Eazy Collect Services Ltd

Direct Debit Management and Payment Processing

BACS Approved Commercial Bureau, Facility Management Provider and FCA Regulated large Payment Institution enabling businesses, NFP and public sector to streamline and automate payment systems utilising direct debit achieve cost savings. Finance, ledger and credit control teams will benefit from outsourcing via cloud based services with partial/full API integration options.


  • Cloud based Software-as-a-Service
  • Direct Debit Management portal
  • API Integration or secure batch processing
  • User authentication and management
  • System scalability
  • Real-time reporting and export download
  • BACS Compliant Paperless and Online direct debit sign-up
  • BACS Compliant DD Scheme communications module
  • Automated BACS exception and report handling
  • App - iOS or Android


  • Automation and streamlining of payment or collection systems
  • Removal of paper-based processes
  • Introduction of electronic communications
  • Cloud based services replace outdated installations
  • Greater flexibility of payment scheduling or amendments
  • User control and audit transparency
  • Extensive range of management information tools and reporting
  • Improved cashflow management and reconciliation
  • Cost reduction enabling re-allocation of resources
  • Security of sensitive data to meet ongoing regulatory changes


£0.04 to £0.35 per transaction per year

Service documents

G-Cloud 9


Eazy Collect Services Ltd

David Carr

01242 539902


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Billing, CRM, Accounting and Finance.
Cloud deployment model Private cloud
Service constraints No
System requirements None, all software is via our Cloud solution.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLA = 24 hrs M-F, 48 hrs Sat-Sun
Bank hours (working days) dictate services supplied so "out of hours" support typically not applicable. Cloud based portal and system available 24/7/365.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Client Service's support and Technical support inclusive as part of commercial terms. Account management as necessary depending on bespoke solutions/integrations contracted and volume needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full User Resource library on dedicated website including tutorials, guides, instructions, tool tips and all information needed for clients to use services. Additional onsite training available at extra cost as per commercial terms and on use-case as required.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction Much of the data in accordance with Data Protection legislation can be exported via reporting suite options in multiple formats by authorised Users. However, highly sensitive data extraction must be requested by an authorised Data Requester. In such instances, Eazy Collect's Information Security Officer will resource the specific request and will provide a commensurate quotation for providing secure data file as appropriate and in compliance with Data Protection, BACS and FCA regulations.
End-of-contract process A standard three month notice is required to terminate contracts outside of the standard twelve month minimum contract term. Commercial terms and length of contract are agreed at final tender stage. No additional cost is assessed at end of contracts where client adheres to the commercial terms.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None, scaling built-in. iOS and Android app also available for field agents.
Accessibility standards None or don’t know
Description of accessibility Via any tablet, MAC or PC.

Via engagement with Client Services and Technical Support teams.
Accessibility testing None
What users can and can't do using the API A complete technical specification and developer guide is provided. Test account and client specification liaison is project managed with the API tech team. The API is multi-function with client specific options for integration. For competent persons with IT skills and API experience consistent with an integration of this architecture and complexity, there are no limitations of any concern. REST based with input via x-www-form-urlencoded data, responses in JSON.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation API is multi-functional and can be integrated according to User/Client preferences and/or specifications. The developer Guide and Eazy Collect Tech support enables the Client's equivalent qualified technical persons to complete functional requirements as needed. The Direct Debit input form can be customised to some extent and the API allows you to build the DD application into your website with third party assistance.


Independence of resources Eazy Collect uses cloud based Amazon Web Services (AWS) secure infrastructure which enables auto scaling, elastic load balancing and appropriate monitoring to adjust as required by client volumes. Additional instances are also available to satisfy specific client requirements and ensure demands are met. Further additional instances in Ireland & Germany are available for added seamless switchover if and as required.


Service usage metrics Yes
Metrics types Full audit trail, User reporting and other processing MI metrics/reporting are part of standard features available with Eazy Customer Manager DD system. Real time daily processing and automation handling in response to BACS exception reporting is available through reporting modules, email notifications and self-serve functionality.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Data is held in a private subnet which is only accessible via a VPN; bank data is encrypted and not visible in plain text.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Via self-serve Cloud based web portal by authorised Users choosing a range of reports available in the Eazy Customer Manager reporting suite in multiple formats. Additional data exports not within the standard report output can be requested subject to Data Protection legislation
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats Via API

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Data in the network is held within a Virtual Private Cloud; our databases are in a separate subnet which is not publicly accessible and we can only access it via a Virtual Private Network. Data between machines is encrypted using a 128bit cipher.

Availability and resilience

Availability and resilience
Guaranteed availability SLA = 99.99% availability
Approach to resilience Regular monitoring. The service is based in Dublin Ireland and is mirrored in three data centres which are on separate power and telecoms networks. If one becomes unavailable, it switches to one of the other two to maintain availability. We also hold a separate copy of the data in Frankfurt and this can be deployed and running in one hour.
Outage reporting Email and system notifications to authorised Users. Any outages are reviewed at a management meeting monthly.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Multiple User Authorisation levels and function accessibility
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Sysnet Global Solutions & Securious Ltd (Cardstream)
PCI DSS accreditation date 09/09/2016 and 06/08/2016
What the PCI DSS doesn’t cover None, payment gateways/e-commerce provided as part of service solutions are Level 1 compliant via Cardstream Partnership.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Appointed ISO 27001 Data Centres used and internal standards incorporated to meet the standard although not accredited at time of application submission.
Information security policies and processes Security is at the forefront of our minds during all processes. Security features as a specific agenda item on monthly management meetings. We have a written security policy which all staff members are required to sign as understood on an annual basis. The Policy is reviewed annually or when necessary.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a written configuration and change management policy broadly based upon the ITIL framework. The document itself is available on request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We employ a third party NCSC (formerly CESG) CHECK vendor to independently test our security/vulnerability. This comprises daily delta testing, quarterly vulnerability testing and annual penetration testing. Reports are received as soon as available and work to correct issues found is prioritised based on risk.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We employ a third party NCSC (formerly CESG) CHECK vendor to independently test our security/vulnerability. This comprises daily delta testing, quarterly vulnerability testing and annual penetration testing. Reports are received as soon as available and work to correct issues found is prioritised based on risk.
Incident management type Supplier-defined controls
Incident management approach We have a written incident management policy broadly based upon the ITIL framework. The document is available upon request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.04 to £0.35 per transaction per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Allows Client Users ability to trial/test our S-a-aS (DD management web portal), using Demo account and maximum 90 days available for IT, Finance or other key stakeholders involved in making decision to use Eazy Collect Bureau services. Full access to system functionality commensurate to services offered would be provided.
Link to free trial Provided at final tender stage on request


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