SVL Business Solutions Ltd

PCI SIP by SVL

PCI SIP supports compliance for voice transactions and fraud protection by ensuring no card information is seen or heard by the agent.
The solution is vendor agnostic so enables cost savings whilst avoiding major upheaval. No equipment required on-site, it de-scopes the organisation from storing or transmitting cardholder payment data.

Features

• PCI-DSS compliant payments via phone and IVR solution options
• DTMF tones are supressed , agent hears only single tone
• Agent visibility at all verification stages
• Ability to re-key on incorrect card details
• Automated Payments , no business process change
• No integration software is required to work with our solution
• Optional CRM integration, automatically populate from CRM or sales form
• Integration to client's PSP, multiple gateways per merchant ID
• No calls terminated reconnected, allowing bundled threshold packages to remain

Benefits

• De-scopes business environment, ensures PCI/GDPR compliance
• Ensures that cardholder data is protected with no call breaks
• Increases end users experience with simple verification
• All payments can be dealt with through a single portal
• Highly resilient and scalable
• No change of telecoms system/dialler/IVR/SIP provider/CRM/PSP or recording solution
• Automatically pull in end-user data reducing average handling time
• Quickly become PCI compliant
• No impact on 08/03 provider agreements
• Flexible disaster/business recovery as standard

£12.50 to £17.50 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@svlbusinesssolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

305909893532816

Contact

Sales Team
01355900000
sales@svlbusinesssolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Not applicable, this is a fully managed service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 minute response time for critical incidents. Further details can be found in our service definition.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer three levels of support, Silver, Gold and Platinum. More details are included in our service definition document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Each customer has a dedicated account manager who will work together with the client to design a suitable onboarding process. Training can be onsite or online and user documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: In line with GDPR compliance, we work with clients to ensure that all data is extracted at the end of the contract.
• End-of-contract process: At contract end, the client can choose to continue or terminate their service. No additional costs are incurred.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Dashboard with reporting and analytics
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The UI can be customised to adhere to standards as required
• API: Yes
• What users can and can't do using the API: The API can be used to identify a call, control the RevoPCI card capture solution and submit a payment/token/refund request.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can customise the UI using the API. The payment portal can be provided and customised as required.

Scaling

• Independence of resources: Our solution is constantly monitored to ensure the cloud platform scales to customer demand. There is no limit on scalability so whether on a few SIP channels or thousands, we can accommodate. Bring your own SIP services in conjunction with this solution, direct interconnects will be provided with sufficient headroom to allow for growth. For ease of access, clients wishing to bring their own trunks are readily accommodated, with no need to terminate, parallel or introduce further costs on new SIP services.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Atmoso

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: No data is stored within the RevoPCI system
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: No data is stored within the RevoPCI system
• Data export formats: Other
• Other data export formats: No data is stored in the RevoPCI system
• Data import formats: Other
• Other data import formats: No data is uploaded into the system

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Other
• Other protection within supplier network: Not applicable as no data is stored within the Revo PCI system, it only exists in transmit whilst being processed to the PSP.

Availability and resilience

• Guaranteed availability: 99.99% guaranteed availability.; All faults classed as a priority 1
• Approach to resilience: Our cloud DTMF Masking solution has full redundancy across multiple geographically diverse data centres for all aspects of the services for suppressing payments DTMF tones on inbound and outbound customer calls. This provides 100% uptime availability including downtime required for planned upgrades and maintenance. The data centres used to provide this are all ISO 27001 certified and offer a 24/7/365 service
• Outage reporting: Email alerts are provided

