top of page
Data Discovery

EnterpriseRecon

Find sensitive data before the hackers do with GroundLabs EnterpriseRecon.

ground-labs-920x533.jpg

On-demand Discovery Scanning for Compliance

Bringing Clarity to Data Management

Unparalleled Scanning Abilities

Rapid Discovery for the Data That Matters

Streamlined data management for privacy, security and compliance

Enterprise Recon is Ground Labs’ award-winning data discovery solution packaged with on-demand remediation and data management capabilities, providing organizations maximum visibility and control of their most valuable data assets.

  • What is the difference between typical LCR and Dynamic LCR?
    Typical LCR allows merchants to determine how their transactions will be processed as a fixed option. Dynamic LCR evaluates each transaction online and in real-time and directs each transaction through the most cost-effective payment processor or payment route available at the time of the transaction. This means that the transaction will always be processed with the least cost option to the merchants and to be completed successfully, even when some payment links are broken. The implementation of dynamic least cost routing requires a sophisticated system like IPSI’s that can evaluate transaction costs across multiple channels in real time. IPSI’s Dynamic LCR capability provides real time decision and smart switching to direct transactions to the best path that is most likely to process successfully and with the least cost. This ensures the transactions are completed even when a payment link is broken.
  • Can Least Cost Routing be customized according to my business needs?
    Yes, a key feature of IPSI LCR is the ability to customise the routing behavour based on your specific business rules. IPSI’s highly innovative and highly flexible payment platform allows you to customise and integrate with your legacy payment systems to combine multiple systems, tools and services into one. We evolve as your business requirements change.
  • What are the benefits of using Least Cost Routing?
    The primary benefit of LCR is cost savings, as it ensures that each transaction is processed via the cheapest route. This can result in immediate saving that leads to substantial savings over time. Other potential benefits include improved transaction speeds and greater control over transaction routing. For further information about the benefits of Least Cost Routing, read our recent article "Unlock Savings: the benefits of Dynamic Least Cost Routing".
  • What is Least Cost Routing (LCR)?
    Least-cost routing (LCR), also known as merchant choice routing, offers significant advantages to businesses seeking to reduce their transaction costs. This initiative empowers merchants to determine how their debit card transactions are processed, allowing them to choose the most cost-effective option available, whether through eftpos or one of the other debit networks (Visa Debit or Debit Mastercard), assuming they are technically enabled to leverage this emerging capability. Moreover, Least Cost Routing introduces a healthy competitive dynamic among debit schemes. With merchants being able to selectively route transactions to the lowest-cost network, debit schemes face increased pressure to lower their fees, including interchange fees and scheme fees. For more information, read our article "What is Least Cost Routing of payments and its benefits to merchants?"
  • How much can I save by using Least Cost Routing?
    The savings can vary widely depending on factors such as your transaction volume, the range of transaction sizes, and the number of processing options available. A detailed analysis would be necessary to estimate potential savings for a specific business. A member of the IPSI team can assess what savings from dynamic least cost routing would look like for your business based on your specific business requirements and throughput. Contact us at [email protected] or call 1300 975 630 to discuss how we can help you unlock significant savings for your business.
  • What is the role of the Reserve Bank of Australia in promoting Least Cost Routing?
    The RBA, in its dedication to fostering a more equitable and efficient payment ecosystem, has been vocal in its endorsement of Least Cost Routing. The RBA strongly supports the provision of least-cost routing functionality and has been actively and consistently monitoring the industry's efforts in making this feature universally accessible to merchants. Their vision is clear: provide merchants the flexibility to direct dual-network debit card transactions through the most cost-effective route, ensuring a tangible reduction in transaction expenses. The RBA clearly indicated that “all acquirers and payment facilitators that provide card acceptance services to merchants are expected to offer and promote Least Cost Routing to their merchants. Acquirers and payment facilitators are expected to report to the Bank every six months on their least-cost routing offerings, and on merchant take-up of least-cost routing.” Follow the link for more information about the RBA’s policies on Least Cost Routing (LCR) in Australia.
  • Does Least Cost Routing impact the speed or success rate of my transactions?
    The impact on speed and success rate can vary depending on the specific LCR system and how it's configured. In many cases, LCR can improve transaction speeds by selecting more efficient processing routes. IPSI Dynamic LCR capability means your transactions are evaluated online and in real time to ensure it does not impact the speed of your transactions. Our dynamic LCR capability also directs transactions to the best path that is most likely to process successfully with the least cost. This ensures the transactions are completed even when a payment link is broken.
  • Is Least Cost Routing secure?
    Security in LCR is a major consideration, as the process involves sensitive financial data. Reputable providers should offer LCR services built on secure platforms that adhere to all relevant industry security standards. IPSI's LCR service is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) and aligns with APRA's CPS234 security compliance standard. This gives your business an additional layer of assurance in terms of data security and integrity. You can be confident that your customers sensitive information is being handled with the utmost security and professionalism.
  • How can I implement Least Cost Routing in my business?
    To implement LCR, you typically need to work with a payment solutions provider that offers this service. The provider will help you set up and customize the LCR system to meet your specific business requirements. Our team at IPSI can walk you through the steps of getting LCR set up for your business.
  • Hosted IVR (Pay by Phone) solutions
    The IPSI IVR service is a highly customisable pay by phone service which is certified as Level 1 PCI DSS Compliant. The pay by phone platform can be customised to match existing data flows, scripts & look up functions, ensuring a seamless customer experience with excellent security. The Hosted service and can be deployed as a standalone service (i.e. replicates client in-house services) or as an integrated service whereby the IVR can integrate with client side IVR systems. As with all of our services, the IVR service is pre-integrated with all of the major banks in the region, thereby providing significant, end to end PCI DSS de-scoping.
  • AgentSecure contact centre PCI security service
    AgentSecure is a complete solution that can reduce your PCI DSS compliance scope by over 90%. AgentSecure uses a platform-as-a-service model which means it is a secure, cost effective and easy to deploy within Australia and overseas.
  • Credit card storage
    Level 1 PCI DSS certified data storage within Australia utilising state of the art data storage and recovery.
  • Multi-bank processing
    IPSI is connected to all of the major banks in this region with international capability, ensuring end to end payment processing and PCI DSS remediation.
  • IVRSecure service
    Leverage our advanced IVR technology to make on premise technology PCI DSS compliant in a cost effective manner using IPSI's IVRSecure service.
  • Compliant processing interfaces
    Extensive range of highly advanced PCI DSS compliant integration options.
  • Advanced and Highly Configurable
    As it with all of IPSI’s services its call center desktop payment pages and iFrames are customisable to meet individual customer requirements, branding, workflows and data exchange requirements. The service is level 1 PCI DSS compliant to the latest standards.
  • Multi-Bank Connectivity
    IPSI’s services are connected to all of the major banks, thereby offering our customers the benefits of strategic bank independence.
  • What is agent desktop workflow?
    Our cloud based desktop workflow solutions fits neatly within your current payment environment – while also ensuring cardholder data doesn’t enter your IT system. The key challenge for merchants is to find a partner with the experience, expertise and flexibility to adapt to specific call centre workflows. Our flexible solutions enable us to interoperate with existing desktop workflows, securing the call centre capture and then downstream payment processes without the need to store or process credit cards within the merchant’s environment.
  • Can AgentSecure® be used from home?
    Yes. AgentSecure® enables your call centre agents to work from home and to securely take payments without exposure to credit card data. No additional infrastructure is required other than a softphone to connect to your PBX or contact centre plus and access to the internet.
  • Why choose AgentSecure?
    AgentSecure® is level 1 PCI DSS certified product to help reduce your compliance scope for over the phone payments by around 90%. It integrates with existing telephone and payment service providers, is infinitely scalable and can be used within single or multiple sites in Australia or abroad. The product is based on state of the art technology with support provided by a local based team in Sydney. AgentSecure® is fully hosted in Australia with all associated data stores based within Australia. The “AgentSecure®” product addresses: The growing costs and complexity associated with in-house contact centre (Telephony Payments) security and compliance Customer service and agent assisted transactions 100% cloud-based service which prevents credit card data from entering your contact centre PCI DSS compliance Brand, customers and staff protection from fraud Negates the need to invest in additional call recording capabilities or payment gateway providers. Connect to any PABX/Contact Centre
  • What is AgentSecure?
    Taking credit card payments within contact centres presents many PCI DSS security compliance challenges and fraud risks. AgentSecure® is a PCI compliant solution that enables agents and office staff to process one-off and recurring payments in real time without the risks associated with exposure to sensitive credit card data. Using AgentSecure® , no credit card data enters your contact centre environment reducing PCI DSS compliance scope by around 90%. AgentSecure®® ensures no credit card data is seen, heard or processed by your agents. Customers enter card details via their phone keypad. This is secured using advanced DTMF Masking and card capture technology without any interruption to the communication channel between the agent and the customer. AgentSecure® provides a seamless payment experience, excellent customer service and higher payment success rates.
  • What are the benefits of AgentSecure®?
