Payment Card Security

 View PDF

The document below is not the latest version. To see the latest version, please click here.

Help take more of your systems and processes out of scope for PCI DSS Compliance.

For most SMEs, taking your systems out of scope is a much easier option than complying with the full requirements of PCI DSS. In effect, this means avoiding any contact with your customer's card details, no matter how briefly.

Whilst this is straightforward for eCommerce websites, handling telesales has always presented a greater challenge. Now, axis diplomat offers a number of modules that can be used individually or in combination to reduce or avoid altogether the need for card details to pass through your network.

Please note that axis diplomat supports two modes of operation for card payments - immediate payment and deferred.

Deferred payments are taken at the point that the sales order is released (normally at the point goods are despatched) rather than when the order is placed. Deferred payments support multiple debits of part-payments for orders that are part released on multiple occasions without having stored the card details in the interim.

Each module described below supports both methods.

Opayo Tokens

Opayo offer a mechanism called "Tokens" which enables them to save your customer's card details for subsequent re-use. This is intended for use on website checkouts to offer the customer the choice of entering new card details or using a saved card. Saved cards are only identified by their last four digits and the expiry date so do not affect PCI DSS compliance.

With the axis diplomat OpayoTokens module, these tokens are imported into your axis diplomat system from your axis vMerchant website and are then also available for use in Sales Order maintenance functions.

This means that any customer who has previously shopped on your website but subsequently needs to make a payment over the phone does not need to give you their card details unless they wish to use a different card.

Opayo Online Payments

The Opayo Online Payments option allows you to send a payment request email to your customer from within axis diplomat's Sales Order maintenance functions.The email contains a link to a payment page hosted on your axis vMerchant website, where they enter the payment details as if they were buying online. As soon as that payment is made, the details are imported back into axis diplomat and the order can be processed in the usual way.

When used in conjunction with the Opayo Tokens module described above, this process would only need to be followed once for that customer since subsequent orders could be paid using the stored token.

If you wish to use this facility but do not have an axis vMerchant-based website, we are able to host a stand-alone payment gateway for you.

 

Opayo Terminal Payments

Where it is necessary to take card payments over the phone, this module allows you to enter the payment details into the Opayo payment portal (using their website) - payment details are then automatically imported back into your axis diplomat system and matched to the sales order awaiting payment.

Using the website from a workstation attached to your network will still bring all or part of your network into scope so one solution is to use a tablet that accesses the Internet via a mobile 3G/4G SIM and not your Wi-Fi network.

Aeriandi / Opayo Interface

A completely separate approach to taking card payments over the phone is offered by Aeriandi and is ideally suited to those who use call recording or VoIP. Their solution works by capturing card details entered by the customer using the telephone keypad ("DTMF") or spoken and captured by voice recognition. The details are masked from your telesales operator although they stay on the line throughout the process. Once the card details are captured, the details are passed to Opayo for processing in the normal way whilst the transaction details are also passed to axis diplomat.

 

 

1.

The customer calls you and wishes to make a payment using a Credit or Debit Card. You ask them to type in their payment card details using their telephone keypad. At all times, you stay on the line to continue the conversation.

    

2.

As the customer presses the keys, you hear a comfort tone whilst the card information itself is captured within the Aeriandi Cloud Platform before being passed on to Opayo.

    

3.

You are notified if the payment has been approved or rejected. At no time do the details enter your system which means, without any payment card data to protect, your obligations to comply with PCI DSS are dramatically reduced.

 View PDF

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...
OK

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit www.allaboutcookies.org. Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.