Britannic Technologies

PCI Payment System - DTMF masking

Cloud Firewall technology auto-mutes calls when rfc2833 compliant DTMF is detected to securely capture payment card details during a live call when speaking with an agent and de-scopes the telephony environment from PCI DSS for payments. This certified PCI DSS Level 1 solution enables call recording compliance and IVR integration.

Features

• PCI-DSS compliant payments via phone and IVR solution options
• DTMF tones are supressed – agent hears only single tone
• Agent visibility at all verification stages
• Ability to re-key on incorrect card details
• Automated Payments – no business process change
• No integration software is required to work with our solution
• Optional CRM Integration, automatically populate from CRM or sales form
• Integration to client’s PSP , multiple gateways per merchant ID
• IVR Integration – no separate payment lines
• No calls terminated reconnected; allowing bundled, threshold packages to remain

Benefits

• De-scopes Business Environment ensures PCI/GDPR compliance
• Ensures that cardholder data is protected, with no call breaks
• Increases end user experience with simple verification
• All payments can be dealt with through a single portal
• Highly resilient and scalable
• No change of telecoms system/Dialler/IVR/SIP Provider/CRM/PSP or Recording Solution
• Automatically pull in end-user data reducing average call handling time
• You can quickly become PCI compliant
• Any agreement with 08/03 providers will not be affected
• Flexible, Disaster/Business Recovery as standard

£10 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jcambpbell@btlnet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

418442803518696

Contact

James Campbell
01483242550
jcambpbell@btlnet.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: N/A
• System requirements: None. Fully managed solution

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via Britannic's website
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: The Britannic Service Desk is committed to delivering the best service for our clients. Our process ensures that any critical customer issue is promptly escalated, day or night, regardless of contract level. This minimises delays during major incidents. Technical expertise and accountability are fundamental to our service ethos. Each new product added to our portfolio undergoes rigorous technical onboarding to cultivate in-house subject matter experts, enhancing the value we deliver to customers. In cases requiring vendor escalation, typically for software bugs or feature requests, we demonstrate our commitment and capability by managing the majority of service tickets and requests in-house. We take pride in our flexibility, adhering to necessary processes outlined in our ISO/IEC 20000 accreditation while striving to exceed customer expectations. By default, new customers are provided with our Bronze support package at no additional cost, however we can discuss increasing this if required. Pricing is based upon a percentage of the list price of the equipment in the solution. We also report on a tighter, internal measurement of SLO (Service Level Objective). This is a service goal which Britannic set above the contractual SLA measure. We are fully transparent with our customers regarding our performance against this measure.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Throughout the process, a named Project Manager will be assigned to each client to manage the implementation process in line with PRINCE2 methodology. This will follow an initial meeting with the client, the Britannic Project Manager and the Britannic Account Manager. As part of the project initiation a brief questionnaire will be completed that captures all key information relating to the DTMF masking solution and the client environment. A period of User Acceptance Testing will commence for an agreed period of up to seven (7) business days period. Once live, the service will go through the Early Life Support and then to the Operations team for Business as Usual support in line with the agreed SLAs.; Onsite training, online training and user documentation will be provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If requested, we will work with each client to ensure the extraction/deletion of data when the contact ends.
• End-of-contract process: At the end of the contract the client can continue to use the service (contract extension) or terminate use accordingly. There are no financial penalties or costs to terminate contract at end of agreed term or extend beyond initial term, commencing a new term, which triggers monthly service charge and transactions charges accordingly.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference noted. Service works on all platforms. Only difference is amount of real estate utilised.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: There is a dashboard which provides reporting, analytics & access to conversations
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Date/Time; CLI/DDI; Agent/Department/Company Name/Number/Identification; Order/Transaction Number; CRM/PSP Integration; PSP Transaction Number; Accept / Decline Detail
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The landing page and any subsequent pages can be specifically customised to the client, team or company utilising the RevoPCI solution.