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: All internal system access is restricted to named authorised accounts using MFA for access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CQS (Certified Quality Systems) Ltd
• ISO/IEC 27001 accreditation date: 3rd November 2024
• What the ISO/IEC 27001 doesn’t cover: All areas are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Procheckup Ltd an approved PCI QAS company
• PCI DSS accreditation date: 2nd August 2024
• What the PCI DSS doesn’t cover: All aspects of the RevoPVI service are covered under the AoC
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: PCI DSS Level 1 Certified; Cyber Essentials
• Information security policies and processes: Information Security Policies are specific to the management of our PCI Service and are audited by our QSA as part of our annual assessment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have documented change management which requires all changes to be documented and approved before being scheduled for deployment. All patching and changes are completed out of hours.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are frequently reviewed, assessed and patched where appropriate in-line with our Vulnerability management policy as required by our PCI assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All systems are proactively monitoring including formal security and update patching schedules and assessments
• Incident management type: Supplier-defined controls
• Incident management approach: We have an implemented incident response plan. This policy is reviewed and tested annually to we are well placed to efficiently and effectively respond to any incidents that may occur.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Highlighting our proactive approach to reducing emissions and fighting climate change, we have put in place a tangible Carbon Reduction Plan. Through a measurable plan, we are fully committed to achieving net zero carbon by 2050 at the latest and reducing our environmental impacts year-on-year. ; As we continue to work towards net zero greenhouse gas emissions, we have moved our full fleet of company cars from diesel to electric. Aligned to our zero-carbon pledge, we have implemented a ‘Electric First, Diesel Last’ policy. This policy states that for all new vehicles we purchase the preferred option will be the purchase of an electric vehicle. If this is not a viable option, our second option will be to purchase a hybrid vehicle. Diesel cars will be last resort only.; Reducing the physical usage of on-site electricity, we are moving as many clients as possible from on-premises, server-based software to cloud-based servers and storage. This not only extends environmental benefits but also reduces the creation and distribution of significant amounts of hardware.; In our own building, we have environmental measures in place to reduce the use of electricity, gas and water. For example, to promote energy efficiency, we have introduced a “switch it off” policy at our offices. Our staff are instructed to turn off all lights and electrical appliances when they are not in use to minimise electricity use. In addition, in our offices we incorporate energy-saving features such as:; -Low-energy lighting; -Thermostat-controlled heating; -Insulation; Further evidencing our commitment to fighting climate change and reducing carbon emissions, we have continued our policy of hybrid working post-pandemic. Our flexible working policy allows all staff to work from home 3 days a week. Supporting this, we minimise business travel by advocating the use of conference calls instead of in-person visits.

  Covid-19 recovery

  We are committed to supporting organisations and businesses to manage/recover from the impacts of COVID-19. Demonstrating our commitment to supporting businesses/organisations, we have implemented several initiatives: ; ; -We have extended our terms to accommodate clients with short-term cash flow issues; -To alleviate financial burdens, we have enabled our clients to pay only for what they used the previous month. As part of this, we have helped organisations transition from hugely expensive up-front licence-based models of expenditure to a consumption-based (or usage-based) payment model ; ; Further evidencing our commitment, we offer 24/7 support to our clients who are still working on the front-line against COVID-19. This includes Blue Light, Community Care and our NHS clients. For example: ; ; -To facilitate better social distancing/new ways of working, we are providing extra call lines to NHS call-centres; -To ensure service resilience, we are providing continuous support/technical expertise to essential 24/7 helplines and emergency control rooms (111 and 999) across the UK and Ireland; ; We are also committed to improving the working conditions within our own operations to further support COVID-19 recovery. To continue facilitating social distancing, we have maintained the office layout designed for social distancing. To mitigate overcrowding and ensure our office is never too busy, we promote flexible working arrangements. This includes empowering our staff to work-from-home for up to 3 days a week.

