Enabling a BMW main dealership to meet it’s PCI-DSS compliance obligations
Enterprise Case Study
Objectives of the project
To deliver a solution that staff would be able to accept payments over the phone without impacting their GDPR or PCI obligations. Enable staff identification, invoice identification and tracking and email transaction receipts to departments in real-time without affecting any existing systems. The system should be easy to use and not slow down the process of taking payments by phone.
Remove the need for staff to ask customers to read out their payment card data over the telephone
Allow staff to enter a trackable reference number against the telephone payment
Allow staff to add their staff ID number so the staff member that took the payment could be identified
Meet PCI-DSS obligations with less cost and work required to prove they are compliant
Stop being charged non-compliance fees for being unable to prove telephone payments had not been secured
Have a service that allowed payment on every payment call they made or received
From initial meetings, it was clear that the customer wanted to use there own bank so a custom integration was created so they could carry on processing payments using their bank's payment gateway service. The custom gateway connector into Lloyds bank was implemented allowing telephone payments with accompanying reference numbers and the agentID to be passed all the way through to the bank. This allowed the accounts department to quickly reconcile the transactions with no change to their operating process.
Payment Identification and reporting
To allow the functionality of the payment terminals to be replicated, departments and agent IDs were added to the Paytia platform so that a receipt for payment could be immediately received to the department's email address when any agents in the department took a payment. This was further enhanced to provide an end of day reconciliation report per department which was sent to accounts.
"Paytia has enabled the business to solve the final piece of our PCI-DSS compliance protection by removing any access to payment card data from our business when taking telephone payments. We have also been able to reduce the amount of time it takes our accounts department when dealing with reconciliation and payment queries."
Looking for more Case Studies?
Find out how Paytia has enabled other businesses to become PCI-DSS compliant
Secure Virtual Terminal
Learn how Paytia enabled an FCA regulated loan management company to meet it’s PCI-DSS compliance obligations when processing customer payments over the telephone.Find out more
Learn how Paytia enabled a Telco partner to integrate into their own voice networking systems, use their own customer telephone numbers and call flows without the risk of relaying all telephone calls externally.Find out more
PCI Compliance Guide
Learn what your business is required to do to become PCI-DSS Compliant. If your business takes payments over the phone PCI-DSS will apply to you. You must take the necessary steps to protect your customers sensitive payment card data.Find out more