    With AgentSecure®, no card data enters your contact centre systems or is seen or heard by agents. This removes the risk of fraud and the loss of cardholder data as not part of the contact centre is exposed to payment card data. The key benefits are: Significant reduction in security and compliance costs Level 1 PCI DSS certified Enables agent assisted real-time payment capability Increased customer confidence and payment success rates Potential to reduce call handling times due to the improved payment experience DTMF masking to secure credit card details entered over the phone No need to pause any call recordings systems to meet recording compliance and monitor customer experience Includes advanced tokenisation for recurring back-end payment capability Agent stays on the call for the full duration of the call to assist with payment completion Improved customer service Removes the need for secure teams or secure rooms within a call centre to take payments One solution for your sites whether single or multiple, on or offshore Leveraging Australian technology and support, with Australian data residency Facilitates compliance with APRA CPS 234 and PCI DSS Compliance
  • How does AgentSecure® help with PCI DSS compliance?
    AgentSecure® is already Level 1 PCI DSS Certified which significantly reduces your costs of achieving PCI DSS compliance. This compliance is achieved by taking contact centre agents and systems out of PCI DSS compliance scope as credit card payment data is not seen or heard by your agents. With AgentSecure® there is no need to change existing call recording processes as it easily integrates with existing telephone and payment service providers. The service is flexible and can scale up or down to adapt to the changing needs of your business.
  • How do I know if I am PCI DSS compliant?
    If you answer NO to any of these questions, you may not be compliant. Has your hardware and IT systems been audited for credit card numbers in the last 6 months? Do you store customer credit card information within your IT system? Do your call centre agents hear credit card information from customers or are they hidden from them? Do you have controls in place that outline how you collect, process, store and transmit customer credit card information? PCI compliance can be a complicated process because of the comprehensive nature of its requirements. Compliance can be achieved by instituting a set of high-level goals that guide a company’s security policies. When these measurable goals are met, a QSA can determine if they have achieved PCI DSS compliance. Here is an example list of goals a company can pursue to achieve full compliance with PCI DSS: Create secure information systems and internal networks Maintain a program that manages vulnerabilities as they are discovered Monitor and test the security of company networks Create an information security policy and adhere to it Institute access control measures both internally and externally Encrypt customer information and restrict access to it
  • What is included in Cardholder Data?
    At a minimum, cardholder data includes the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: - Card holder name - Expiry date - Service Code
  • When is a company required to be PCI DSS compliant?
    The current PCI DSS v3.2.1 requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed or transmitted, PCI DSS requirements do not apply. Therefore if your company stores or transfers the PAN (Primary Account Number) which is usually the 16 digit credit card number itself in any way, even if it is only to transmit it directly to a real-time payment gateway, or perhaps restore it in some way, then your business must be PCI DSS compliant certified in its own right. The applicable PCI DSS criteria is as follows: Level 1 Visa and MasterCard World Wide transactions totalling 6 million per year, and any merchants who have experienced a data breach. Level 2 Visa and MasterCard transactions totalling 1 million to 6 million per year. Level 3 Visa and MasterCard e-commerce transactions totalling 20,000 to 1 million per year. Level 4 Visa and MasterCard e-commerce transactions totalling 1 to 20,000 per year. However, the new PCI DSS v4.0 requirements which will come into full effect from March 2024 will increase the scope of data protection from card data only to account data which includes Primary Account Number (PAN), cardholder data and authentication data.
  • Achieving PCI DSS Compliance
    Achieving PCI DSS compliance is an important part of trading in the digital economy. Whilst achieving PCI DSS compliance may seem daunting at first, it’s important to ensure that any payments taken via debit or credit cards are secure. PCI DSS compliance is achieved through an assessment performed by a certified PCI DSS Qualified Security Assessor (QSA). A QSA is an independent security organisation that has been qualified by the PCI Security Standards Council to validate an organisation’s adherence to the PCI DSS requirements. However, navigating the intricate maze of PCI DSS requirements is no easy task, often incurring significant resources and expenses. As a result, many companies opt to enlist the expertise of third-party service providers (TPSPs) like IPSI to efficiently and effectively manage this complex compliance journey. IPSI can help reduce up to 90% of merchants PCI DSS compliance obligations. Call 1300 975 630 or reach out to us if you want to know more about how IPSI can assist you become PCI DSS Compliant.
  • What is DTMF masking?
    DTMF stands for Dual-Tone Multi-Frequency, and it is how phone companies know what number is pressed when a customer touches the numbers on the telephone keypad. When a telephone keypad is used to input payment data such as a credit card, those tones can be intercepted by hackers to collect credit card information, unless DTMF masking is used. DTMF masking involves intercepting substituting (masking) the unique audible tones with flat tones so that people who hear the DTMF data cannot decipher the numbers. The masking software usually sits between the caller and the call centre (or contact centre) system and converts the DTMF tones to flat tones. IPSI uses DTMF masking for the AgentSecure® service.
  • How secure are phone payments?
    Phone payments are secure as long as the merchant receiving payments are PCI DSS compliant. To achieve PCI DSS compliance, the merchant must ensure that the contact centre agent who is receiving the payment from a customer does not see, hear or record the customer’s credit card data. By ensuring this occurs, the customer’s credit card information remains secure from fraud due to data breach or other criminal activity. The way PCI DSS compliance works is that the merchant must meet certain requirements for the storage, processing and transmission of credit card data. This also includes requirements for the people, processes and technologies a merchant uses to process payments. IPSI specialise in providing enterprise’s large and small with payments technology that is PCI DSS compliant and ensure’s any phone-based payments are collected in a PCI DSS compliant manner. A key product that allows us to do this is our contact centre solution AgentSecure®. AgentSecure® is a complete solution that enables agents and office staff to process one-off and recurring payments seamlessly in real-time without the risks associated with exposure to sensitive credit card data. With the AgentSecure® service, no credit card data enters your contact centre environment reducing PCI DSS compliance scope by 90%. AgentSecure® ensures no credit card data is seen, heard or processed by your agents. The caller enters their card details using the phone keypad secured with DTMF Masking without any interruption to the communication channel between the agent and the customer. Ensuring a seamless customer experience, excellent service and higher payment success rates.
  • I need your help, what do I do next?
    Simply call IP Solutions on 1300 975 630 and have a chat to one of our consultants. We will determine what the next steps for you should be.
  • What do I need to consider regarding mobile devices and tablets for employees in a store environment, as it relates to PCI compliance?
    One of the key things is to determine what the devices are going to be used for and whether or not they’ll be used to process transactions or have any payment card data processed through them or stored on them. If so, they will fall into scope for PCI compliance. Even being on the same network as systems that store, process or transmit payment card data will bring these devices into scope. While the PCI guidelines might not have specific requirements yet for every aspect of mobile applications and devices, they are clear around keeping cardholder data protected, wherever it may be. This is such a new area for many merchants that they aren’t properly addressing security issues or updating their employee guidelines or policies to deal with them adequately. You can’t take it for granted that employees will know what to do in a given situation or think about the ramifications of bringing their own devices into retail or working environments. Make them aware of the need for compliance and why it’s important to customers and to the business.
  • What is tokenisation?
    Tokenisation, in its simplest form, is another way of saying ‘data substitution’. It is the act of using a substitute value, or ‘token’, which has no inherent value, in the place of data that does have value. That way, if the system using tokens is compromised, it is the tokens that are taken, not the actual valuable data. Tokenisation works by taking the original data value and generating a substitute value, usually with a random number generator. The mapping between the original data and the token is maintained in a secure database. Obviously, with tokenisation, it is imperative to protect the database that contains the mappings between the original data and the tokens.
  • Does AgentSecure require special equipment to work from home?
    No. Special equipment is not required for call centre agents to use AgentSecure at home. All agents require is a softphone to connect with a PBX and access to the internet.
  • What can happen if I choose not to comply with the PCI DSS?
    If you choose not to comply with the PCI DSS then you risk: Potentially being fined by your acquiring bank Potentially being restricted from accepting credit cards as a payment method Greater risk of potential financial loss arising from security incidents A system compromise may potentially result in fines and/or restrictions. Whilst data breach reporting is not mandatory at this stage the OIAC does have powers to fine organisations for not adequately safeguarding client’s personal information.
  • How do I administer my transactions?
    Please login to the IP Solutions administration portal with your nominated user name and password. If you have forgotten your details you can retrieve your details via the login page forgotten details retrieval facility. (https://www.ippayments.com.au/crm/logon.aspx?x=ipsi) Alternatively email support at [email protected]
  • Where is my customer data held? Is it stored overseas?
    No, server infrastructure is housed within a number of Tier III standard (or higher) data centres. These data centres offer world-class facilities including temperature and humidity controls, earthquake protection and advanced fire control systems. The facilities are monitored 24 hours a day, 7 days a week, 365 days a year with multiple security layers including guards, CCTV, photo access cards, “man traps” and locked server cabinets. They are serviced by fault-tolerant and redundant power systems encompassing dual council power supplies and Uninterrupted Power Supply (UPS) filters with backup diesel generators.
  • What is the PCI DSS Attestation of Compliance?
