Britannic Technologies

PCI Payment System - DTMF masking

Cloud Firewall technology auto-mutes calls when rfc2833 compliant DTMF is detected to securely capture payment card details during a live call when speaking with an agent and de-scopes the telephony environment from PCI DSS for payments. This certified PCI DSS Level 1 solution enables call recording compliance and IVR integration.

Features

  • PCI-DSS compliant payments via phone and IVR solution options
  • DTMF tones are supressed – agent hears only single tone
  • Agent visibility at all verification stages
  • Ability to re-key on incorrect card details
  • Automated Payments – no business process change
  • No integration software is required to work with our solution
  • Optional CRM Integration, automatically populate from CRM or sales form
  • Integration to client’s PSP , multiple gateways per merchant ID
  • IVR Integration – no separate payment lines
  • No calls terminated reconnected; allowing bundled, threshold packages to remain

Benefits

  • De-scopes Business Environment ensures PCI/GDPR compliance
  • Ensures that cardholder data is protected, with no call breaks
  • Increases end user experience with simple verification
  • All payments can be dealt with through a single portal
  • Highly resilient and scalable
  • No change of telecoms system/Dialler/IVR/SIP Provider/CRM/PSP or Recording Solution
  • Automatically pull in end-user data reducing average call handling time
  • You can quickly become PCI compliant
  • Any agreement with 08/03 providers will not be affected
  • Flexible, Disaster/Business Recovery as standard

Pricing

£10 per licence per month

Service documents

G-Cloud 11

694006001073540

Britannic Technologies

Jonathan Sharp

01483242554

jsharp@btlnet.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints N/A
System requirements None. Fully managed solution

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 1 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via Britannic's website
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels All inclusive 24/7 365 support is provided.

Additionally a dedicated, named account manager is made available to all clients to ensure that they continue to receive the very best of service from Britannic.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Throughout the process, a named Project Manager will be assigned to each client to manage the implementation process in line with PRINCE2 methodology. This will follow an initial meeting with the client, the Britannic Project Manager and the Britannic Account Manager. As part of the project initiation a brief questionnaire will be completed that captures all key information relating to the DTMF masking solution and the client environment. A period of User Acceptance Testing will commence for an agreed period of up to seven (7) business days period. Once live, the service will go through the Early Life Support and then to the Operations team for Business as Usual support in line with the agreed SLAs.
Onsite training, online training and user documentation will be provided.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction If requested, we will work with each client to ensure the extraction/deletion of data when the contact ends.
End-of-contract process At the end of the contract the client can continue to use the service (contract extension) or terminate use accordingly. There are no financial penalties or costs to terminate contract at end of agreed term or extend beyond initial term, commencing a new term, which triggers monthly service charge and transactions charges accordingly.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference noted. Service works on all platforms. Only difference is amount of real estate utilised.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API Date/Time
CLI/DDI
Agent/Department/Company Name/Number/Identification
Order/Transaction Number
CRM/PSP Integration
PSP Transaction Number
Accept / Decline Detail
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The landing page and any subsequent pages can be specifically customised to the client, team or company utilising the RevoPCI solution.

Scaling

Scaling
Independence of resources Our solution is constantly monitored through industry standard tools to ensure that the cloud platform scales to customer demand. The service offered has unrestricted scalability, so whether on a few SIP channels or thousands, we can accommodate all without impacting on demand.
For clients wishing to use their own SIP services in conjunction with the Britannic DTMF masking solution, direct interconnects will be provided with sufficient headroom to allow for growth.
For ease of access, clients wishing to bring their own trunks (BYOT) are readily accommodated, with no need to terminate, parallel or introduce further costs on new SIP services

Analytics

Analytics
Service usage metrics Yes
Metrics types Yes – however, only as noted below (see Reporting Types below) We retain no specific real-time or historic information, as this negates the secure nature of the solution. However, we do log number of times the payment portal has been opened vs. time-zones/days/week/month. All other historical information on payments, success/failure rates, etc., can be accessed from your respective payment service provider portal. Agent statistics can still be provided via your telephone systems.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Atmoso

