Britannic Technologies

PCI Payment System - DTMF masking

Cloud Firewall technology auto-mutes calls when rfc2833 compliant DTMF is detected to securely capture payment card details during a live call when speaking with an agent and de-scopes the telephony environment from PCI DSS for payments. This certified PCI DSS Level 1 solution enables call recording compliance and IVR integration.

Features

  • PCI-DSS compliant payments via phone and IVR solution options
  • DTMF tones are supressed – agent hears only single tone
  • Agent visibility at all verification stages
  • Ability to re-key on incorrect card details
  • Automated Payments – no business process change
  • No integration software is required to work with our solution
  • Optional CRM Integration, automatically populate from CRM or sales form
  • Integration to client’s PSP , multiple gateways per merchant ID
  • IVR Integration – no separate payment lines
  • No calls terminated reconnected; allowing bundled, threshold packages to remain

Benefits

  • De-scopes Business Environment ensures PCI/GDPR compliance
  • Ensures that cardholder data is protected, with no call breaks
  • Increases end user experience with simple verification
  • All payments can be dealt with through a single portal
  • Highly resilient and scalable
  • No change of telecoms system/Dialler/IVR/SIP Provider/CRM/PSP or Recording Solution
  • Automatically pull in end-user data reducing average call handling time
  • You can quickly become PCI compliant
  • Any agreement with 08/03 providers will not be affected
  • Flexible, Disaster/Business Recovery as standard

Pricing

£10 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jsharp@btlnet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 5 1 9 5 2 4 8 2 3 3 4 7 2 9

Contact

Britannic Technologies Jonathan Sharp
Telephone: 01483242554
Email: jsharp@btlnet.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
N/A
System requirements
None. Fully managed solution

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via Britannic's website
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
All inclusive 24/7 365 support is provided.

Additionally a dedicated, named account manager is made available to all clients to ensure that they continue to receive the very best of service from Britannic.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Throughout the process, a named Project Manager will be assigned to each client to manage the implementation process in line with PRINCE2 methodology. This will follow an initial meeting with the client, the Britannic Project Manager and the Britannic Account Manager. As part of the project initiation a brief questionnaire will be completed that captures all key information relating to the DTMF masking solution and the client environment. A period of User Acceptance Testing will commence for an agreed period of up to seven (7) business days period. Once live, the service will go through the Early Life Support and then to the Operations team for Business as Usual support in line with the agreed SLAs.
Onsite training, online training and user documentation will be provided.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
If requested, we will work with each client to ensure the extraction/deletion of data when the contact ends.
End-of-contract process
At the end of the contract the client can continue to use the service (contract extension) or terminate use accordingly. There are no financial penalties or costs to terminate contract at end of agreed term or extend beyond initial term, commencing a new term, which triggers monthly service charge and transactions charges accordingly.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference noted. Service works on all platforms. Only difference is amount of real estate utilised.
Service interface
Yes
Description of service interface
There is a dashboard which provides reporting, analytics & access to conversations
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Date/Time
CLI/DDI
Agent/Department/Company Name/Number/Identification
Order/Transaction Number
CRM/PSP Integration
PSP Transaction Number
Accept / Decline Detail
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The landing page and any subsequent pages can be specifically customised to the client, team or company utilising the RevoPCI solution.

Scaling

Independence of resources
Our solution is constantly monitored through industry standard tools to ensure that the cloud platform scales to customer demand. The service offered has unrestricted scalability, so whether on a few SIP channels or thousands, we can accommodate all without impacting on demand.
For clients wishing to use their own SIP services in conjunction with the Britannic DTMF masking solution, direct interconnects will be provided with sufficient headroom to allow for growth.
For ease of access, clients wishing to bring their own trunks (BYOT) are readily accommodated, with no need to terminate, parallel or introduce further costs on new SIP services

Analytics

Service usage metrics
Yes
Metrics types
Yes – however, only as noted below (see Reporting Types below) We retain no specific real-time or historic information, as this negates the secure nature of the solution. However, we do log number of times the payment portal has been opened vs. time-zones/days/week/month. All other historical information on payments, success/failure rates, etc., can be accessed from your respective payment service provider portal. Agent statistics can still be provided via your telephone systems.
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Atmoso