    Your company must attest that it is complying with the Data Security Standard annually if it handles credit card data electronically. This involves delivering a package of two or three items: Self-Assessment Questionnaire Regular network or website scanning by an Approved Scanning Vendor (may not be required in some cases) and a Report on Compliance by a Qualified Security Assessor (only needed by the very largest companies) Attestation of Compliance There are 5 versions of the Attestation of Compliance, just as there are 5 versions of the Self-Assessment Questionnaire. If you qualify to use version A of the Questionnaire, use version A of the Attestation, etc.
  • How do I prove to my bank or my customers that my business is PCI compliant?
    Depending on the number of transactions performed annually, Merchants and Service Providers must conduct quarterly vulnerability scans and either fill out a Self-Assessment Questionnaire or have a Qualified Security Assessor (QSA) audit the business entity against the PCI DSS. Reach out to IPSI if you need to know more about PCI DSS Compliance and how we can help you.
  • What are the benefits of being PCI DSS compliant?
    By being PCI DSS compliant, you will protect your three most important assets, your brand, your customers and your cash flow. You will benefit by: Managing risk around identity theft and credit card fraud Boosting customer’s confidence in your security Increasing protection of customer’s data Avoiding penalties/fines imposed by banks or card companies Staying competitive in the marketplace Reducing the risk of negative cash flow impacts These requirements can seem daunting and overly technical at first. IP Solutions provides end to end eCommerce consultancy and security remediation services and we have years of experience in this area so contact us to simplify your PCI DSS journey.
  • What kinds of functions are performed as part of network management?
    Functions that are performed as part of network management include: Controlling, planning, deploying, and monitoring the resources of a network Network planning Configuration management Fault management Security management Patch management
  • If I implement a tokenisation solution, am I still required to comply with PCI DSS?
    Yes. However, Tokenisation has the ability to significantly reduce the scope and ongoing costs of PCI DSS compliance, thereby reducing time and money spent on securing the network environment on a day-to-day basis. However, according to the PCI DSS standard, every merchant must still validate their compliance and maintain compliance. To learn more about how tokenisation and IPSI can help with reducing your PCI DSS scope, reach out to IPSI.
  • What are the deadlines for complying with PCI DSS?
    Compliance is mandated by the payment card brands and for most merchants, the deadlines for validating compliance with the PCI DSS have already passed. You should check with your acquirer and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands.
  • How do I pay my invoices by Credit Card?
    To pay your invoice by credit card click here. Please note a surcharge of 1% applies to credit card payments.
  • If I use a payment processor for all of my credit card processing and storage do I still have to comply with the PCI DSS?
    As a merchant and the owner of the credit card merchant facility, in most cases yes. Contact your acquiring bank to determine their expectations of your business. If you are not PCI DSS Compliant, IPSI can provide a PCI DSS Certified payment processing solution that can be customised to meet your unique business requirements.
  • What is ‘PCI DSS’?
    PCI DSS is an abbreviation for Payment Card Industry Data Security Standard. Created by major credit card schemes, PCI DSS offers a set of global security standards to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Regular updates to this standard ensure it remains relevant and effective in thwarting emerging threats. The Payment Card Industry Standards Council is a worldwide forum founded by American Express, MasterCard, and Visa, Inc. Today, the Council includes all five of the major payment brands and other financial industry stakeholders. The PCI DSS standard is enforced by the payment brands themselves to ensure that transactions remain secure for both cardholders and the institutions that process their payments. PCI DSS v4.0 is the next evolution of the standard that will come into full effect from 31 March 2024. This provides organizations a transition time, to become familiar with the new version v4.0, and plan for and implement the changes needed.
  • What are context based payments?
    Context-based payment is a new business model designed to remove the physical act of payment from the payment experience. With context-based payments, the payment occurs in the background. The customer approves the payment but does not need to take out their wallet and hand over cash or a credit card. An excellent example of context-based payments is Uber. The customer doesn’t have to pay the driver; they merely exit the vehicle at the end of the trip. These type of payments remove friction, making the shopping experience very smooth for customers. When applied to other business categories such as retail we can foresee the significant impact this will have on the customer experience. A typical implementation within a retail environment would have the customer selecting items to purchase and then walking out without the need to take out a wallet, enter a PIN or inserting a card in Pos terminals. In this situation, the customer would have an application of their phone which activates when they enter the store based on GPS or other geo-location technology. This application would contain their secured payment information and also record products that have been selected for purchase. These products can be entered by scanning barcodes or through other tracking methods with the payment triggered when the customer exits the store. Many big platform companies such as Amazon with Amazon Go are already trialling technology and expect this trend expected to be the norm shortly.
  • How do you manage PCI DSS compliance for home based workers?
    IPSI’s contact centre solution, AgentSecure® allows contact centre agents to take payment securely if they are working from home or in the office. Home-based agents do not come into contact with credit card information when using AgentSecure® ensuring PCI DSS compliance is maintained.
  • What are the key requirements for PCI DSS compliance?
    PCI DSS has 12 requirements that organisations must meet in order to achieve PCI DSS compliance. The requirements are a set of security controls required to protect credit card data and comply with the Payment Card Industry Data Security Standard. The 12 requirements are: Install and maintain a firewall configuration to protect cardholder data. Do not use vendor-supplied defaults for system passwords and other security parameters. Protect stored cardholder data. Encrypt transmission of cardholder data across open, public networks. Use and regularly update antivirus software. Develop and maintain secure systems and applications. Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data. Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes. Maintain a policy that addresses information security. This list of requirements becomes the outline of a company’s PCI checklist as they bring their information and payment processing system into compliance.
  • How do I know if PCI DSS applies to my business?
    If your business accepts credit cards, whether over the internet or on paper, then PCI applies to your business. The general rule states that if you process, store or transmit cardholder data then you must adhere to the Payment Card Industry Data Security Standard. Regular updates to this standard ensure it remains relevant and effective in thwarting emerging threats, with the latest version to be PCI DSS v4.0 Keep checking our website to stay up to date.
  • Is IPSI a scheme approved payment gateway for Visa?
    Yes, IPSI’s payment gateway is a scheme approved gateway by Visa for PCI DSS services.
  • What is managed network security?
    Managed network security services are third-party service providers, solution providers or value-added resellers that can be hired to outsource tasks or processes related to network security. Outsourced responsibilities often include device management, monitoring and remediation; email security, including anti-spam, anti-malware and IP filtering; network intrusion detection and prevention; asset classification and change management; data leak protection, and the creation of access control policies.
  • Does AgentSecure® require additional equipment to access from home?
    There is no additional equipment or infrastructure required to access AgentSecure® from home. The agent only requires a softphone connected to your PBX and access to the internet.
  • What impact does AgentSecure® have on customer service?
    Agents that use AgentSecure® from the home environment are able to provide a customer experience that is the same as managing calls from a contact centre. Customers will not recognise if calls are taken at home by contact centre agents.
  • Can remote workers access AgentSecure® from home?
    Yes. Call centre agents who are required to work from home due to the Covid-19 pandemic or other, are able to access AgentSecure® from home and take payments securely. AgentSecure® retains the same functionality whether agents work from home or in the office.
  • What are the benefits of AgentSecure® when working from home?
    AgentSecure® improves payment security and customer service by ensuring agents can still process payments in real-time without the need to collect credit card details. The benefits include: Allow work from home agents to take payments over the phone securely. Conveys to your customers that you take the security of their data seriously. This, in turn, will improve customer confidence, payment success rates and cash flow. Maintain PCI DSS compliance. No additional complex equipment or infrastructure is required. The agent only requires a softphone to connect to your PBX and internet access. High levels of customer service are maintained as the agents maintain constant contact with customers regardless of location i.e., unlike traditional pay by phone (IVR) services the agent is in constant communication with the payer throughout the process and can guide them to process payments successfully. The product can interoperate with a range of telecommunications carriers. Requires minimal change to the customer experience with call centre staff being able to access AgentSecure® from home or the office. Staff members/agents will not hear, see or process credit card data, thereby enhancing security while minimising fraud exposure in-home office scenarios.
  • How does working from home impact PCI DSS compliance?
    AgentSecure® is certified Level 1 PCI DSS compliant. Agents will be PCI DSS compliant when using AgentSecure® while working from home as agents are not exposed to customer credit card data.
  • How does IVRSecure® work with my current IVR infrastructure?
    IVRSecure® is a cloud-based, modern IVR payments service that doesn’t require new IVR hardware. It allows you to modernise your current IVR payment handling as an add-on to your existing IVR systems.
  • What are the key benefits of IVRSecure®?
    IVRSecure® benefits: IVRSecure® enables compliance with APRA CPS 234 and PCI DSS security requirements Easy to deploy using API first approach Cost-effective as it doesn’t require new IVR hardware Reduces the costs, risks and lead times associated with security and compliance Allows companies to retain their existing infrastructure/capacity and workflow Reduces annual compliance costs It is Level 1 pre PCI DSS certified Delivers multi-bank connectivity, tokenisation and real-time payment processing Can be tailored to meet individual business requirements Australian data residency is assured IPSI’s IVRSecure®, AgentSecure®, and hosted IVR services can also be deployed to secure agent call centre based payment processes.
