BT Inbound Contact UK Service Schedule Annex 1 Secure Contact - Payment Card Industry Compliance



Similar documents
Guidance Notes PCI DSS Compliance as it relates to Call Recording

White paper. How to take your contact centre out of scope for PCI DSS. Reducing cost and risk in credit card transactions for contact centres

Information Sheet. PCI DSS Overview

Your Compliance Classification Level and What it Means

PCI Compliance. Top 10 Questions & Answers

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Jigsaw24 Support Contract Terms & Conditions

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

PCI Compliance Top 10 Questions and Answers

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING

CRM in a Day Support Services Agreement

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

UO Third Party Credit Card Processing Request

Frequently Asked Questions

Rothschild Visa Card Terms and Conditions

PerfectForms End-User License Agreement

Agcess Visa Card Terms and Conditions

Rekoop Limited Standard Terms of Business

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments

Information Technology

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

Service Schedule for BT Mobile Device, Application, Content and Management

Service Schedule for BT MeetMe with Dolby Voice

Merchant Gateway Services Agreement

"Broadband Voice Telephone Adapter" a broadband voice telephone adapter or BT Voyager 220V which may be bought from BT.

TERMS AND CONDITIONS OF PAYMENT CARD ACQUIRING SERVICES AGREEMENT Valid from

paypoint implementation guide

Conditions of Service SkyMesh Phone Table of contents

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Internet and Phone Banking. Terms and Conditions and Important Information

FLEXITY SOLUTIONS INC. Terms of Service

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

BT Inbound Contact global (formerly CCS International) Service Annex to the General Service Schedule

Internet Banking Terms and Conditions

COMPUTER AND INFORMATION TECHNOLOGY MANAGED SERVICES AGREEMENT

Version: 0.102c. Date: 17 th December Information Supplement:

SOFTWARE DEVELOPMENT AGREEMENT

Payment Card Industry Data Security Standards

Service Schedule 6 - Cloud Services Terms & Conditions

POLICY NAME : MERCHANT (PCI) POLICY AND PROCEDURES ACCEPTING CREDIT/DEBIT CARD PAYMENTS

University of Liverpool

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

SWEDBANK AS TERMS AND CONDITIONS FOR PAYMENT CARDS SERVICING Valid from

MEDICAL-OBJECTS SOFTWARE LICENCE AGREEMENT

The Community Mutual Group Visa Credit Card Conditions of Use

PCI Compliance. Reducing cost & risk in Credit Card Transactions for Contact Centres V1.0

How to Take your Contact Centre Out of Scope for PCI DSS. Reducing Cost and Risk in Credit Card Transactions for Contact Centres

Payment Card Industry (PCI) Data Security Standard

AAPT Business Reach Voice

ICC UNIFORM RULES FOR CONTRACT BONDS

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

CERM NEGOTIATING FRAMEWORK NEGOTIATED DISTRIBUTION SERVICES. 1 July 2015

Module 5 Software Support Services TABLE OF CONTENTS. Version 3.1

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Payment Card Industry (PCI) Data Security Standard

Merchant Tripartite Agreement. Terms and Conditions

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

General Terms and Conditions of Sale and Delivery of Federatie Aandrijven en Automatiseren (Trading Companies)

SOFTWARE LICENSE AND NON-DISCLOSURE AGREEMENT

CREDIT CARD CARDHOLDER AGREEMENT

Module 12 Managed Services TABLE OF CONTENTS. Use Guidelines

SNAP SURVEYS LTD SNAP PLUS SERVICE LEVEL AGREEMENT

SALEM STATE UNIVERSITY CLIPPERCARD MERCHANT AGREEMENT

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

CRM Support Services Agreement

ASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT. Schedule 1 Managed Voice Services

TERMS OF ENGAGEMENT FOR LIMITED COMPANY CONTRACTOR

Module 3 Licensed Software TABLE OF CONTENTS. Version 3.0

COLOCATION SERVICE SCHEDULE

AheevaCCS and the Payment Card Industry Data Security Standard

General Terms and Conditions concerning software maintenance

GALLAGHER GROUP LIMITED, 181 KAHIKATEA DRIVE, HAMILTON, NEW ZEALAND GALLAGHER

BT Product and Services Agreement

EASYNET CHANNEL PARTNERS LIMITED PARTNER MASTER SERVICES AGREEMENT SIP TRUNKING SERVICE PRODUCT TERMS

HELPcard Merchant Operating Guide (Rev. Date 12/01/2013)

TEXTURA AUSTRALASIA PTY LTD ACN ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

PCI DSS Presentation University of Cincinnati

Any other capitalised terms have the meanings set out in Schedule 1.

