Enabling an FCA regulated loan management company to meet it’s PCI-DSS compliance obligations

Paytia Secure Virtual Terminal Case Study


The Objectives

Paytia delivered an enhanced secure virtual desktop web application with the ability to settle payments into 5 separate bank accounts. Providing the service to run independently to the current loan management database system and onsite telephony.


Remove the need for staff to ask customers to read out their payment card data over the telephone


Allow staff to use a secure Virtual Terminal so multiple data fields could be entered


Allow partial account number and reference number fields to be captured with the transaction


Use multiple merchant MID account numbers so payments could be taken across 5 different bank accounts


Avoid non-compliance fees for being unable to prove telephone payments had been secured


Have a service that allowed payment on every payment call they made or received

The Solution

There was a requirement to allow staff to vary data fields with each transaction. It was decided that a custom virtual terminal application from Paytia would be used.

The Virtual Terminal allowed each agent to enter names, addresses, reference and account numbers plus the transaction amount. As agents could be processing a transaction against multiple loan book accounts a simple dropdown was added that allowed the agent to choose the bank account money would be placed in. Choosing the bank account automatically pre-populated the account number fields on the form making data entry quicker and removing the risk of manual typing mistakes. SagePay (now known as Opayo) was chosen as the payment processing gateway so each loan account could have submission reports automatically downloaded into the Sage Accounting systems.

Payment Identification and Reporting

Department and agent ID were used in the Paytia platform so that a receipt for payment could be immediately received to the agent and accounts departments email addresses when any of the agents took a payment.

This was further enhanced to provide an end of day reconciliation report per department which was sent to accounts.

References available on request

Paytia have allowed us to remove the risk to agents handling payment card data and made it simpler to evidence the process for our FCA and GDPR reporting where payments are concerned. The Virtual Terminal application has simplified the process of collecting payments without the need for us to change our systems or telephone service.

An FCA Regulated Load Management Company

Looking for more Case Studies?

Find out how Paytia has enabled other businesses to become PCI-DSS compliant

Pay729™ Enterprise

Learn how Paytia enabled a BMW main dealership to meet it’s PCI-DSS compliance obligations for taking customer payments over the telephone.

Find out more

Telco API

Learn how Paytia enabled a Telco partner to integrate into their own voice networking systems, use their own customer telephone numbers and call flows without the risk of relaying all telephone calls externally.

Find out more

PCI Compliance Guide

Learn what your business is required to do to become PCI-DSS Compliant. If your business takes payments over the phone PCI-DSS will apply to you. You must take the necessary steps to protect your customers sensitive payment card data.

Find out more

Want to see how it works?

Request a demonstration with one of our product specialists to see how Secure Virtual Terminal enables your business to take secure payments by phone.

Request a Demo