  • What is IVRSecure®?
    IVRSecure® is a PCI compliant IVR payments product that works with your current IVR infrastructure. Credit Card data, when obtained via IVR, must be handled in a PCI compliant manner. Many IVR systems do not adequately secure customer credit card data in a cost-effective way i.e. the costs of achieving and/or retaining compliance is very high. IVRSecure® provides organisations with significant cost savings by modernising current IVR payment infrastructure with advanced tokenisation and payment acceptance capability that ensure all credit card payments are processed in a PCI compliant manner.
  • Personally Identifiable Information (PII) scanning
    Personally identifiable information (PII) is any information that can be used to identify, contact or locate a single person. Our data discovery platform detects over 110 types of PII from over 50 countries. Information such as Medicare numbers, pay slips, address details, emails, computer IP addresses and of course credit card information fall under the heading of PII. Any data stored of this nature, must not be able to be identified against an individual as this type of information is a primary target for identity thieves.
  • Bank account scanning
    Bank account details are a primary target for identity thieves. Our data discovery tool can identify and secure customer bank account details stored on your systems.
  • Credit card scanning
    The first stage of PCI DSS compliance is knowing if and where any unsecured credit card data is stored across your organisation. Credit cards are a primary target for data thieves and any data that is not protected by encryption can be costly in the event of a data breach. Our data discovery tool was developed in co-operation with the payment card industry. It takes the guesswork out of knowing if your organisation is storing credit card data and gives complete visibility across your entire organisation, enabling you to prioritise resources and investment to achieve the best security outcome.
  • Custom sensitive data types
    If your business stores sensitive data like medical records, medicare numbers or other sensitive data types, you must ensure that this information is secure. Our data discovery tool will help ensure you comply with applicable privacy policies by ensuring that customer data is protected.
  • In-file data masking/ obfuscation
    Data masking allows personally identifiable information to be hidden from view so that it remains usable, but unable to be seen based on user permissions. This type of masking can be useful when certain data fields need to be hidden from view or ensure that sensitive data isn’t leaked into non-production areas such as development and testing environments.
  • Email and attachment deletion for Office 365 and Exchange
    Emails and attachments containing sensitive data that are removed from Office 365 and other email clients are easily recovered. Advanced secure email and attachment deletion for these email clients ensures that sensitive files are unable to be recovered.
  • Tokenization
    Protect sensitive data stored on-premise with IPSI’s advanced Level 1 PCI DSS certified cloud storage and tokenization solutions.
  • Encryption - AES/ strong cryptography
    Secure a data file within its existing location through encryption. This moves the file into an AES encrypted zip file.
  • Quarantine with Secure Delete
    An alternative to permanently deleting files is to quarantine them in a secure location, whilst ensuring the file is deleted from its original location. This option allows you to recover files from the secure location later.
  • Secure Delete
    Employees often assume that by deleting sensitive information and emptying a recycling bin, that files are permanently deleted. This is not the case. This type of deletion is classified as ‘weak’ and can easily be restored by a determined hacker using readily available software. “Secure Delete” ensures that any deletion of sensitive information is final, and unable to be recovered.
  • Strategic bank independence
    EnterpriseSecure® is a truly independent payments solution that connects with all of the major banks, Eftpos and credit card providers in Australia and New Zealand. Our capability extends to processing payments for larger clients in the United States, Europe and Asia. Given our multi-bank capabilities, customers benefit from greater choice and strategic bank independence
  • PCI DSS & APRA Security Compliant
    EnterpriseSecure® is level 1 PCI DSS compliant and aligns with APRA's CPS234 security compliance standard.
  • Customised dashboards, reporting & analytics
    All payment services incorporate advanced data consolidation, reporting and analytics. Enabling customers to access meaningful business intelligence in real time across products / brands / business units / banks and countries.
  • Control the customer experience
    Tailor the customer experience through a large selection of payments options and greater control of your payments platform with EnterpriseSecure®.
  • Accept payments your way
    EnterpriseSecure® was developed with merchants in mind. It delivers high levels of flexibility and control back to the merchant including high-level configuration and unique management features, ensuring deployment of payment gateway facilities in a manner that meets your business requirements.
  • Unique flexibility
    Have more flexibility and control in how you manage your customer’s digital journey, payment flows and processing costs. EnterpriseSecure® also allows you to customise and integrate with your legacy payment systems and combine multiple systems, tools and services into one. We evolve as your business requirements change.
  • Least-cost routing capability
    Least-cost routing is an important feature of EnterpriseSecure® allowing merchants the ability to manage transaction flow based on business rules and reduce processing costs.
  • Removes credit card storage requirements
    Tokenization removes the need to store credit card data for chargebacks customer service and recurring billing which reduces your PCI DSS compliance burden.
  • Flexible Multi-Format Tokens
    IPSI has one of the most flexible and advanced token capabilities available, with over ten token formats, aliases and the ability to customize additional token formats to suit individual use cases. Combined with advanced data notification options and use case configurations which can be tailored to meet the needs of individual customers across a range of channels such as mobile, IVR, web and batch. Tokenization, when designed properly, can deliver significant customer service benefits in terms or ease of use, repeat purchases and data security. The tokenization process is the same as the cloud with sensitive data replaced by a token and stored on-premise in a PCI compliant data storage location.
  • Tokenisation solutions (cloud)
    Tokenisation is the storage of card numbers / bank account or even PII data within IPSI's Level 1 PCI DSS certified cloud service. Payment card data is stored securely in the cloud whilst remaining accessible and protected from unauthorised access. This process allows your systems to continue to operate as though you had the original card number, while significantly reducing your risk and security compliance requirements. Organisations that must meet the requirements of PCI DSS are increasingly embracing the compliance benefits of tokenisation. The tokenization process is simple: IPSI provides a range of secure payment channels to accept and authorise credit card payments. The credit card data is replaced with a unique set of randomised numbers (tokens) and stores the data in a PCI DSS compliant environment within Australia (or overseas depending on the client). Original credit card data is removed from the merchant's database and the token is stored in its place, thereby significantly reducing a company's financial risk and security compliance costs. Any further transactions are transmitted using the token. IPSI's tokenisation capabilities have been tried and tested by Australia's largest corporations, are extremely advanced and flexible enough to meet the unique needs of individual clients.
  • Credit card, PII & bank a/c tokenization
    Sensitive data such as credit cards, personally identifiable information (PII) and bank accounts can all be stored securely using tokenization. Please speak with one of our consultants to ensure our solutions match your requirements.
  • Omni-channel tokenization layer
    When you accept payments from multiple channels, omni-channel tokenization technology gives you the flexibility to ensure cardholder data does not enter your system. IPSI offers a range of tokenization enabled payment channels with highly advanced tokenizing web services.
  • PCI DSS compliance reporting (scan based)
    Preparing reports for PCI DSS compliance can be time-consuming and costly. At IPSI we have the tools to streamline your PCI DSS reporting and reduce your compliance burden. Our service produces automated reports that take the pressure off staff and provide evidence of your PCI DSS compliance automatically across your environment.
  • Unique corporate PCI DSS service range
    At IPSI, we offer a complete range of PCI DSS services including advice on compliant managed services, receivables processing, tokenization, multi-bank payment processing, IVR, contact centre payment handling, data discovery software and customised corporate payment solutions.
  • Corporate Review, Analysis & Design consultancy
    Many companies continue to underestimate the cost, scope and lead time associated with achieving and maintaining PCI DSS Compliance. Specialist skills and expertise is required to co-ordinate and manage PCI DSS compliance projects and they involve complex process reengineering, third party interfaces, bank processing, data storage and security, audit and compliance, governance, customer support, cash flow and financial processes to name a few. But where do you start? That's where our Professional Services Consulting can help. Our team will help you maximise business security investments. We'll help you protect information assets against security threats and balance your risk profile with security spend to get the right balance between costs and benefits. Our Review, Analysis and Design process addresses: Review of end to end payment and security processes Identifying areas of improvement, security and business considerations Assess solution alternatives Solution recommendation Our consultants apply this same meticulous thinking to all Payments Projects as well. As a specialist provider of corporate payment solutions, we offer consultancy services which focus on streamlining existing payment and accounts receivables processes. Payment Process Reviews (PPR's) can offer significant business benefits to organisations over and the above our core PCI DSS security benefits. Payment Process Reviews focus on: Accelerated invoicing Improved cash flow Improved customer service Increased staff productivity Enhanced reporting and governance Reduced operating costs (particularly administration, reconciliation and support) Our consultants help you maximise the benefits and return on value from your investment in IPSI's Solutions products and services. It's just another way we protect your brand, your customers and your cash flow.
  • Level 1 certified payment gateway services
    All IPSI payment gateway services are Level 1 PCI DSS compliant and provide end-to-end solutions with multi-bank connectivity globally and enterprise-grade processing.