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
CSV
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We retain statistics of 100% uptime, with 99.9995% availability for the DTMF Masking solution. All faults are classed as Priority 1.
Approach to resilience
The Britannic cloud DTMF Masking solution has full redundancy across multiple geographically diverse data centres for all aspects of the services for suppressing payment DTMF tones on inbound and outbound customer calls. This provides a 100.00% uptime availability including downtime required for planned upgrades and maintenance. The data centres used to provide this service are all ISO 27001 certified and offer a 24/7/365 service.
Outage reporting
Email alerts. All outages carry a Reason For Outage (RFO) response

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
All management interfaces are locked down, with only Atmoso personnel with access rights, in line with the rigid PCI Security Council accreditation.
Access restriction testing frequency
At least every 6 months
Management access authentication
Other
Description of management access authentication
Not required, as locked down application

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
08/04/2014
What the ISO/IEC 27001 doesn’t cover
Third party suppliers who do not directly impact the BTL Information Security
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
PCI Security Council nominated QSA Official – ProCheckUp
PCI DSS accreditation date
02/08/2019
What the PCI DSS doesn’t cover
Britannic and the RevoPCI solution is directly PCI-DSS compliant and is a Level 1-certifiedPayment Service Provider and Payment Facilitator.
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • ISO9001 (Quality Management)
  • ISO22301 (Business Continuity)
  • FCA approved
  • MasterCard and Visa accreditation
  • GDPR compliant

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Britannic Technologies Information Security is supported by ISMS framework of approved, communicated and published policies and procedures that includes all legal, physical and technical controls. Britannic Information Security Policy as well as all other ISMS policies and procedures apply to all Britannic employees, while 3rd party management is governed by Britannic 3rd Party Information Security Compliance Policy and annual suppliers’ reviews. Our management processes have been aligned to ISO/IEC 27001 and include (but are not limited to): Network Management, IT, Operations Security, Projects, Access Control, Suppliers Management, Asset Management, Human Resources Security. Due to evolving nature of information security, all Britannic management processes are frequently reviewed to ensure Britannic Technologies remains in compliance with relevant legal and regulatory requirements of ISO/IEC 27001 and guidelines of ISO/IEC 27002. All ISMS Policies and Procedures have been approved by Britannic Managing Director and Information Security Management Forum, made up of members of the Senior Management Team. Britannic Information Security Management Forum carries an annual review of Information Security Policies and Procedures which can be also reviewed at other times as dictated by operational needs.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any change requests are recorded through the service desk, logged and tracked - time bound. We then review change requests through our change management process. These are reviewed for a range of aspects, including potential security impact. All changes are recorded.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have implemented vulnerability management process fully compliant with ISO 27001:2013.
In order to identify potential threats we have:
- compiled an inventory of assets connected to our network
- identified critical systems and at-risk systems
- established timely and scheduled patch management process
- established a process ensuring programs and apps run the latest software versions
- established remediation timelines
We review and classify all vulnerabilities and associated threats on a regular basis as well as rate risks according to our stated risk categorisation and assign a remediation timeline to each risk.
We conduct a regular vulnerability testing/scanning process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Britannic Technologies have implemented protective monitoring as a part of our risk management strategy. We collect and analyse log and event data which allows us to detect and promptly alert on operational and security issues related to a wide range of compliance and risk concerns. As a result we obtain information required to allow us to respond to incidents in a timely manner and to establish sufficient internal security controls for ongoing compliance with ISO 27001:2013 requirements.
Incident management type
Supplier-defined controls
Incident management approach
We have pre-defined processes for common events in line with our ISO 9001 accreditation. Users can log tickets by phone, email or web portal. Tickets are timed from the point of being logged through to closure. Each ticket type (Minor, Major & Critical) has an SLA, we monitor ticket closure & escalation processes. We have set up automated escalation at set times depending upon each type of ticket. We provide incident reports / RFO's as applicable.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 a licence a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jsharp@btlnet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.