Scaling

• Independence of resources: Our solution is constantly monitored through industry standard tools to ensure that the cloud platform scales to customer demand. The service offered has unrestricted scalability, so whether on a few SIP channels or thousands, we can accommodate all without impacting on demand.; For clients wishing to use their own SIP services in conjunction with the Britannic DTMF masking solution, direct interconnects will be provided with sufficient headroom to allow for growth.; For ease of access, clients wishing to bring their own trunks (BYOT) are readily accommodated, with no need to terminate, parallel or introduce further costs on new SIP services

Analytics

• Service usage metrics: Yes
• Metrics types: Yes – however, only as noted below (see Reporting Types below) We retain no specific real-time or historic information, as this negates the secure nature of the solution. However, we do log number of times the payment portal has been opened vs. time-zones/days/week/month. All other historical information on payments, success/failure rates, etc., can be accessed from your respective payment service provider portal. Agent statistics can still be provided via your telephone systems.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Atmoso

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: CSV
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We retain statistics of 100% uptime, with 99.9995% availability for the DTMF Masking solution. All faults are classed as Priority 1.
• Approach to resilience: The Britannic cloud DTMF Masking solution has full redundancy across multiple geographically diverse data centres for all aspects of the services for suppressing payment DTMF tones on inbound and outbound customer calls. This provides a 100.00% uptime availability including downtime required for planned upgrades and maintenance. The data centres used to provide this service are all ISO 27001 certified and offer a 24/7/365 service.
• Outage reporting: Email alerts. All outages carry a Reason For Outage (RFO) response

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All management interfaces are locked down, with only Atmoso personnel with access rights, in line with the rigid PCI Security Council accreditation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: Not required, as locked down application

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/04/2020
• What the ISO/IEC 27001 doesn’t cover: Third party suppliers who do not directly impact the Britannic Information Security
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: PCI Security Council nominated QSA Official – ProCheckUp
• PCI DSS accreditation date: 02/08/2019
• What the PCI DSS doesn’t cover: Britannic and the RevoPCI solution is directly PCI-DSS compliant and is a Level 1-certifiedPayment Service Provider and Payment Facilitator.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 22301 Business Continuity

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Britannic Information Security is supported by ISMS framework of approved, communicated and published policies and procedures that includes all legal, physical and technical controls. Britannic Information Security Policy as well as all other ISMS policies and procedures apply to all Britannic employees, while 3rd party management is governed by Britannic 3rd Party Information Security Compliance Policy and annual supplier reviews. Our management processes have been aligned to ISO/IEC 27001 and include (but are not limited to): Network Management, IT, Operations Security, Projects, Access Control, Suppliers Management, Asset Management, Human Resources Security. Due to evolving nature of information security, all Britannic management processes are frequently reviewed to ensure Britannic remains in compliance with relevant legal and regulatory requirements of ISO/IEC 27001 and guidelines of ISO/IEC 27002. All ISMS Policies and Procedures have been approved by Britannic CEO and Information Security Management Forum, made up of members of the Senior Management Team. Britannic Information Security Management Forum carries an annual review of Information Security Policies and Procedures which can be also reviewed at other times as dictated by operational needs.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Any change requests are recorded through the service desk, logged and tracked - time bound. We then review change requests through our change management process. These are reviewed for a range of aspects, including potential security impact. All changes are recorded.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have implemented vulnerability management process fully compliant with ISO 27001:2013. ; In order to identify potential threats we have:; - compiled an inventory of assets connected to our network; - identified critical systems and at-risk systems; - established timely and scheduled patch management process; - established a process ensuring programs and apps run the latest software versions; - established remediation timelines; We review and classify all vulnerabilities and associated threats on a regular basis as well as rate risks according to our stated risk categorisation and assign a remediation timeline to each risk.; We conduct a regular vulnerability testing/scanning process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Britannic have implemented protective monitoring as a part of our risk management strategy. We collect and analyse log and event data which allows us to detect and promptly alert on operational and security issues related to a wide range of compliance and risk concerns. As a result, we obtain information required to allow us to respond to incidents in a timely manner and to establish sufficient internal security controls for ongoing compliance with ISO 27001:2013 requirements.
• Incident management type: Supplier-defined controls
• Incident management approach: Britannic have a well defined process for managing and updating incidents. ; Customers are invited to log incidents via phone, email or online portal; Britannic will respond within SLA/SLO. During a critical or major incident, Britannic will invoke our major incident management process which delivers regular updates to key stakeholders and is only closed once a full RFO is delivered.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As an integral component of our environmental strategy, our dedication to sustainability encompasses multiple facets, spanning from our office practices to our data centre operations. At the core of our commitment lies our conscientious approach to recycling.; Within our office premises and across our datacentres, recycling initiatives are rigorously implemented. Specifically, within our datacentres, dedicated recycling collection points are established to ensure the proper disposal of all equipment packaging. This meticulous process is not only compliant with regulations but also aligns with our values of environmental stewardship.; For Britannic, our environmental commitment is not in place solely to adhere to compliance regulations, we want to play our part in fostering a greener future. Through comprehensive recycling initiatives, responsible disposal practices, and strategic partnerships, we endeavour to lead by example in championing sustainability across all facets of our operations.