Data security remediation

Have you found unsecured data? What next? Delete, encrypt, migrate, tokenize and secure unsecured data with our remediation tools.

  • What is the difference between typical LCR and Dynamic LCR?
    Typical LCR allows merchants to determine how their transactions will be processed as a fixed option. Dynamic LCR evaluates each transaction online and in real-time and directs each transaction through the most cost-effective payment processor or payment route available at the time of the transaction. This means that the transaction will always be processed with the least cost option to the merchants and to be completed successfully, even when some payment links are broken. The implementation of dynamic least cost routing requires a sophisticated system like IPSI’s that can evaluate transaction costs across multiple channels in real time. IPSI’s Dynamic LCR capability provides real time decision and smart switching to direct transactions to the best path that is most likely to process successfully and with the least cost. This ensures the transactions are completed even when a payment link is broken.
  • Can Least Cost Routing be customized according to my business needs?
    Yes, a key feature of IPSI LCR is the ability to customise the routing behavour based on your specific business rules. IPSI’s highly innovative and highly flexible payment platform allows you to customise and integrate with your legacy payment systems to combine multiple systems, tools and services into one. We evolve as your business requirements change.
  • What are the benefits of using Least Cost Routing?
    The primary benefit of LCR is cost savings, as it ensures that each transaction is processed via the cheapest route. This can result in immediate saving that leads to substantial savings over time. Other potential benefits include improved transaction speeds and greater control over transaction routing. For further information about the benefits of Least Cost Routing, read our recent article "Unlock Savings: the benefits of Dynamic Least Cost Routing".
  • What is Least Cost Routing (LCR)?
    Least-cost routing (LCR), also known as merchant choice routing, offers significant advantages to businesses seeking to reduce their transaction costs. This initiative empowers merchants to determine how their debit card transactions are processed, allowing them to choose the most cost-effective option available, whether through eftpos or one of the other debit networks (Visa Debit or Debit Mastercard), assuming they are technically enabled to leverage this emerging capability. Moreover, Least Cost Routing introduces a healthy competitive dynamic among debit schemes. With merchants being able to selectively route transactions to the lowest-cost network, debit schemes face increased pressure to lower their fees, including interchange fees and scheme fees. For more information, read our article "What is Least Cost Routing of payments and its benefits to merchants?"
  • How much can I save by using Least Cost Routing?
    The savings can vary widely depending on factors such as your transaction volume, the range of transaction sizes, and the number of processing options available. A detailed analysis would be necessary to estimate potential savings for a specific business. A member of the IPSI team can assess what savings from dynamic least cost routing would look like for your business based on your specific business requirements and throughput. Contact us at [email protected] or call 1300 975 630 to discuss how we can help you unlock significant savings for your business.
  • What is the role of the Reserve Bank of Australia in promoting Least Cost Routing?
    The RBA, in its dedication to fostering a more equitable and efficient payment ecosystem, has been vocal in its endorsement of Least Cost Routing. The RBA strongly supports the provision of least-cost routing functionality and has been actively and consistently monitoring the industry's efforts in making this feature universally accessible to merchants. Their vision is clear: provide merchants the flexibility to direct dual-network debit card transactions through the most cost-effective route, ensuring a tangible reduction in transaction expenses. The RBA clearly indicated that “all acquirers and payment facilitators that provide card acceptance services to merchants are expected to offer and promote Least Cost Routing to their merchants. Acquirers and payment facilitators are expected to report to the Bank every six months on their least-cost routing offerings, and on merchant take-up of least-cost routing.” Follow the link for more information about the RBA’s policies on Least Cost Routing (LCR) in Australia.
  • Does Least Cost Routing impact the speed or success rate of my transactions?
    The impact on speed and success rate can vary depending on the specific LCR system and how it's configured. In many cases, LCR can improve transaction speeds by selecting more efficient processing routes. IPSI Dynamic LCR capability means your transactions are evaluated online and in real time to ensure it does not impact the speed of your transactions. Our dynamic LCR capability also directs transactions to the best path that is most likely to process successfully with the least cost. This ensures the transactions are completed even when a payment link is broken.
  • Is Least Cost Routing secure?
    Security in LCR is a major consideration, as the process involves sensitive financial data. Reputable providers should offer LCR services built on secure platforms that adhere to all relevant industry security standards. IPSI's LCR service is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) and aligns with APRA's CPS234 security compliance standard. This gives your business an additional layer of assurance in terms of data security and integrity. You can be confident that your customers sensitive information is being handled with the utmost security and professionalism.
  • How can I implement Least Cost Routing in my business?
    To implement LCR, you typically need to work with a payment solutions provider that offers this service. The provider will help you set up and customize the LCR system to meet your specific business requirements. Our team at IPSI can walk you through the steps of getting LCR set up for your business.
  • Hosted IVR (Pay by Phone) solutions
    The IPSI IVR service is a highly customisable pay by phone service which is certified as Level 1 PCI DSS Compliant. The pay by phone platform can be customised to match existing data flows, scripts & look up functions, ensuring a seamless customer experience with excellent security. The Hosted service and can be deployed as a standalone service (i.e. replicates client in-house services) or as an integrated service whereby the IVR can integrate with client side IVR systems. As with all of our services, the IVR service is pre-integrated with all of the major banks in the region, thereby providing significant, end to end PCI DSS de-scoping.
  • AgentSecure contact centre PCI security service
    AgentSecure is a complete solution that can reduce your PCI DSS compliance scope by over 90%. AgentSecure uses a platform-as-a-service model which means it is a secure, cost effective and easy to deploy within Australia and overseas.
  • Credit card storage
    Level 1 PCI DSS certified data storage within Australia utilising state of the art data storage and recovery.
  • Multi-bank processing
    IPSI is connected to all of the major banks in this region with international capability, ensuring end to end payment processing and PCI DSS remediation.
  • IVRSecure service
    Leverage our advanced IVR technology to make on premise technology PCI DSS compliant in a cost effective manner using IPSI's IVRSecure service.
  • Compliant processing interfaces
    Extensive range of highly advanced PCI DSS compliant integration options.
  • Advanced and Highly Configurable
    As it with all of IPSI’s services its call center desktop payment pages and iFrames are customisable to meet individual customer requirements, branding, workflows and data exchange requirements. The service is level 1 PCI DSS compliant to the latest standards.
  • Multi-Bank Connectivity
    IPSI’s services are connected to all of the major banks, thereby offering our customers the benefits of strategic bank independence.
  • What is agent desktop workflow?
    Our cloud based desktop workflow solutions fits neatly within your current payment environment – while also ensuring cardholder data doesn’t enter your IT system. The key challenge for merchants is to find a partner with the experience, expertise and flexibility to adapt to specific call centre workflows. Our flexible solutions enable us to interoperate with existing desktop workflows, securing the call centre capture and then downstream payment processes without the need to store or process credit cards within the merchant’s environment.
  • Can AgentSecure® be used from home?
    Yes. AgentSecure® enables your call centre agents to work from home and to securely take payments without exposure to credit card data. No additional infrastructure is required other than a softphone to connect to your PBX or contact centre plus and access to the internet.
  • Why choose AgentSecure?
    AgentSecure® is level 1 PCI DSS certified product to help reduce your compliance scope for over the phone payments by around 90%. It integrates with existing telephone and payment service providers, is infinitely scalable and can be used within single or multiple sites in Australia or abroad. The product is based on state of the art technology with support provided by a local based team in Sydney. AgentSecure® is fully hosted in Australia with all associated data stores based within Australia. The “AgentSecure®” product addresses: The growing costs and complexity associated with in-house contact centre (Telephony Payments) security and compliance Customer service and agent assisted transactions 100% cloud-based service which prevents credit card data from entering your contact centre PCI DSS compliance Brand, customers and staff protection from fraud Negates the need to invest in additional call recording capabilities or payment gateway providers. Connect to any PABX/Contact Centre
  • What is AgentSecure?
    Taking credit card payments within contact centres presents many PCI DSS security compliance challenges and fraud risks. AgentSecure® is a PCI compliant solution that enables agents and office staff to process one-off and recurring payments in real time without the risks associated with exposure to sensitive credit card data. Using AgentSecure® , no credit card data enters your contact centre environment reducing PCI DSS compliance scope by around 90%. AgentSecure®® ensures no credit card data is seen, heard or processed by your agents. Customers enter card details via their phone keypad. This is secured using advanced DTMF Masking and card capture technology without any interruption to the communication channel between the agent and the customer. AgentSecure® provides a seamless payment experience, excellent customer service and higher payment success rates.
  • What are the benefits of AgentSecure®?
    With AgentSecure®, no card data enters your contact centre systems or is seen or heard by agents. This removes the risk of fraud and the loss of cardholder data as not part of the contact centre is exposed to payment card data. The key benefits are: Significant reduction in security and compliance costs Level 1 PCI DSS certified Enables agent assisted real-time payment capability Increased customer confidence and payment success rates Potential to reduce call handling times due to the improved payment experience DTMF masking to secure credit card details entered over the phone No need to pause any call recordings systems to meet recording compliance and monitor customer experience Includes advanced tokenisation for recurring back-end payment capability Agent stays on the call for the full duration of the call to assist with payment completion Improved customer service Removes the need for secure teams or secure rooms within a call centre to take payments One solution for your sites whether single or multiple, on or offshore Leveraging Australian technology and support, with Australian data residency Facilitates compliance with APRA CPS 234 and PCI DSS Compliance
  • How does AgentSecure® help with PCI DSS compliance?
    AgentSecure® is already Level 1 PCI DSS Certified which significantly reduces your costs of achieving PCI DSS compliance. This compliance is achieved by taking contact centre agents and systems out of PCI DSS compliance scope as credit card payment data is not seen or heard by your agents. With AgentSecure® there is no need to change existing call recording processes as it easily integrates with existing telephone and payment service providers. The service is flexible and can scale up or down to adapt to the changing needs of your business.
  • How do I know if I am PCI DSS compliant?
    If you answer NO to any of these questions, you may not be compliant. Has your hardware and IT systems been audited for credit card numbers in the last 6 months? Do you store customer credit card information within your IT system? Do your call centre agents hear credit card information from customers or are they hidden from them? Do you have controls in place that outline how you collect, process, store and transmit customer credit card information? PCI compliance can be a complicated process because of the comprehensive nature of its requirements. Compliance can be achieved by instituting a set of high-level goals that guide a company’s security policies. When these measurable goals are met, a QSA can determine if they have achieved PCI DSS compliance. Here is an example list of goals a company can pursue to achieve full compliance with PCI DSS: Create secure information systems and internal networks Maintain a program that manages vulnerabilities as they are discovered Monitor and test the security of company networks Create an information security policy and adhere to it Institute access control measures both internally and externally Encrypt customer information and restrict access to it
  • What is included in Cardholder Data?
    At a minimum, cardholder data includes the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: - Card holder name - Expiry date - Service Code
  • When is a company required to be PCI DSS compliant?
    The current PCI DSS v3.2.1 requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed or transmitted, PCI DSS requirements do not apply. Therefore if your company stores or transfers the PAN (Primary Account Number) which is usually the 16 digit credit card number itself in any way, even if it is only to transmit it directly to a real-time payment gateway, or perhaps restore it in some way, then your business must be PCI DSS compliant certified in its own right. The applicable PCI DSS criteria is as follows: Level 1 Visa and MasterCard World Wide transactions totalling 6 million per year, and any merchants who have experienced a data breach. Level 2 Visa and MasterCard transactions totalling 1 million to 6 million per year. Level 3 Visa and MasterCard e-commerce transactions totalling 20,000 to 1 million per year. Level 4 Visa and MasterCard e-commerce transactions totalling 1 to 20,000 per year. However, the new PCI DSS v4.0 requirements which will come into full effect from March 2024 will increase the scope of data protection from card data only to account data which includes Primary Account Number (PAN), cardholder data and authentication data.
