paygate

paygate

paygate is a feature-rich payment platform that works with any ERP, Payroll or accounting system to manage all your Bacs payments, Faster Payments and Direct Debit collections. Driving payment efficiency by reducing time, cutting costs and eliminating risk from one robust, ultra-secure solution.

Features

  • Secure cloud solution across two UK Tier 3 datacentres
  • Support for Bacs Direct Credits, Direct Debits & Faster Payments
  • Support for Direct, Indirect & Bureau payment submissions
  • Expert support provided by a highly experienced UK team
  • Compatible with any ERP system or accounting package
  • Customisable workflows to suit your unique business sign-off processes
  • Intuitive user-friendly interfaces with context-sensitive help
  • Consolidate multiple bank accounts across multiple banks
  • Secure alternatives to smartcards using two-factor authentication
  • Audit friendly - retains a digital audit trail of actions

Benefits

  • Stay up-to-date – navigate regulatory change and access new features
  • Built-in disaster recovery aids contingency planning
  • No transaction charges means predictable costs as your business grows
  • Check and validate data at multiple stages to ensure accuracy
  • Avoid non-compliance risk with rock solid reporting
  • Demonstrate evidenced monitoring with full audit trails
  • Manage and simplify complexity with easy process automation
  • Set rules, policies and limits to ensure accurate processing
  • Facilitate supremely secure mobile and flexible working
  • Manage spend and ROI with modular components

Pricing

£250 per unit per month

Service documents

Framework

G-Cloud 11

Service ID

4 8 6 8 3 0 8 0 2 3 2 6 8 0 3

Contact

paygate

Sales Team

01462 482 333

sales@paygate.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to ERP, CRM, Payroll, Finance and Accounting Packages - any source system that generates input data for your payments (Credits, Debits, DDIs etc)
Cloud deployment model Private cloud
Service constraints Planned maintenance to the service is undertaken outside of standard business hours and Bacs processing times. Customers are advised in advance and service interruptions are kept to a minimum.
System requirements
  • Any mainstream browser can be used for access
  • Internet Explorer required if using smartcards for signing

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For Priority 1 issues our standard SLA is to respond within 1 business hour. In practice most email tickets are responded to within 2 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels As standard you are given a dedicated account manager as your key point of contact. For any technical issues, our customer support team are also available to you within your contracted support hours, for which we provide two levels:

- Standard Support, provided by default, covers Monday to Friday (excluding UK bank holidays) from 0900-1700 (UK time)
- Enhanced Support, provided at an additional cost, covers Monday to Friday (excluding UK bank holidays) from 0900-2100 (UK time)

Pricing for Enhanced Support is included on our price list.

Remote support is provided by default, should a technical support engineer be required to visit your site directly, this would be chargeable as per our price list.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A dedicated account manager is assigned for each customer, and contact details of our support team provided as part of onboarding.

Full training on the use of PayGate is provided. This includes checks on all the users that have been configured for the customer – including access rights, permissions and how the user can create, process and approve payments - as well as test submissions using the customer's service user numbers and file formats. An extensive online help library is also available within PayGate, and our support team are on hand to answer telephone and email queries, or to provide additional training if requested.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Users can access, view and download reports and data relating to each individual submission that has historically been processed through PayGate. Reports can also be run and downloaded to show all data held against an individual bank account and sortcode.

Users can access, view and download system configuration reports that set out how groups, users and user roles have been configured within PayGate.

Users can run and download audit logs that show what and when system changes were made by whom.

Any files that remain unprocessed within the platform can be downloaded.
End-of-contract process At the end of the contract, the customer's access to PayGate is revoked with all user profiles disabled. Customers can export any required data direct from the application.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface PayGate is accessed via a browser. Users log in to perform desired functions by selecting options from menus and shortcuts. An action list allows quick access to key items that require the attention of the user. Intuitive screens and prompts guide users through required steps and alert them to items that require action.
Accessibility standards None or don’t know
Description of accessibility The design of PayGate is such that all efforts have been made to ensure the software is accessible. There is no audio/video only content, non-text content is minimal and always has a text alternative to ensure understanding. Information is presented in a structural and sequential manner on clearly titled pages/sections so that the process to be followed can easily be inferred. Colour is not used as a sole means of conveying information or as a prompt for action, and there is no flashing/scrolling content.
Accessibility testing Our standard testing process as part of software development always ensures that logical and commonsense processes and design elements are used - our focus is always on clarity and ease of use rather than on graphical design for it's own purpose. The accessibility as described above is covered as part of this common testing process.
API Yes
What users can and can't do using the API APIs exist across the product and the scope and range of these is expanding all the time. Please contact us to discuss your requirements more fully so that we can best advise you on what APIs can be used.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation PayGate includes powerful file mapping tools so that it will work with any input files (from your CRM/ERP etc) that you are using. Business Process Automation options also allow workflows to be created and customised to suit your ways of working and drive increase efficiency. Whether that is enabling lights-out submission to Bacs, downloading and transforming reports, or simply manipulating and moving files before emailing users.

