Gloucestershire County Council is looking to renew its payment and merchant system with a fully PCI-DSS compliant solution(s) that allows GCC to be compliant, by de-scoping all activity for its 3 payment channels and also provides income management functionality.
GCC currently has three payment channels:
— Face to Face (card present);
— Telephone Order for two contact centres and various satellite offices (card not present);
— eCommerce web payments (card not present).
For these three payment channels, GCC is looking to initiate scope reduction activities to ensure that only systems and environments that are required to process, transmit or store card-holder data remain in PCI scope. Including:
— Face to Face: a PCI SSC validated Point-to-Point Encryption (P2PE) solution for both attended and unattended payments.
— Telephone: secure voice transaction solution and / or PCI-DSS compliant IVR solution.
— eCommerce: outsource all payments via a URL redirect when payment is taken.
The solution(s) must integrate fully with GCC's existing SAP financial system.
The solution(s) must interface with a number of business-specific systems to record the successful taking of the payment, e.g. registration services, music services, library management, and road safety course booking.
The solution(s) must take card payments for a wide range of GCC services (whether invoiced or not) via a range of credit and debit cards as well as contactless cards, Apple Pay, Android Pay or equivalents.
The solution(s) must be able to handle refunds.
The solution(s) must enable the assigning of payments to the relevant cost centres within the Council and full traceability of payment transactions back to GCC's financial ledgers.
The solution(s) must have the provision of management information about payments, including values, volumes, types and reasons etc.