  • Achieving PCI DSS Compliance
    Achieving PCI DSS compliance is an important part of trading in the digital economy. Whilst achieving PCI DSS compliance may seem daunting at first, it’s important to ensure that any payments taken via debit or credit cards are secure. PCI DSS compliance is achieved through an assessment performed by a certified PCI DSS Qualified Security Assessor (QSA). A QSA is an independent security organisation that has been qualified by the PCI Security Standards Council to validate an organisation’s adherence to the PCI DSS requirements. However, navigating the intricate maze of PCI DSS requirements is no easy task, often incurring significant resources and expenses. As a result, many companies opt to enlist the expertise of third-party service providers (TPSPs) like IPSI to efficiently and effectively manage this complex compliance journey. IPSI can help reduce up to 90% of merchants PCI DSS compliance obligations. Call 1300 975 630 or reach out to us if you want to know more about how IPSI can assist you become PCI DSS Compliant.
  • What is DTMF masking?
    DTMF stands for Dual-Tone Multi-Frequency, and it is how phone companies know what number is pressed when a customer touches the numbers on the telephone keypad. When a telephone keypad is used to input payment data such as a credit card, those tones can be intercepted by hackers to collect credit card information, unless DTMF masking is used. DTMF masking involves intercepting substituting (masking) the unique audible tones with flat tones so that people who hear the DTMF data cannot decipher the numbers. The masking software usually sits between the caller and the call centre (or contact centre) system and converts the DTMF tones to flat tones. IPSI uses DTMF masking for the AgentSecure® service.
  • How secure are phone payments?
    Phone payments are secure as long as the merchant receiving payments are PCI DSS compliant. To achieve PCI DSS compliance, the merchant must ensure that the contact centre agent who is receiving the payment from a customer does not see, hear or record the customer’s credit card data. By ensuring this occurs, the customer’s credit card information remains secure from fraud due to data breach or other criminal activity. The way PCI DSS compliance works is that the merchant must meet certain requirements for the storage, processing and transmission of credit card data. This also includes requirements for the people, processes and technologies a merchant uses to process payments. IPSI specialise in providing enterprise’s large and small with payments technology that is PCI DSS compliant and ensure’s any phone-based payments are collected in a PCI DSS compliant manner. A key product that allows us to do this is our contact centre solution AgentSecure®. AgentSecure® is a complete solution that enables agents and office staff to process one-off and recurring payments seamlessly in real-time without the risks associated with exposure to sensitive credit card data. With the AgentSecure® service, no credit card data enters your contact centre environment reducing PCI DSS compliance scope by 90%. AgentSecure® ensures no credit card data is seen, heard or processed by your agents. The caller enters their card details using the phone keypad secured with DTMF Masking without any interruption to the communication channel between the agent and the customer. Ensuring a seamless customer experience, excellent service and higher payment success rates.
  • I need your help, what do I do next?
    Simply call IP Solutions on 1300 975 630 and have a chat to one of our consultants. We will determine what the next steps for you should be.
  • What do I need to consider regarding mobile devices and tablets for employees in a store environment, as it relates to PCI compliance?
    One of the key things is to determine what the devices are going to be used for and whether or not they’ll be used to process transactions or have any payment card data processed through them or stored on them. If so, they will fall into scope for PCI compliance. Even being on the same network as systems that store, process or transmit payment card data will bring these devices into scope. While the PCI guidelines might not have specific requirements yet for every aspect of mobile applications and devices, they are clear around keeping cardholder data protected, wherever it may be. This is such a new area for many merchants that they aren’t properly addressing security issues or updating their employee guidelines or policies to deal with them adequately. You can’t take it for granted that employees will know what to do in a given situation or think about the ramifications of bringing their own devices into retail or working environments. Make them aware of the need for compliance and why it’s important to customers and to the business.
  • What is tokenisation?
    Tokenisation, in its simplest form, is another way of saying ‘data substitution’. It is the act of using a substitute value, or ‘token’, which has no inherent value, in the place of data that does have value. That way, if the system using tokens is compromised, it is the tokens that are taken, not the actual valuable data. Tokenisation works by taking the original data value and generating a substitute value, usually with a random number generator. The mapping between the original data and the token is maintained in a secure database. Obviously, with tokenisation, it is imperative to protect the database that contains the mappings between the original data and the tokens.
  • Does AgentSecure require special equipment to work from home?
    No. Special equipment is not required for call centre agents to use AgentSecure at home. All agents require is a softphone to connect with a PBX and access to the internet.
  • What can happen if I choose not to comply with the PCI DSS?
    If you choose not to comply with the PCI DSS then you risk: Potentially being fined by your acquiring bank Potentially being restricted from accepting credit cards as a payment method Greater risk of potential financial loss arising from security incidents A system compromise may potentially result in fines and/or restrictions. Whilst data breach reporting is not mandatory at this stage the OIAC does have powers to fine organisations for not adequately safeguarding client’s personal information.
  • How do I administer my transactions?
    Please login to the IP Solutions administration portal with your nominated user name and password. If you have forgotten your details you can retrieve your details via the login page forgotten details retrieval facility. (https://www.ippayments.com.au/crm/logon.aspx?x=ipsi) Alternatively email support at [email protected]
  • Where is my customer data held? Is it stored overseas?
    No, server infrastructure is housed within a number of Tier III standard (or higher) data centres. These data centres offer world-class facilities including temperature and humidity controls, earthquake protection and advanced fire control systems. The facilities are monitored 24 hours a day, 7 days a week, 365 days a year with multiple security layers including guards, CCTV, photo access cards, “man traps” and locked server cabinets. They are serviced by fault-tolerant and redundant power systems encompassing dual council power supplies and Uninterrupted Power Supply (UPS) filters with backup diesel generators.
  • What is the PCI DSS Attestation of Compliance?
    Your company must attest that it is complying with the Data Security Standard annually if it handles credit card data electronically. This involves delivering a package of two or three items: Self-Assessment Questionnaire Regular network or website scanning by an Approved Scanning Vendor (may not be required in some cases) and a Report on Compliance by a Qualified Security Assessor (only needed by the very largest companies) Attestation of Compliance There are 5 versions of the Attestation of Compliance, just as there are 5 versions of the Self-Assessment Questionnaire. If you qualify to use version A of the Questionnaire, use version A of the Attestation, etc.
  • How do I prove to my bank or my customers that my business is PCI compliant?
    Depending on the number of transactions performed annually, Merchants and Service Providers must conduct quarterly vulnerability scans and either fill out a Self-Assessment Questionnaire or have a Qualified Security Assessor (QSA) audit the business entity against the PCI DSS. Reach out to IPSI if you need to know more about PCI DSS Compliance and how we can help you.
  • What are the benefits of being PCI DSS compliant?
    By being PCI DSS compliant, you will protect your three most important assets, your brand, your customers and your cash flow. You will benefit by: Managing risk around identity theft and credit card fraud Boosting customer’s confidence in your security Increasing protection of customer’s data Avoiding penalties/fines imposed by banks or card companies Staying competitive in the marketplace Reducing the risk of negative cash flow impacts These requirements can seem daunting and overly technical at first. IP Solutions provides end to end eCommerce consultancy and security remediation services and we have years of experience in this area so contact us to simplify your PCI DSS journey.
  • What kinds of functions are performed as part of network management?
    Functions that are performed as part of network management include: Controlling, planning, deploying, and monitoring the resources of a network Network planning Configuration management Fault management Security management Patch management
  • If I implement a tokenisation solution, am I still required to comply with PCI DSS?
    Yes. However, Tokenisation has the ability to significantly reduce the scope and ongoing costs of PCI DSS compliance, thereby reducing time and money spent on securing the network environment on a day-to-day basis. However, according to the PCI DSS standard, every merchant must still validate their compliance and maintain compliance. To learn more about how tokenisation and IPSI can help with reducing your PCI DSS scope, reach out to IPSI.
  • What are the deadlines for complying with PCI DSS?
    Compliance is mandated by the payment card brands and for most merchants, the deadlines for validating compliance with the PCI DSS have already passed. You should check with your acquirer and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands.
  • How do I pay my invoices by Credit Card?
    To pay your invoice by credit card click here. Please note a surcharge of 1% applies to credit card payments.
  • If I use a payment processor for all of my credit card processing and storage do I still have to comply with the PCI DSS?
    As a merchant and the owner of the credit card merchant facility, in most cases yes. Contact your acquiring bank to determine their expectations of your business. If you are not PCI DSS Compliant, IPSI can provide a PCI DSS Certified payment processing solution that can be customised to meet your unique business requirements.
  • What is ‘PCI DSS’?
    PCI DSS is an abbreviation for Payment Card Industry Data Security Standard. Created by major credit card schemes, PCI DSS offers a set of global security standards to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Regular updates to this standard ensure it remains relevant and effective in thwarting emerging threats. The Payment Card Industry Standards Council is a worldwide forum founded by American Express, MasterCard, and Visa, Inc. Today, the Council includes all five of the major payment brands and other financial industry stakeholders. The PCI DSS standard is enforced by the payment brands themselves to ensure that transactions remain secure for both cardholders and the institutions that process their payments. PCI DSS v4.0 is the next evolution of the standard that will come into full effect from 31 March 2024. This provides organizations a transition time, to become familiar with the new version v4.0, and plan for and implement the changes needed.
  • What are context based payments?
    Context-based payment is a new business model designed to remove the physical act of payment from the payment experience. With context-based payments, the payment occurs in the background. The customer approves the payment but does not need to take out their wallet and hand over cash or a credit card. An excellent example of context-based payments is Uber. The customer doesn’t have to pay the driver; they merely exit the vehicle at the end of the trip. These type of payments remove friction, making the shopping experience very smooth for customers. When applied to other business categories such as retail we can foresee the significant impact this will have on the customer experience. A typical implementation within a retail environment would have the customer selecting items to purchase and then walking out without the need to take out a wallet, enter a PIN or inserting a card in Pos terminals. In this situation, the customer would have an application of their phone which activates when they enter the store based on GPS or other geo-location technology. This application would contain their secured payment information and also record products that have been selected for purchase. These products can be entered by scanning barcodes or through other tracking methods with the payment triggered when the customer exits the store. Many big platform companies such as Amazon with Amazon Go are already trialling technology and expect this trend expected to be the norm shortly.
  • How do you manage PCI DSS compliance for home based workers?
    IPSI’s contact centre solution, AgentSecure® allows contact centre agents to take payment securely if they are working from home or in the office. Home-based agents do not come into contact with credit card information when using AgentSecure® ensuring PCI DSS compliance is maintained.
  • What are the key requirements for PCI DSS compliance?
    PCI DSS has 12 requirements that organisations must meet in order to achieve PCI DSS compliance. The requirements are a set of security controls required to protect credit card data and comply with the Payment Card Industry Data Security Standard. The 12 requirements are: Install and maintain a firewall configuration to protect cardholder data. Do not use vendor-supplied defaults for system passwords and other security parameters. Protect stored cardholder data. Encrypt transmission of cardholder data across open, public networks. Use and regularly update antivirus software. Develop and maintain secure systems and applications. Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data. Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes. Maintain a policy that addresses information security. This list of requirements becomes the outline of a company’s PCI checklist as they bring their information and payment processing system into compliance.
  • How do I know if PCI DSS applies to my business?
    If your business accepts credit cards, whether over the internet or on paper, then PCI applies to your business. The general rule states that if you process, store or transmit cardholder data then you must adhere to the Payment Card Industry Data Security Standard. Regular updates to this standard ensure it remains relevant and effective in thwarting emerging threats, with the latest version to be PCI DSS v4.0 Keep checking our website to stay up to date.
  • Is IPSI a scheme approved payment gateway for Visa?
    Yes, IPSI’s payment gateway is a scheme approved gateway by Visa for PCI DSS services.
  • What is managed network security?
