i-movo

CashOUT & PayIN: cash payments & cheque-replacement

i-movo uses existing payment methods to process ‘secure digital vouchers’. An example is ‘CashOUT’ where vouchers are distributed using any physical or digital media and redeemed for cash at up 62,000 UK retail locations. The service also allow vouchers to be deposited into bank accounts using the PayIN service.

Features

  • Digital creation and distribution of payment voucher codes
  • Validation at 62,000 UK retail locations for secure cash collection
  • Option to remit payments to bank account as cheque alternative
  • Real-time reporting of voucher issue, redemption and cancellation
  • Intuitive data visualisation dashboards for enhanced reporting
  • SMS, email, post or card distribution, no bank account required
  • Proven service working with central government and 109 local authorities
  • Recurring payments: send scheduled payments automatically
  • Proven service used extensively by government, utilities & finance
  • Option to remit payments to bank account as cheque alternative

Benefits

  • Instant distribution of payments by digital means (SMS or email)
  • Highly convenient for customers to collect cash
  • Customers may also pay vouchers into bank accounts
  • Uses existing cash in retailer tills
  • Voucher processed using existing retail systems
  • Minimises use of customer data to aid GDPR compliance
  • Prevents fraud through real time validation in-store
  • Fully digital service is good for the environment
  • Reduces retailers banking charges
  • Circulates cash in the local economy

Pricing

£0.55 to £0.90 per unit

Service documents

G-Cloud 11

418875046990858

i-movo

David Tymm

02079602570

david.tymm@i-movo.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Access to the service is available 24/7 but planned maintenance may involve downtime. Planned maintenance is scheduled at 6-week intervals, is scheduled between 2am and 4am on Sundays and will not exceed 0.05% of total uptime duration over a year.
System requirements
  • The service is accessed using any internet browser
  • Access is permitted from known, non-shared IP addresses only

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Initial response will be within 24 hours Monday to Friday and during Monday for all requested received from 17:30 Friday until 23:59 on Sunday.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Full support is included as part of the standard contract at no extra cost. A technical account manager is provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Train-the-trainer training takes place online, in led webinars. Documentation is also provided.
Service documentation No
End-of-contract data extraction Data is returned to users securely e.g. encrypted and sent over SFTP, and the original data is destroyed and certified.
End-of-contract process Included in the contract at contract end: access to the service is blocked for all users and IP addresses and a financial reconciliation is undertaken. 2FA fobs are returned by post.

No additional costs are incurred.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Service will work on a mobile device with a touchscreen, but there is no mobile-specific formatting.
API Yes
What users can and can't do using the API Using the API, users CAN: Request & Send Voucher; Amend Vouchers; Cancel Vouchers; View Voucher Status; Accept Voucher Redemption Notifications; View Individual Voucher History. Using the API, users CANNOT: Create campaigns; Create or run reports
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation • Voucher & email designs are created bespoke for clients at prices stated on Rate Card

• Payment card & fulfillment service available subject to specification and further quotation

• Data visualisation dashboards can be created to clients specifications as stated in the Service Definition document. Such dashboards can be build to integrate data not originating from the i-movo System. Further details on request.

• i-movo perform all customisations in response to clients written brief and supply of brand assets

Scaling

Scaling
Independence of resources Our service employs Microsoft Azure services set to auto-scale on demand. The burden placed on the Service by each user is however very low so contention is extremely unlikely. Monitoring Services are also employed which send warnings to Administrators when thresholds are reached.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service Usage reports are built-in to the Service, alongside voucher request and redemption reports.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Within the Service, users export reports they are viewing as a CSV file to their computer.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel (any version)
  • BACS / FPS payment files

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Uptime is guaranteed at 99.95% which includes planned maintenance. No penalty clauses exist in the contract.
Approach to resilience Available on request.
Outage reporting Service outages would be reported to clients by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels The Service provides for different roles e.g. Supervisor, Operative and Finance, each of which has access only to screens relevant to their role.
Access restriction testing frequency Never
Management access authentication Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Hosted in CSA CCM, ISO 27001- and PCI-compliant service

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials Certification
Information security policies and processes As per our Cyber Essentials certification, security policies are enshrined in all Employee Contracts which all employees must read and sign when joining. Any issues/risks reported are fed through Line Managers to the COO for handling.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Azure DevOps is employed for building and tracking changes to components through their lifetime, that process enforces reviews from peers and management to assess potential security impacts.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our services operate on the Microsoft Azure platform which is CSA CCM compliant. Microsoft automatically sends alerts about potential threats. We use serverless code so there is no Operating system that would require patching; patches to our own service can be deployed same day if the threat is grave enough.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Full auditing, to the Government's ATAS2 standard, is recorded and the data made available to the client automatically. Incidents are examined and remedied according to the Incident Management process defined in Employee handbooks.
Incident management type Supplier-defined controls
Incident management approach Procedures for incident management of the Service are detailed in Employee Contracts, including incident reporting.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.55 to £0.90 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