Contact Centre

payMatic-PCI - taking card payments in a secure PCI DSS compliant way using Paypal

Hostcomm has launched payMatic-PCI which is a simple PCI compliant card payment system which is available to anyone wishing to take card payments in a call centre environment. The system is controlled by the call centre agent who moves the client to a secure IVR where the card details are taken, added to additional database information and sent to a payment gateway. If successful the client is informed and the database is updated. The system is secure because the agent is not exposed to the card details and the card details are not stored anywhere. Furthermore the agent's session is recorded from start to end with no breaks or pauses.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Hostcomm Validation of compliance is done annually - by an external Qualified Security Assessor (QSA) for organisations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

payMatic-PCI overview

payMatic-PCI is a hosted payment IVR which is integrated into Hostcomm's automatic dialers and contact centre servers. The agent passes the client to payMatic-PCI by pressing a hotkey and the PCI compliant interactive voice response (IVR) system takes over. The client makes the payment by using their telephone keypad to enter their card details and is then automatically returned to the agent. This system is very easy for the agent's to understand and reduces the average cost per transaction as well preventing the agent from being exposed to the client's credit card details. The service is provided on a 'pay as you go' basis and there are no hardware / software costs to pay.

  • Low monthly cost - available from £199 per month for unlimited transactions.
  • High performance - multiple simultaneous card payments.
  • Works with all main payment gateways - uses secure API access.
  • Very Secure - complies with PCI DSS criteria.
  • Card details not stored - nothing to secure as no card details saved.
  • Agents do no see card details - reduces fraud considerably.
  • Paypal tested - Fully tested with Paypal for direct card payments.
  • Dedicated firewalled server with VPN - the only acceptable PCI / FSA solution.
  • Unlimited support and training - both are included in the monthly service fee.

payMatic-PCI PCI DSS compliance matrix

Control ObjectivesOFFICIAL PCI DSS RequirementspayMatic-PCI
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data Compliant - Firewall installed.
2. Do not use vendor-supplied defaults for system passwords and other security parameters Compliant
Protect Cardholder Data 3. Protect stored cardholder data Compliant - Cardholder data not stored.
4. Encrypt transmission of cardholder data across open, public networks It is not possible to encrypt DTMF tones over the public switched telephone network (PSTN). It is not easy to tap telephone calls but it is possible.
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software on all systems commonly affected by malware Compliant
6. Develop and maintain secure systems and applications Compliant - Cardholder data not stored or visible to any personell.
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know Compliant - Cardholder data not stored or visible to any personell.
8. Assign a unique ID to each person with computer access Compliant
9. Restrict physical access to cardholder data Compliant - Cardholder data not stored or visible to any personell.
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data Compliant
11. Regularly test security systems and processes Compliant
Maintain an Information Security Policy 12. Maintain a policy that addresses information security Compliant

Trusted by

Bt Logo 2018 Case Study Help Lin N Case Study Shelter Logo N Case Study Home Logic Icynene Case Study Orbit Logo Purple 2 Case Study Homeserve Logo Svg 2 Case Study The Car Buying Group Logo 2 Case Study First Data Logo 2018 N Case Study Inspire Logo 2 Case Study Beer 2 Case Study


PCI DSS Certified, TPS Telephone Preference Service, ICOCSA Supplier Member, Cyber Essentials