Scaling

Scaling
Independence of resources Overall volume of activity and available capacity is monitored 24x7 to ensure system resources are reviewed and enhanced accordingly.

Analytics

Analytics
Service usage metrics Yes
Metrics types Transaction reports, Submission reports, Collection reports, Audit reports, Workflow reports
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reports and summaries held in PayGate can be viewed and downloaded at any time if a user has the relevant access permissions assigned to them (control of these permissions is under the remit of the customer).
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • HTML
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • We can work with any input data format
  • Bacs Standard18

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks SSH for SFTP
Optional AES256 data encryption for file upload
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network SSH for SFTP
AES256 data encryption for all data

Availability and resilience

Availability and resilience
Guaranteed availability We offer at least a 99.5% uptime availability in a given month - with a credit given for each full hour that PayGate is unavailable.
Approach to resilience We utilise two geographically diverse UK tier 3 datacentres, with full data replication and resilience across both sites in high availability mode. Further details are available upon request.
Outage reporting In the event of an outage, we would automatically transfer connection to our secondary data centre, and advise customers by email or telephone as required.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Only our dedicated and security cleared support team are given access, via a separate and secure network, to the live customer platform. This access is controlled by username/password as well as two factor authentication, and audit logs of who is accessing the live platform and the activities being undertaken are recorded, stored and reviewed regularly.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Plus
  • Bacs Approved Software Supplier
  • Bacs Approved Bureau
  • Bacs Approved Software Supplier to Bureaux

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes We operate an Information Security policy that protects all our owned and 3rd party owned Information Assets (including people, data, media, devices or systems) which are transferred to our care. We also adhere to our responsibilities to protect Information and Personal Data through our own systems or via 3rd party providers. We maintain a number of further policies and procedures such as an Acceptable Use policy, Access Control policy, Change Management policy, Disaster Recovery policy & a Business Continuity policy, and ensure that all employees are aware of their responsibilities and comply with the policy aims through training and regular awareness of the policies as well as any updates or changes.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes are fully tested and released under a prescribed change management process. The process identifies changes that are required, ensures agreement on the changes from stakeholders, tracks the progress of the changes centrally, ensures full testing of the changes, delivers the changes, and updates all documentation with the changes.

This approach ensures that all changes are implemented in an organised manner, ensures that no unnecessary changes are made, and ensures that all changes are properly considered for the impact and benefit that they will have.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We maintain a internal vulnerability management policy that includes regular vulnerability scanning and assessments and audits of all infrastructure and devices to identify, assess and remediate any technical vulnerabilities as soon as they are identified. We maintain an approved software list. Our patch management process ensures that security updates and patches are implemented as required. We undertake regular penetration tests that are performed by accredited third parties.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Monitoring is in place 24x7x365 to ensure that our services are constantly assessed and reviewed to monitor for any potential threats or attacks. We utilise IDS, use PRTG, firewalls and real-time monitoring through a 24x7 NOC/SOC. If any potential impacts are identified then action is taken immediately to analyse, identify and implement corrective and preventative actions.
Incident management type Supplier-defined controls
Incident management approach Through 24x7 monitoring, our incident management process ensures that as soon as an incident is detected and alerts are generated, action is taken immediately to analyse, identify and implement corrective and preventative actions, updating customers and implementing a disaster recovery plan if required. Users can report incidents directly to our service team as required. Customers would be kept updated, and incident reports would be issued as required after our root cause analysis, and corrective actions have been completed.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £250 per unit per month
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