that all employees are aware of their responsibilities and comply with the policy aims through training and regular awareness of the policies as well as any updates or changes.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All changes are fully tested and released under a prescribed change management process. The process identifies changes that are required, ensures agreement on the changes from stakeholders, tracks the progress of the changes centrally, ensures full testing of the changes, delivers the changes, and updates all documentation with the changes.
This approach ensures that all changes are implemented in an organised manner, ensures that no unnecessary changes are made, and ensures that all changes are properly considered for the impact and benefit that they will have. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We maintain a internal vulnerability management policy that includes regular vulnerability scanning and assessments and audits of all infrastructure and devices to identify, assess and remediate any technical vulnerabilities as soon as they are identified. We maintain an approved software list. Our patch management process ensures that security updates and patches are implemented as required. We undertake regular penetration tests that are performed by accredited third parties.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Monitoring is in place 24x7x365 to ensure that our services are constantly assessed and reviewed to monitor for any potential threats or attacks. We utilise IDS, use PRTG, firewalls and real-time monitoring through a 24x7 NOC/SOC. If any potential impacts are identified then action is taken immediately to analyse, identify and implement corrective and preventative actions.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Through 24x7 monitoring, our incident management process ensures that as soon as an incident is detected and alerts are generated, action is taken immediately to analyse, identify and implement corrective and preventative actions, updating customers and implementing a disaster recovery plan if required. Users can report incidents directly to our service team as required. Customers would be kept updated, and incident reports would be issued as required after our root cause analysis, and corrective actions have been completed.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £1,750 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No