Direct Debit service
The Direct Debit Service from PayPoint is a feature rich platform for managing all Direct Debit capabilities, including mandate set up through 8 different channels. Rich reporting gives you insight into customer behaviour, and full customer communications are included.
- Feature rich platform which is flexible to fit your needs
- Call centre portal to view and manage direct debits
- Unlimited user access to portal, can be accessed 24/7
- Make credits back to customer accounts
- Access to BACS files, immediate processing against payer records
- Ability to generate branded customer communications via letter or email
- Extended Reporting
- Sophisticated integration tool allows seamless processing through existing systems
- 8 Different Channels for setting up Direct Debit Mandates
- Software As A Service
- Efficiency savings, seamlessly fits into your business
- Cost savings with automation, electronic customer communications and direct refunds
- Reduced arrears with re-attempts of previously failed payments
- Enhanced cashflow management
- Full Bacs compliance
- Cloud based solution so nothing managed on your IT platforms
- Easy to use screens make training easy
- Advanced reporting gives greater customer behaviour insight
- Rapid Set Up Process for easy administration
- Support from a Market Leading Finance Business
£0.05 to £0.25 per transaction
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||The PayPoint service is available 24/7 and we operate a full disaster recovery facility to provide complete service resilience. In the event we do carry out system maintenance, we provide our clients with notice and schedule overnight to ensure minimal disruption.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Depending on the severity of the question. Responses can be handled immediately. At weekends, only severity 1 questions will be handled immediately.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||The PayPoint Client Management team are available 9 to 5:30 Monday to Friday. Outside of core hours, we maintain an operational contact centre that is available 24/7 to deal with any urgent issues.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||PayPoint's Client Implementation team will work with you to develop, test and implement the services. We will provide you with specifications and user documents and we will help you to complete a questionnaire which details your requirements. Once developed, we provide full end to end testing and implement upon your acceptance. When the service is live you will be introduced to the Client Services team who will manage any day to day issues or questions you may have.|
|End-of-contract data extraction||Transaction data is provided daily up to the day the contract ends. Any client data will be returned at the end of the contract.|
|End-of-contract process||In the event the buyer transfers to another supplier, PayPoint will help to ensure a smooth transition. There would be no additional costs.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The mobile user journey for setting up direct debit mandates can be either through mobile enabled sites or directly through APIs from your own apps.|
|Description of service interface||
The interface is an easy to use interface that allows user to set up and maintain customers and direct debit mandates.
There is required BACS reporting, and additional insight reporting available through the platform.
The interface makes it easy for any organisation to manage their Direct Debits.
|Accessibility standards||None or don’t know|
|Description of accessibility||
Set up new direct debit mandates
Manage existing direct debit mandates
Search for customer Direct Debits
Create new schedules
Review BACS reports
Run tailored insight reports.
|Accessibility testing||This has not been tested but our excellent coding standards mean that the interface should be compatible with screen readers.|
|What users can and can't do using the API||
PayPoint have made available direct APIs in order to facilitate the payment, and removing the need for clients to be PCI compliant if required.
All PayPoint channels are built on a common set of RESTful APIs. These APIs are now being offered to clients to allow them to build their own channel apps or integrate into existing ones.
PayPoint offers a full user journey scoping service, advising on the best APIs to use to achieve maximum user satisfaction.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
PayPoint can provide buyers with a range of customisation within Direct Debit
Our Hosted Mandate Page can be fully branded and be compliant with BACS.
Bank Modulus checks and Postcode checks are included
APIs allow full customer user journey control.
Our Client Implementation team will work with you during the set up process to customise the service to your requirements.
|Independence of resources||PayPoint operates a 24/7 real time on-line system, supported by dual data centres to ensure full service availability at all times. Across all payment channels, PayPoint has an enviable track record of near total up-time, meeting industry best standards and this extends to resilience in the event of major service problems. During peak periods, PayPoint processes over 10 million transactions a week.|
|Service usage metrics||Yes|
As well as providing a daily batch transaction file (csv format), PayPoint provide an online dashboard so buyers can see Direct Debit Transactions.
