axis diplomat 2020 Modules

18. Payment Card Security

The document below is not the latest version. To see the latest version, please click here.

Help take more of your systems and processes out of scope for PCI DSS Compliance.

 

For most SMEs, taking your systems out of scope is a much easier option than complying with the full requirements of PCI DSS. In effect, this means avoiding any contact with your customer's card details, no matter how briefly.

Whilst this is straightforward for eCommerce websites, handling telesales has always presented a greater challenge. Now, axis diplomat offers a number of modules that can be used individually or in combination to reduce or avoid altogether the need for card details to pass through your network.

Please note that axis diplomat supports two modes of operation for card payments - immediate payment and deferred.

Deferred payments are taken at the point that the sales order is released (normally at the point goods are despatched) rather than when the order is placed. Deferred payments support multiple debits of part-payments for orders that are part released on multiple occasions without having stored the card details in the interim.

Each module described below supports both methods.

 

18.1 Opayo Tokens

Opayo offer a mechanism called "Tokens" which enables them to save your customer's card details for subsequent re-use. This is intended for use on website checkouts to offer the customer the choice of entering new card details or using a saved card. Saved cards are only identified by their last four digits and the expiry date so do not affect PCI DSS compliance.

With the axis diplomat OpayoTokens module, these tokens are imported into your axis diplomat system from your axis vMerchant website and are then also available for use in Sales Order maintenance functions.

This means that any customer who has previously shopped on your website but subsequently needs to make a payment over the phone does not need to give you their card details unless they wish to use a different card.

 

18.2 Opayo Online Payments

The Opayo Online Payments option allows you to send a payment request email to your customer from within axis diplomat's Sales Order maintenance functions.The email contains a link to a payment page hosted on your axis vMerchant website, where they enter the payment details as if they were buying online. As soon as that payment is made, the details are imported back into axis diplomat and the order can be processed in the usual way.

When used in conjunction with the Opayo Tokens module described above, this process would only need to be followed once for that customer since subsequent orders could be paid using the stored token.

If you wish to use this facility but do not have an axis vMerchant-based website, we are able to host a stand-alone payment gateway for you.

 
 

18.3 Opayo Terminal Payments

Where it is necessary to take card payments over the phone, this module allows you to enter the payment details into the Opayo payment portal (using their website) - payment details are then automatically imported back into your axis diplomat system and matched to the sales order awaiting payment.

Using the website from a workstation attached to your network will still bring all or part of your network into scope so one solution is to use a tablet that accesses the Internet via a mobile 3G/4G SIM and not your Wi-Fi network.

 

18.4 Aeriandi / Opayo Interface

A completely separate approach to taking card payments over the phone is offered by Aeriandi and is ideally suited to those who use call recording or VoIP. Their solution works by capturing card details entered by the customer using the telephone keypad ("DTMF") or spoken and captured by voice recognition. The details are masked from your telesales operator although they stay on the line throughout the process. Once the card details are captured, the details are passed to Opayo for processing in the normal way whilst the transaction details are also passed to axis diplomat.

 

 

1.

The customer calls you and wishes to make a payment using a Credit or Debit Card. You ask them to type in their payment card details using their telephone keypad. At all times, you stay on the line to continue the conversation.

    

2.

As the customer presses the keys, you hear a comfort tone whilst the card information itself is captured within the Aeriandi Cloud Platform before being passed on to Opayo.

    

3.

You are notified if the payment has been approved or rejected. At no time do the details enter your system which means, without any payment card data to protect, your obligations to comply with PCI DSS are dramatically reduced.