Enabling a BMW main dealership to meet it’s PCI-DSS compliance obligations

Enterprise Case Study



Objectives of the project

To deliver a solution that staff would be able to accept payments over the phone without impacting their GDPR or PCI obligations. Enable staff identification, invoice identification and tracking and email transaction receipts to departments in real-time without affecting any existing systems. The system should be easy to use and not slow down the process of taking payments by phone. 


Remove the need for staff to ask customers to read out their payment card data over the telephone


Allow staff to enter a trackable reference number against the telephone payment


Allow staff to add their staff ID number so the staff member that took the payment could be identified


Meet PCI-DSS obligations with less cost and work required to prove they are compliant


Stop being charged non-compliance fees for being unable to prove telephone payments had not been secured


Have a service that allowed payment on every payment call they made or received

Contact Us

The Solution

From initial meetings, it was clear that the customer wanted to use there own bank so a custom integration was created so they could carry on processing payments using their bank's payment gateway service. The custom gateway connector into Lloyds bank was implemented allowing telephone payments with accompanying reference numbers and the agentID to be passed all the way through to the bank. This allowed the accounts department to quickly reconcile the transactions with no change to their operating process.

Payment Identification and reporting

To allow the functionality of the payment terminals to be replicated, departments and agent IDs were added to the Paytia platform so that a receipt for payment could be immediately received to the department's email address when any agents in the department took a payment. This was further enhanced to provide an end of day reconciliation report per department which was sent to accounts.

Contact Us

"Paytia has enabled the business to solve the final piece of our PCI-DSS compliance protection by removing any access to payment card data from our business when taking telephone payments. We have also been able to reduce the amount of time it takes our accounts department when dealing with reconciliation and payment queries."

A BMW Main Dealership

Looking for more Case Studies?

Find out how Paytia has enabled other businesses to become PCI-DSS compliant

Secure Virtual Terminal

Learn how Paytia enabled an FCA regulated loan management company to meet it’s PCI-DSS compliance obligations when processing customer payments over the telephone.

Find out more

Telco API

Learn how Paytia enabled a Telco partner to integrate into their own voice networking systems, use their own customer telephone numbers and call flows without the risk of relaying all telephone calls externally.

Find out more

PCI Compliance Guide

Learn what your business is required to do to become PCI-DSS Compliant. If your business takes payments over the phone PCI-DSS will apply to you. You must take the necessary steps to protect your customers sensitive payment card data.

Find out more

Want to see how it works?

Request a demonstration with one of our product specialists to see how Secure Virtual Terminal enables your business to take secure payments by phone.

Request a Demo