In addition to all Mandatory BACS reporting, reporting is available on customer behaviour and insights.
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||Data is held in a private subnet which is only accessible via a VPN; bank data is encrypted and not visible in plain text.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
PayPoint provide clients with daily transaction files which contain details of all transactions processed the previous day.
All Reports are also available to download via the Direct Debit Client Portal
|Data export formats||
|Other data export formats||Excel|
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
SLA = 99.99% availability
Users are refunded via bet invoicing methods.
|Approach to resilience||Regular monitoring. The service is based in Dublin Ireland and is mirrored in three data centres which are on separate power and telecoms networks. If one becomes unavailable, it switches to one of the other two to maintain availability. We also hold a separate copy of the data in London and this can be deployed and running in one hour.|
|Outage reporting||Email and system notifications to authorised Users. Any outages are reviewed at a management meeting monthly.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Any access to our interfaces requires the end user to enter their Username and Password.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ISO 27001:2013 SOCOTEC - Certification International|
|ISO/IEC 27001 accreditation date||12/07/2018|
|What the ISO/IEC 27001 doesn’t cover||Nothing - All systems, premises, software applications, business processes and operations are covered.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Securious Ltd (Cardstream)|
|PCI DSS accreditation date||31/08/2018|
|What the PCI DSS doesn’t cover||N/A|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
PayPoint has a documented Group Information Security Policy and Security Policy Framework both compliant with ISO27001:2013. These are supported by a suite of other policies and procedures published for staff on our Intranet. Examples include anti-virus protection, vulnerability management, internet and e-mail use, staff training, risk management and incident reporting.
We ensure compliance to these policies by implementing our own internal audit system, employing third party auditors to target specific areas of governance and we are subject to registration visits twice per year for ISO27001:2013, once per year for PCI DSS and a number of audits for LINK compliance. All staff including contractors are expected to complete an information security induction when they begin at PayPoint and all staff are given refresher training once per year. In 2018 all staff have also been expected to complete both GDPR and DPA training on our new learning management system. The company has established a Cyber Security Sub-Committee and the board actively participate in both strategic risk reviews and incident exercises.
PayPoint has a Risk and Compliance team comprising of a Head of Risk and Compliance, a Risk and Compliance Manager, a Fraud and Police Investigations Officer and a Technical Security Analyst.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||PayPoint has a documented change management procedure. Development and production environments and staff are segregated. There is a weekly change review board that must approve any change before it is deployed to production. There is a facility for emergency changes to be released but this requires senior IT Management approval. PayPoint has dedicated project managers, a dedicated configuration manager and a documents software development process. In production, change managers have oversight of product deployments. Every weekday there is a meeting on the operations bridge to review all technical incidents changes and business in hand.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||PWe employ a third party NCC (formerly CESG) CHECK vendor to independently test our security/vulnerability. This comprises daily delta testing, quarterly vulnerability testing and annual penetration testing. Reports are received as soon as available and work to correct issues found is prioritised based on risk.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
There is a daily bridge review of all risks and incidents which is internally escalated and reviewed.
We also employ a third party NCC (formerly CESG) CHECK vendor to independently test our security/vulnerability. This comprises daily delta testing, quarterly vulnerability testing and annual penetration testing. Reports are received as soon as available and work to correct issues found is prioritised based on risk.
|Incident management type||Supplier-defined controls|
|Incident management approach||PayPoint is registered for ISO27001 and is PCI compliant. In the event of an incident, we will notify our clients via e-mail. If Users identify an incident, they should contact their Account Manager or the Operations bridge if outside core hours. PayPoint provide incident reports via e-mail where appropriate.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.05 to £0.25 per transaction|
|Discount for educational organisations||Yes|
|Free trial available||No|