Card Account means your Card account that is in relation to your Visa Wallet maintained and operated by Tune Money Sdn Bhd.

How To Use Adobe Software For A Business

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

Service Schedule 2 MS Lync Terms & Conditions v1.0

Terms and Conditions. 4 Termination of the Agreement

Chapter I. 1. Purpose. 2. Your Representations. 3. Cancellations. 4. Mandatory Administrative Proceeding. dotversicherung-registry GmbH

Introduction to PCI DSS

Saint Louis University Merchant Card Processing Policy & Procedures

JRI S STANDARD TERMS OF PURCHASE. Business Day: a day (other than a Saturday, Sunday or public holiday) when banks in London are open for business.

How To Build A House

Credit Card Processing and Security Policy

Information Crib Sheet Internet Access Service Agreement

DASHBOARD CONFIGURATION SOFTWARE

Payment Card Industry (PCI) Data Security Standard

White Paper On. PCI DSS Compliance And Voice Recording Implications

Transcription:

SERVICE SCHEDULE ANNEX 1 CONTENTS 1. SERVICE DESCRIPTION 2. ORDERING AND DELIVERY OF THE SERVICE 3. FAULT MANAGEMENT 4. SERVICE LEVEL AGREEMENT 5. DDI NUMBERS 6. AGENT INTERFACE AND NETWORK ACCESS 7. PAYMENT SERVICE PROVIDER (PSP) INTEGRATION 8. REPORTING 9. CARDHOLDER DATA STANDARDS 10. GENERAL TERMS 11. DEFINITIONS 1 of 7

1. SERVICE DESCRIPTION In order to process Cardholder Data in a PCI DSS compliant way, Calls into a Customer Contact Centre will be handled in accordance with the following process: i) If no Cardholder Data details are required during the Call, the Agent will not be required to activate the Service. ii) iii) iv) If Cardholder Data details are required, the Agent will activate the Service via the Web Panel (or the CRM if API is used). The Service provides a whisper ID to the Agent who will enter this into the Web Panel on their desktop (or their CRM if API is used) along with any Customer details required for the transaction. The Agent then asks the Caller to enter the Cardholder Data details using their telephone keypad to generate DTMF tones. v) The Service intercepts the DTMF tones as sensitive information or Cardholder Data.and false/synthetic tones are passed on to the Agent to indicate progress and visual progress indicators are given on the Web Panel (or CRM if API is used). vi) vii) viii) ix) If the Caller is unable to use DTMF, then the Agent can override this and allow the Caller to enter Cardholder Data using speech recognition. In such cases, the Caller s Cardholder Data details are not heard by the Agent and progress is reflected on the Web Panel (or CRM if API is used). The Cardholder Data is sent to the Customer s PSP to authorise the payment and the Agent receives confirmation that this has happened via the Web Panel (or CRM if API is used). Once the Cardholder Data entry is complete, this is shown on the Web Panel (or CRM if API is used) The Agent can converse with the Caller during the Call and can assist in the event of any difficulty entering Cardholder Data information. 2. ORDERING AND DELIVERY OF THE SERVICE 2.1 The Customer will order the Service from BT via the Order Form. 2.2 The Service Start Date will be finalised once BT and the Customer have agreed and completed the Service Specification. 2.3 Before the Service is provided to the Customer, the Customer shall have the right to carry out Acceptance testing. Such Acceptance shall not be unreasonably withheld by the Customer. 3. FAULT MANAGEMENT 3.1 The Customer may report technical faults with the Service to BT via the 24 hour helpdesk on 0800 110011. 2 of 7