  Tackling economic inequality

  Reflecting our dedication to tackling economic inequality, we prioritise increasing the resilience and capacity of supply chains. One way we are doing this is by bringing Contact Centre as a Service (CCAAS) products such as Amazon Connect to SMEs across the UK. Traditionally and up until the last 18 months, this type of software has been too expensive for SMEs and required a heavy up-front investment. However, by introducing a simple usage-based pricing model, this allows smaller businesses to receive all the benefits of a high-quality Contact Centre. These benefits include but is not limited to:; ; -Enhanced customer experience: Providing customers with a seamless, digital-centric service environment with multiple channels for interaction ; -Advanced analytics: Leveraging smart, AI-based business insights to stay ahead of customers needs and preferences ; -Cost-effectiveness and flexible: Transitioning from expensive hardware and maintenance to more-cost effective, flexible and scalable cloud solution ; ; By enabling SMEs to gain access to these benefits, we promote the competitiveness and sustainable growth within the SME sector. ; ; As part of increasing supply chain resilience/capacity we take proactive measures to identify and manage cyber security risks. As a business, we have achieved our Cyber Essentials Plus Certificate of Assurance. Highlighting our commitment to upholding cyber security for our clients, this is the highest level of certification offered under the Cyber Essentials scheme.; ; We will further minimise economic inequality through ongoing innovation and the development of new future-proofed methods for our clients. For example, to enhance delivery and efficiency, we have invested in a new card fraud and digital payments products. This effectively eliminates risks associated with payments via phone calls, digital, social or video channels. By embracing these innovative solutions, we empower our clients to navigate the digital landscape with confidence while advancing economic equality.

  Equal opportunity

  We are committed to fostering inclusivity and diversity across our workforce, our supply chain and customer base. We have Equality & Diversity and Health & Wellbeing policies that articulate our commitment to equal opportunity and inclusion. ; ; Preventing discrimination in our recruitment process, we are an Equal Opportunities employer. Maintaining a diverse workforce, applicants will not be discriminated against based on race, colour, nationality, ethnic or national origin, religious beliefs, sexual orientation, gender, disability or any other reason. ; ; As part of our commitment to equal opportunity and as a disability-positive employer, we proactively encourage our staff, suppliers, customers to increase the representation of disabled people within contract roles. As part of this, we are dedicated to tackling inequality and ensuring that every role within our organisation is accessible. ; ; With advancements of technology, the traditional requirement for physical presence, especially for Engineers working in difficult to access server rooms has significantly reduced. Alleviating previous restrictions on these roles and allowing for an increase equal opportunity/representation, technical/engineering support can now take place via accessible computers from any venue. ; ; Moreover, to gain insights into the unique needs/challenges faced by disabled people, we collaborate with suppliers who operate within the care community. By partnering with like-minded suppliers, we create meaningful employment opportunities for disabled individuals and gain insights in how to support them in their homes/work. ; ; To provide further skills and employment opportunities for our employees including those from disadvantaged/minority backgrounds, we look to advertise positions internally and promote from within. Those who promote our values and lead by example are identified for pay raises, annual bonuses or promotions in line with our progression pathways and reward mechanisms.

  Wellbeing

  To support employee health and wellbeing, we invest in an Employee Assistance Programme (EAP). Designed to provide compassionate support to our staff through any challenges they may face, this programme offers: ; ; -24/7, 365 support: Our EAP ensures that out staff have access to assistance round-the-clock every day of the year. This includes a 24-hour helpline and telephone counselling service; -Comprehensive resource library: Tailored to the individuals wellbeing journey, our EAP provides a comprehensive library of resources, including articles, self-help tools and videos; -Accessible App and portal format: Recognising the importance of accessibility and allowing employees to access support/resources whenever they need it, our EAP is available in both app and portal format; ; In addition to the Employee Assistance Programme, we also offer support to our staff through: ; ; -Open-door policy with Directors: To address issues relating to physical and mental health, all staff are encouraged to have confidential discussions with our Directors and receive full support; -Mental health awareness sessions: To raise awareness and educate our employees in managing their mental wellbeing effectively, we conduct regular mental health awareness sessions ; -Flexible work arrangements: To accommodate employees with long-term health conditions, we offer flexible work arrangements. This enables our staff to balance their health needs with their work responsibilities. ; -Work-life balance: Aligned to the above policy, we actively promote a health work-life balance and encourage employees to take the time they need to properly manage their heath (and health conditions) ; -Free private health and dental insurance: To ensure our staff have swift access to healthcare treatments/services, we offer free private health/dental insurance to our staff

Pricing

• Price: £12.50 to £17.50 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@svlbusinesssolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.