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach CSV
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We retain statistics of 100% uptime, with 99.9995% availability for the DTMF Masking solution. All faults are classed as Priority 1.
Approach to resilience The Britannic cloud DTMF Masking solution has full redundancy across multiple geographically diverse data centres for all aspects of the services for suppressing payment DTMF tones on inbound and outbound customer calls. This provides a 100.00% uptime availability including downtime required for planned upgrades and maintenance. The data centres used to provide this service are all ISO 27001 certified and offer a 24/7/365 service.
Outage reporting Email alerts. All outages carry a Reason For Outage (RFO) response

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All management interfaces are locked down, with only Atmoso personnel with access rights, in line with the rigid PCI Security Council accreditation.
Access restriction testing frequency At least every 6 months
Management access authentication Other
Description of management access authentication Not required, as locked down application

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 08/04/2014
What the ISO/IEC 27001 doesn’t cover Third party suppliers who do not directly impact the BTL Information Security
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification PCI Security Council nominated QSA Official – ProCheckUp
PCI DSS accreditation date 02/08/2019
What the PCI DSS doesn’t cover Britannic and the RevoPCI solution is directly PCI-DSS compliant and is a Level 1-certifiedPayment Service Provider and Payment Facilitator.
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • ISO9001 (Quality Management)
  • ISO22301 (Business Continuity)
  • FCA approved
  • MasterCard and Visa accreditation
  • GDPR compliant

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Britannic Technologies Information Security is supported by ISMS framework of approved, communicated and published policies and procedures that includes all legal, physical and technical controls. Britannic Information Security Policy as well as all other ISMS policies and procedures apply to all Britannic employees, while 3rd party management is governed by Britannic 3rd Party Information Security Compliance Policy and annual suppliers’ reviews. Our management processes have been aligned to ISO/IEC 27001 and include (but are not limited to): Network Management, IT, Operations Security, Projects, Access Control, Suppliers Management, Asset Management, Human Resources Security. Due to evolving nature of information security, all Britannic management processes are frequently reviewed to ensure Britannic Technologies remains in compliance with relevant legal and regulatory requirements of ISO/IEC 27001 and guidelines of ISO/IEC 27002. All ISMS Policies and Procedures have been approved by Britannic Managing Director and Information Security Management Forum, made up of members of the Senior Management Team. Britannic Information Security Management Forum carries an annual review of Information Security Policies and Procedures which can be also reviewed at other times as dictated by operational needs.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Any change requests are recorded through the service desk, logged and tracked - time bound. We then review change requests through our change management process. These are reviewed for a range of aspects, including potential security impact. All changes are recorded.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have implemented vulnerability management process fully compliant with ISO 27001:2013.
In order to identify potential threats we have:
- compiled an inventory of assets connected to our network
- identified critical systems and at-risk systems
- established timely and scheduled patch management process
- established a process ensuring programs and apps run the latest software versions
- established remediation timelines
We review and classify all vulnerabilities and associated threats on a regular basis as well as rate risks according to our stated risk categorisation and assign a remediation timeline to each risk.
We conduct a regular vulnerability testing/scanning process.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Britannic Technologies have implemented protective monitoring as a part of our risk management strategy. We collect and analyse log and event data which allows us to detect and promptly alert on operational and security issues related to a wide range of compliance and risk concerns. As a result we obtain information required to allow us to respond to incidents in a timely manner and to establish sufficient internal security controls for ongoing compliance with ISO 27001:2013 requirements.
Incident management type Supplier-defined controls
Incident management approach We have pre-defined processes for common events in line with our ISO 9001 accreditation. Users can log tickets by phone, email or web portal. Tickets are timed from the point of being logged through to closure. Each ticket type (Minor, Major & Critical) has an SLA, we monitor ticket closure & escalation processes. We have set up automated escalation at set times depending upon each type of ticket. We provide incident reports / RFO's as applicable.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £10 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