3.2 When report a fault with the Service, the Customer will be required to provide the following information: i) a contact name; ii) contact number; iii) the time and date of the Call; iv) Calling line identity and dialled number; and v) a description of the fault in as much detail as possible. 3.3 Faults raised by the Customer will be processed by BT and allocated a Severity Level. BT will aim to respond to and resolve faults in accordance with the following Service Levels. Fault Severity Level Initial Response Time Target Fix Time Critical (24/7 Support) 4 Hour 5 Hours High 2 Business Hours 6 Business Hours Medium 2 Business Hours 4 Business Days Low 24 Business Hours 28 Business Days 3.4 Fault Severity Level Definitions Critical i) affect all Calls; and/or ii) cause unavailability of Service. and/or iii) prevent Callers being routed to the Customer s Site. High i) affect more than 10% of Calls at any time; and/or ii) cause the absence of a significant function of the Service (e.g the inability to take payment or Calls not being forwarded or DTMF not being recognised correctly). Medium i) affect more than 1% of Calls at any time: and/or ii) cause the absence of a significant function of the Service (e.g the inability to take payment or Calls not being forwarded or DTMF not being recognised correctly). Low i) affect 1% or less than 1% of Calls; or ii) affect more than 1% of Calls but do not cause the absence of any significant function of the Service (e.g cosmetic changes to the Service which do not affect the ability for Calls to be made to obtain the relevant information). 3.5 Once a fault is resolved, BT will advise the Customer via the Nominated Contact. 3 of 7

3.6 Following fault resolution, BT will, where appropriate, assess whether any changes need to be made to the Service. Where BT considers that changes do need to be made to the Service, BT will produce a report detailing the steps that need to be taken to prevent a recurrence of the fault which will be forwarded to the Customer for approval prior to implementation. 4. SERVICE LEVEL AGREEMENT 4.1 Where BT does not deliver the Service by the Service Start Date, the Customer shall be entitled to receive compensation in accordance with clause 3 of the Inbound Service Schedule save that compensation will only apply where the delays are attributable to events solely within BTs reasonable control. 4.2 Where BT does not resolve a fault within the above Service Levels the Customer shall be entitled to receive compensation in accordance with clause 3 of the Inbound Service Schedule save that compensation will only apply for faults which: i) affect all Calls; and ii) prevent operation of the Customer s entire Service; and iii) are attributable to events solely within BTs reasonable control. 4.3 BTs responsibility to provide Service (and liability to provide compensation) will only apply in relation to the following points of demarcation: i) The point of receipt of the Call at a BT exchange ii) the Web Panel (or the CRM if API is used). iii) The web access point for the Customers PSP for the provision of payments iv) The external interface to the Customers accounting system (If applicable for reconciliation purposes). 5. DDI NUMBERS 5.1 All Calls which may result in Cardholder Data being disclosed must use the Platform and BT will provide a set of DDI numbers to the Customer that Calls must be distributed to. 5.2 The Customer will provide to BT details of the terminating DDI numbers for the Calls to be delivered. 6. AGENT INTERFACE AND NETWORK ACCESS 6.1 Subject to clause 6.2 below, BT will provide the Customer with either a customised Web Panel or an API. 6.2 In order to access either the Web Panel or the API, the Customer and its Agents will require internet access to BT s web servers. Where modifications are required on both the Platform and the customer s firewalls to access such web servers, BT will provide details of any modifications that may be required. Any modifications required shall be at the Customer s expense. 7. PAYMENT SERVICE PROVIDER (PSP) INTEGRATION 4 of 7

