Case Study – Municipality
Our municipal client sought a solution that would enable them to accept credit card payments from their customers in a PCI-compliant manner, thereby minimizing their PCI scope. A significant challenge was facilitating card collection over the phone, providing transaction guidance, and ensuring availability during off-hours through an unassisted IVR system. Despite offering online payment options, a substantial number of their customers preferred calling in for added convenience and comfort.
Upon collecting the credit card information, the client had to process both the bill fees and a standard service fee. The complexity arose as both charges, although appearing on the same invoice, needed to be directed to different merchant accounts.
Identifying the collection method was straightforward for this client. They required our attended IVR and the HostedPCI iFrame to collect credit cards through two distinct avenues while consolidating all the cards within a single vault. The HostedPCI IVR solution facilitated a three-way conference call, allowing the agent to stay on the line while the customer entered the credit card information through the DTMF tones. This approach enhanced the customer experience by maintaining a comfortable interaction. To uphold PCI compliance, the IVR system introduced additional tones to salt the credit card information, keeping both the agent and any recording device out of scope. Additionally, an unattended IVR system was employed during off-hours, utilizing the same HostedPCI IVR system to initiate and conference the call.
The final collection method incorporated was the HostedPCI iFrame, which could be seamlessly embedded into the client’s checkout page. This allowed the client to manage the entire transaction process without internally handling the credit card information. The iFrame tokenized the credit card directly from the browser, providing the client with a secure and reusable token compatible with various third-party gateways.
After addressing the collection challenges, HostedPCI was entrusted with devising a solution for their diverse payment processing needs. Given that our client collaborated with multiple vendors for payment processing, they needed the capability to send real-time payments through specific gateways and batch file uploads to additional third-party processors in unique scenarios. HostedPCI proudly offered support for multiple gateways at no additional cost, allowing the merchant to manage a single token. For batch file processing, we enabled the merchant to upload real credit card files to designated SFTP locations for third-party retrieval.
The municipality, upon collecting the credit card, had to split the transaction into two: one for the bill fees and the other for the service charge applied to every invoice. HostedPCI’s advantage is the unlimited number of gateways or merchant connections within a single vault at no extra charge. The client sends the first payment request for the bill amount through our standard SALE API request, specifying the merchant ID for that transaction. Following this, the second transaction for the service charge is sent to a different merchant account. HostedPCI’s real-time approval for both transactions ensures immediate feedback for the agent or customer.
Ultimately, HostedPCI successfully mitigated the credit card collection process from the municipality’s scope, reducing their PCI audit form and SAQ type from “D” to “A”, thereby enhancing their compliance and operational efficiency.