    Managed network security services are third-party service providers, solution providers or value-added resellers that can be hired to outsource tasks or processes related to network security. Outsourced responsibilities often include device management, monitoring and remediation; email security, including anti-spam, anti-malware and IP filtering; network intrusion detection and prevention; asset classification and change management; data leak protection, and the creation of access control policies.
  • Does AgentSecure® require additional equipment to access from home?
    There is no additional equipment or infrastructure required to access AgentSecure® from home. The agent only requires a softphone connected to your PBX and access to the internet.
  • What impact does AgentSecure® have on customer service?
    Agents that use AgentSecure® from the home environment are able to provide a customer experience that is the same as managing calls from a contact centre. Customers will not recognise if calls are taken at home by contact centre agents.
  • Can remote workers access AgentSecure® from home?
    Yes. Call centre agents who are required to work from home due to the Covid-19 pandemic or other, are able to access AgentSecure® from home and take payments securely. AgentSecure® retains the same functionality whether agents work from home or in the office.
  • What are the benefits of AgentSecure® when working from home?
    AgentSecure® improves payment security and customer service by ensuring agents can still process payments in real-time without the need to collect credit card details. The benefits include: Allow work from home agents to take payments over the phone securely. Conveys to your customers that you take the security of their data seriously. This, in turn, will improve customer confidence, payment success rates and cash flow. Maintain PCI DSS compliance. No additional complex equipment or infrastructure is required. The agent only requires a softphone to connect to your PBX and internet access. High levels of customer service are maintained as the agents maintain constant contact with customers regardless of location i.e., unlike traditional pay by phone (IVR) services the agent is in constant communication with the payer throughout the process and can guide them to process payments successfully. The product can interoperate with a range of telecommunications carriers. Requires minimal change to the customer experience with call centre staff being able to access AgentSecure® from home or the office. Staff members/agents will not hear, see or process credit card data, thereby enhancing security while minimising fraud exposure in-home office scenarios.
  • How does working from home impact PCI DSS compliance?
    AgentSecure® is certified Level 1 PCI DSS compliant. Agents will be PCI DSS compliant when using AgentSecure® while working from home as agents are not exposed to customer credit card data.
  • How does IVRSecure® work with my current IVR infrastructure?
    IVRSecure® is a cloud-based, modern IVR payments service that doesn’t require new IVR hardware. It allows you to modernise your current IVR payment handling as an add-on to your existing IVR systems.
  • What are the key benefits of IVRSecure®?
    IVRSecure® benefits: IVRSecure® enables compliance with APRA CPS 234 and PCI DSS security requirements Easy to deploy using API first approach Cost-effective as it doesn’t require new IVR hardware Reduces the costs, risks and lead times associated with security and compliance Allows companies to retain their existing infrastructure/capacity and workflow Reduces annual compliance costs It is Level 1 pre PCI DSS certified Delivers multi-bank connectivity, tokenisation and real-time payment processing Can be tailored to meet individual business requirements Australian data residency is assured IPSI’s IVRSecure®, AgentSecure®, and hosted IVR services can also be deployed to secure agent call centre based payment processes.
  • What is IVRSecure®?
    IVRSecure® is a PCI compliant IVR payments product that works with your current IVR infrastructure. Credit Card data, when obtained via IVR, must be handled in a PCI compliant manner. Many IVR systems do not adequately secure customer credit card data in a cost-effective way i.e. the costs of achieving and/or retaining compliance is very high. IVRSecure® provides organisations with significant cost savings by modernising current IVR payment infrastructure with advanced tokenisation and payment acceptance capability that ensure all credit card payments are processed in a PCI compliant manner.
  • Personally Identifiable Information (PII) scanning
    Personally identifiable information (PII) is any information that can be used to identify, contact or locate a single person. Our data discovery platform detects over 110 types of PII from over 50 countries. Information such as Medicare numbers, pay slips, address details, emails, computer IP addresses and of course credit card information fall under the heading of PII. Any data stored of this nature, must not be able to be identified against an individual as this type of information is a primary target for identity thieves.
  • Bank account scanning
    Bank account details are a primary target for identity thieves. Our data discovery tool can identify and secure customer bank account details stored on your systems.
  • Credit card scanning
    The first stage of PCI DSS compliance is knowing if and where any unsecured credit card data is stored across your organisation. Credit cards are a primary target for data thieves and any data that is not protected by encryption can be costly in the event of a data breach. Our data discovery tool was developed in co-operation with the payment card industry. It takes the guesswork out of knowing if your organisation is storing credit card data and gives complete visibility across your entire organisation, enabling you to prioritise resources and investment to achieve the best security outcome.
  • Custom sensitive data types
    If your business stores sensitive data like medical records, medicare numbers or other sensitive data types, you must ensure that this information is secure. Our data discovery tool will help ensure you comply with applicable privacy policies by ensuring that customer data is protected.
  • In-file data masking/ obfuscation
    Data masking allows personally identifiable information to be hidden from view so that it remains usable, but unable to be seen based on user permissions. This type of masking can be useful when certain data fields need to be hidden from view or ensure that sensitive data isn’t leaked into non-production areas such as development and testing environments.
  • Email and attachment deletion for Office 365 and Exchange
    Emails and attachments containing sensitive data that are removed from Office 365 and other email clients are easily recovered. Advanced secure email and attachment deletion for these email clients ensures that sensitive files are unable to be recovered.
  • Tokenization
    Protect sensitive data stored on-premise with IPSI’s advanced Level 1 PCI DSS certified cloud storage and tokenization solutions.
  • Encryption - AES/ strong cryptography
    Secure a data file within its existing location through encryption. This moves the file into an AES encrypted zip file.
  • Quarantine with Secure Delete
    An alternative to permanently deleting files is to quarantine them in a secure location, whilst ensuring the file is deleted from its original location. This option allows you to recover files from the secure location later.
  • Secure Delete
    Employees often assume that by deleting sensitive information and emptying a recycling bin, that files are permanently deleted. This is not the case. This type of deletion is classified as ‘weak’ and can easily be restored by a determined hacker using readily available software. “Secure Delete” ensures that any deletion of sensitive information is final, and unable to be recovered.
  • Strategic bank independence
    EnterpriseSecure® is a truly independent payments solution that connects with all of the major banks, Eftpos and credit card providers in Australia and New Zealand. Our capability extends to processing payments for larger clients in the United States, Europe and Asia. Given our multi-bank capabilities, customers benefit from greater choice and strategic bank independence
  • PCI DSS & APRA Security Compliant
    EnterpriseSecure® is level 1 PCI DSS compliant and aligns with APRA's CPS234 security compliance standard.
  • Customised dashboards, reporting & analytics
    All payment services incorporate advanced data consolidation, reporting and analytics. Enabling customers to access meaningful business intelligence in real time across products / brands / business units / banks and countries.
  • Control the customer experience
    Tailor the customer experience through a large selection of payments options and greater control of your payments platform with EnterpriseSecure®.
  • Accept payments your way
    EnterpriseSecure® was developed with merchants in mind. It delivers high levels of flexibility and control back to the merchant including high-level configuration and unique management features, ensuring deployment of payment gateway facilities in a manner that meets your business requirements.
  • Unique flexibility
    Have more flexibility and control in how you manage your customer’s digital journey, payment flows and processing costs. EnterpriseSecure® also allows you to customise and integrate with your legacy payment systems and combine multiple systems, tools and services into one. We evolve as your business requirements change.
  • Least-cost routing capability
    Least-cost routing is an important feature of EnterpriseSecure® allowing merchants the ability to manage transaction flow based on business rules and reduce processing costs.
  • Removes credit card storage requirements
    Tokenization removes the need to store credit card data for chargebacks customer service and recurring billing which reduces your PCI DSS compliance burden.
  • Flexible Multi-Format Tokens
    IPSI has one of the most flexible and advanced token capabilities available, with over ten token formats, aliases and the ability to customize additional token formats to suit individual use cases. Combined with advanced data notification options and use case configurations which can be tailored to meet the needs of individual customers across a range of channels such as mobile, IVR, web and batch. Tokenization, when designed properly, can deliver significant customer service benefits in terms or ease of use, repeat purchases and data security. The tokenization process is the same as the cloud with sensitive data replaced by a token and stored on-premise in a PCI compliant data storage location.
  • Tokenisation solutions (cloud)
    Tokenisation is the storage of card numbers / bank account or even PII data within IPSI's Level 1 PCI DSS certified cloud service. Payment card data is stored securely in the cloud whilst remaining accessible and protected from unauthorised access. This process allows your systems to continue to operate as though you had the original card number, while significantly reducing your risk and security compliance requirements. Organisations that must meet the requirements of PCI DSS are increasingly embracing the compliance benefits of tokenisation. The tokenization process is simple: IPSI provides a range of secure payment channels to accept and authorise credit card payments. The credit card data is replaced with a unique set of randomised numbers (tokens) and stores the data in a PCI DSS compliant environment within Australia (or overseas depending on the client). Original credit card data is removed from the merchant's database and the token is stored in its place, thereby significantly reducing a company's financial risk and security compliance costs. Any further transactions are transmitted using the token. IPSI's tokenisation capabilities have been tried and tested by Australia's largest corporations, are extremely advanced and flexible enough to meet the unique needs of individual clients.
  • Credit card, PII & bank a/c tokenization
    Sensitive data such as credit cards, personally identifiable information (PII) and bank accounts can all be stored securely using tokenization. Please speak with one of our consultants to ensure our solutions match your requirements.
  • Omni-channel tokenization layer
    When you accept payments from multiple channels, omni-channel tokenization technology gives you the flexibility to ensure cardholder data does not enter your system. IPSI offers a range of tokenization enabled payment channels with highly advanced tokenizing web services.
  • PCI DSS compliance reporting (scan based)
    Preparing reports for PCI DSS compliance can be time-consuming and costly. At IPSI we have the tools to streamline your PCI DSS reporting and reduce your compliance burden. Our service produces automated reports that take the pressure off staff and provide evidence of your PCI DSS compliance automatically across your environment.
  • Unique corporate PCI DSS service range
    At IPSI, we offer a complete range of PCI DSS services including advice on compliant managed services, receivables processing, tokenization, multi-bank payment processing, IVR, contact centre payment handling, data discovery software and customised corporate payment solutions.
  • Corporate Review, Analysis & Design consultancy
    Many companies continue to underestimate the cost, scope and lead time associated with achieving and maintaining PCI DSS Compliance. Specialist skills and expertise is required to co-ordinate and manage PCI DSS compliance projects and they involve complex process reengineering, third party interfaces, bank processing, data storage and security, audit and compliance, governance, customer support, cash flow and financial processes to name a few. But where do you start? That's where our Professional Services Consulting can help. Our team will help you maximise business security investments. We'll help you protect information assets against security threats and balance your risk profile with security spend to get the right balance between costs and benefits. Our Review, Analysis and Design process addresses: Review of end to end payment and security processes Identifying areas of improvement, security and business considerations Assess solution alternatives Solution recommendation Our consultants apply this same meticulous thinking to all Payments Projects as well. As a specialist provider of corporate payment solutions, we offer consultancy services which focus on streamlining existing payment and accounts receivables processes. Payment Process Reviews (PPR's) can offer significant business benefits to organisations over and the above our core PCI DSS security benefits. Payment Process Reviews focus on: Accelerated invoicing Improved cash flow Improved customer service Increased staff productivity Enhanced reporting and governance Reduced operating costs (particularly administration, reconciliation and support) Our consultants help you maximise the benefits and return on value from your investment in IPSI's Solutions products and services. It's just another way we protect your brand, your customers and your cash flow.
  • Level 1 certified payment gateway services
    All IPSI payment gateway services are Level 1 PCI DSS compliant and provide end-to-end solutions with multi-bank connectivity globally and enterprise-grade processing.
Data security
APRA-ebook-image-870x570.jpg