7.1 In order to collect Payments Card Data, the Customer will need to be contracted with their chosen PSP. 7.2 Where BT is not integrated with the Customer s PSP, then the Customer may Instruct BT to integrate with a new PSP and pay BT an additional set up cost as detailed in the Order Form. 8. REPORTING 8.1 BT will provide Reporting relating to the Service to the Customer via a secure web page. 8.2 Reporting data will be retained for a rolling 12 month period. 9 CARDHOLDER DATA SECURITY STANDARDS 9.1 BT warrants and represents that it has complied with all applicable requirements necessary to be considered PCI DSS compliant at Tier 1 status and has performed all steps necessary to validate its compliance with PCI DSS by a Qualified Security Assessor (QSA). 9.2 BT agrees that it is responsible for the security of all Cardholder Data in its possession including responsibility for all actions involved in Processing the Cardholder Data. 9.3 BT agrees that all Relevant Supplies coming within the scope of the Service will be performed by BT. 9.4 BT shall ensure that the Relevant Supplies conform to the PCI DSS set out at: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml and such later versions or guidance and advisories which the PCI Security Standards Council may issue. 9.5 BT shall promptly notify the Customer on becoming aware of any non-compliance or receiving any allegation of non-compliance with PCI DSS and the steps it is taking to remedy such non-compliance. 9.6 Any breach of this clause by BT shall be deemed to be a material breach of this Service and subject to Clause 7 of the Conditions, BT shall indemnify the Customer from and against any costs, losses, damages proceedings, claims, expenses or demands incurred or suffered by the Customer which arise as a result of such breach. 9.7 BT shall allow the Customer or its authorised representatives reasonable access to premises, systems and records containing any relevant Information as is reasonably necessary to assess BT's compliance with this clause. 10. GENERAL TERMS 10.1 Notwithstanding the provisions of Clause 9.1(c) of the Conditions, if BT or the Customer is unable to perform, or is delayed in performing, any obligation under this Service because of any of the events detailed in clauses 9.1(a) or 9.1(b) of the Conditions and the period of delay exceeds 30 days, the Customer or BT may terminate this Service in whole or part by written notice to the other. 11 DEFINITIONS Acceptance 5 of 7 written acknowledgement by the Customer that Supplies, or

Agent API Application Cardholder Data Cardholder Data Environment CRM Customer Contact Centre DDI DTMF Helpdesk Nominated Contact Nominated BT Service Manager part of them, have been completed in accordance with this Service, subject to any deficiencies stated in such acknowledgement. "Accept" and "Accepted" shall be construed accordingly. the person at the Customer Contact Centre who converses with the Caller. the Application Programming Interface which is integrated with the CRM by the Customer and used by the Agent to activate the Service (where applicable). a speech recognition or interactive voice response software program. the Primary Account Number (PAN) together with any or all of the following items which may be retained with the PAN:- Cardholder Name, Service Code and Expiration Date (as those terms are commonly understood in the payment card industry). that part of the network or business operations that possess Cardholder Data or Sensitive Authentication Data. the Customer Relationship Management web interface used by the Customer. the Contact Centre that is operated by the Customer. Direct Dial In. Dual Tone Multi Frequency signalling. the 24 Hour helpdesk provided by BT which the Customer will use to report faults with the Service. the contact in BT and the Customer who will receive information relating to the Service. the person in BT to whom the Customer can discuss changes relating to the Service. PCI Payment Card Industry. PCI DSS the Payment Card Industry Data Security Standards issued by the PCI Security Standards Council ('the Council') from time to time and set out at https://www.pcisecuritystandards.org. Platform the platform provided by BT to enable the Service to be delivered to the Customer. PSP Payment Service Provider. Processing any processing, collection, transmission, managing or storing by any means and in any type of media including paper, or voice recording, or digital images in which Cardholder Data is held, such as hard disk drives, floppy disks, and credit /debit card receipts on which the full PAN is printed. Relevant Supplies those elements of the Supplies which include the formal or informal Processing of BT Customers' Cardholder Data forming the "cardholder data environment" Reporting a web based Management Information tool provided by BT to enable the Customer to view, and download to Excel, reports 6 of 7

Sensitive Authentication Data Service Service Levels Service Specification Severity Level Supplies Tier 1 Web Panel for a given date range. includes the following:- Full Magnetic Stripe Data, or CAV2/CVC2/CW2/CID, or PIN/PIN Block (as those terms are commonly understood in the payment card industry). the service provided by BT to enable the Customer to reduce or eliminate the handling of Cardholder Data by Agents and be compliant with PCI DSS. the service levels detailed in clause 4 of this Service Schedule Annex. the technical specification for the Service to be provided by BT. the severity level of a fault detailed in paragraph 3.4 of this Service Schedule Annex. all components, materials, tools, test equipment, Service Specification, documentation, firmware, Software, instructions and guidelines, spares and parts and things to be provided to the Customer pursuant to this Service together with all Information this Service requires be supplied to or performed for the Customer. merchants who process more than six million payment card (debit or credit card) transactions each year, and must meet the 12-step PCI DSS and undergo external attestation. the web panel customised by BT for use by the Customer and used by the Agent to activate the Service (where applicable). 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information