  Equal opportunity

  The company is strongly dedicated to promoting diversity and inclusion across all areas of our business operations. The following is a summary of our policies, practices, and activities that support diversity and inclusion: ; Recruitment Policies & Practices: ; - Equal Opportunities Policy: We have a comprehensive Equal Opportunities Policy in place that ensures all individuals associated with the company are treated fairly and without discrimination. This policy complies with anti-discrimination laws, protecting against discrimination based on protected characteristics such as age, disability, gender, and more. ; - Recruitment Practices: Our recruitment processes are designed to prioritise merit and eliminate any form of discrimination. We use gender-neutral language in job advertisements, and our interviewers are trained to avoid asking discriminatory questions. We also ensure that our vacancy advertisements are widely disseminated to reach a diverse section of the labour market, promoting equal opportunities. ; - Equality Monitoring: We actively engage in equality monitoring by voluntarily and anonymously collecting data on various aspects, such as ethnic group, gender, disability, sexual orientation, religion, and age. This data helps us identify underrepresented or disadvantaged groups within our organisation and informs our diversity and inclusion initiatives. ; ; Our policies and practices demonstrate a clear commitment to enhancing diversity and inclusion in recruitment, internal development, and customer-facing service delivery. We continuously monitor and improve these initiatives, ensuring that diversity and inclusion are not just policies but integral parts of our organisational culture.

  Wellbeing

  Britannic are deeply committed to generating social value through our holistic approach to employee wellbeing and community engagement. We understand that fostering a supportive and empowered workforce not only benefits our employees but can make a positive impact on the local community.; Private Medical Coverage: Our provision of private medical coverage, including mental health services, ensuring that our employees have access to essential healthcare resources. By prioritising mental health, we contribute to reducing the stigma around these issues and promote overall well-being.; Birthday Leave: We believe that personal milestones are worth celebrating, and granting a day off for birthdays is a small way to show our appreciation for our employees. This policy enhances work-life balance, allowing individuals to spend quality time with loved ones and nurture personal relationships.; Volunteering Day: Our dedication to social value extends beyond the workplace. We offer our employees the opportunity to take a volunteering day, empowering them to give back to their communities. This not only strengthens our employees' sense of purpose but also creates a positive ripple effect by supporting various charitable causes within the local community.; Personal Training and Development: We actively encourage personal training and development initiatives. By investing in our employees' growth, we not only equip them with valuable skills but also foster a culture of continuous learning and innovation.; Extending Social Value to Clients: We actively seek to provide social value to our clients, through volunteering days, seminars, conferences, workshops, training assets and wellbeing portals.

Pricing

• Price: £10 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jcambpbell@btlnet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.