Extensive scanning reach

Our Enterprise grade discovery tool is built to search an extensive range of operating systems, database servers, cloud systems and email servers.

Search multiple email client and server formats including:

  • Live Email Server Support

  • Search any Gmail, Lotus Notes email server

  • Includes ability to search individual user mailboxes

  • Live Exchange via MAPI including Delete Remediation

  • Office 365 Exchange via EWS including Delete Remediation

  • Existing automatic file-based detection of email on workstations and servers

  • Multiple mail client storage formats supported.

Our platform is built to search a wide arrange of target types including:
 

Cloud storage support

  • Google Drive, Calendar, and Tasks

  • Amazon (AWS) S3 storage and Microsoft Azure Storage

  • Dropbox, Box.net and Microsoft OneDrive for Office 365
     

Website storage support

  • Crawl any accessible URL path

  • Useful for corporate portals and intranets
     

Network scanning

  • Built-in native remote file sharing client

  • Configurable user credentials for different SAN / NAS devices

  • Ability to limit bandwidth usage

Know Your Data

IPSI are an Authorised Re-seller of GroundLabs EnterpriseRecon, contact us for a no obligation Proof of Concept Trial and preferential pricing.

APRA ebook
ebooks

Latest Trends in Enterprise Payments Report

Discover 8 key trends set to impact Enterprise Payment in the future. 
bottom of page