Automated Telephone Payments (ATP)
ATP is an automated self-service phone payments solution that integrates with HeyCentric and Unit4 Business World ERP solution. and your IVR solution.
It is available to your customers 24 X 7 and does not require an agent to be present.
It's fully PCI compliant.
Features
- Secure and PCI Compliant
- Real time payments
- Auto allocation of payment to ERP system
- integrated into your Income management system
- Speeds up the payment process
- Reduces labour intensive tasks
- Self service with 24 X 7 availability
Benefits
- significantly reduces the PCI compliance scope
- Seamless integration with your ERP or IM system
- Provides instant visibility on payments made as they happen
- Can integrate with multiple PSP's
- Self service 24 X 7 availability
- Supports multiple payment types
- Facilitates efficient use of staff time
Pricing
£1.25 a transaction a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 9 1 4 2 8 5 2 1 3 9 6 7 1 3
Contact
Blue Planet Software Ltd
Tom Behan
Telephone: +353872245768
Email: tom.behan@blueplanet-software.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- ATP integrates with your Income Management system or directly to your ERP system.
- Cloud deployment model
- Private cloud
- Service constraints
- There are no service constraints.
- System requirements
-
- Access to your Income management solution
- Access to your ERP solution via VPN
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We respond within the hour on receipt of a support query.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
P1 Response instant, resolution 1 hour.
P2 Response within 1 hours , resolution within next working day.
P3 Response within 4 hours, resolution within 2 working days
P4 5 working days, resolution with next release of software
Price included in the SaaS service price - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide a full implementation and integration service. Training not required.
We can also project manage the roll out if so desired. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
There is no data to extract as all payments end up in the users ERP system.
We do not hold data but only access data in the ERP system as required for payment processing. - End-of-contract process
-
The price has two elements An implementation fee for setup and deployment and an annual SaaS fee based on transaction volumes and bands.
When the service is no longer required the service is terminated.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There is no difference between devices used
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- No
- Customisation available
- Yes
- Description of customisation
-
During implementation the following elements can be customised.
The payment types
Call flow
Voice talent used
Service access numbers
The solution can be configured to integrate with multiple ERP systems
Scaling
- Independence of resources
-
The service is scaled to the needs of the organisation and expected capacity is provisioned to accommodate expected peak demand periods.
Early alerts are generated when the system is likely to reach its capacity.
The service load is monitored to ensure sufficient head room exists.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We can provide analysis the number of call volumes and timelines.
Calls per day by payment types.
The number of calls with payments refused and authorised.
Peak demand time forecasting. - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Sybernet Ltd
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Completed payments are either updated in real time to the ERP system or if that is not possible they are exported as a part of a batch process using a previously agreed file format.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Xml
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Xml
- Json
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- The service has a 99.98% availability
- Approach to resilience
- Available on request
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
- No system access provided to users.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- KYTE Consultants Ltd
- PCI DSS accreditation date
- 04/04/2020
- What the PCI DSS doesn’t cover
- Details of the PCI certification are contained in the AOC.
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- PCI DSS Version 3.2.1
- Information security policies and processes
- PCI DSS requirement 12
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- PCI DSS requirement 6
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Dictated by requirement 6,10 & 11 of PCI DSS standards
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Requirement 10 of PCI DSS standard
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Governed by requirement 12 of the PCI DSS requirements.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Covid-19 recovery
-
Covid-19 recovery
The Automated Telephone payments system facilitates remote payments thus removing the citizen from the need to attend in person.
Pricing
- Price
- £1.25 a transaction a year
- Discount for educational organisations
- No
- Free trial available
- No