Customer Service / PCI-DSS Payment Platform Solution and Cloud Telephony Carrier (SIP as a Service) - DICT3497

The current process of handling customer’s credit card details over the phone in the SNSW contact centre environment requires strengthening to achieve full PCI DSS compliance. The proposed solution is to engage a secure IVR payment service provider to enable the contact centre agent to initiate and complete a payment without a customer having to verbally provide credit details over the phone.

This secure IVR payment solution is anticipated to address most of the PCI DSS compliance obligations for SNSW contact centres by providing a secure mechanism to mask Dual-tone multi-frequency (DTMF) tones associated with taking credit card transactions over the phone. This eliminates Man-in-the-Middle (MitM) attacks and ensures that credit card information is never transmitted to an agent or traverses the Internet. 

Refer to Additional Details / Instructions

The approach to the market is with a multi-module tender for suppliers to bid:

• Staff assisted PCI-DSS compliant Interactive Voice Response (IVR) payment solution

• Cloud telephony carrier including SIP over the internet capabilities (SIP as a Service)

• Both above

This project aims to uplift the technical and process capabilities of the Contact Centre and IVR channels, integrate with a secure and PCI-DSS compliant contact centre inbound payments capture capability and achieving full PCI-DSS compliance across all channels and implement a scalable SIP over the internet carrier as a service for the cloud telephony solution.

• The Procurement (Enforceable Procurement Provisions) Direction 2019 applies to this procurement

• A government agency may conduct negotiations with suppliers regarding the procurement

Please see the attached documents

Please see the attached documents