| NAME | PURPOSE OF PROCESSING | LOCATION OF PROCESSING | TRANSFER MECHANISM |
|---|---|---|---|
Eckoh
|
Credit Card Payment Provider
|
United Kingdom
|
Standard Contractual Clauses
|
1. SERVICE OVERVIEW
The Secure Payment Software is an add-on service to RingEX Services and provides additional protection for Cardholder Payment Data entered on a keypad during calls placed by or to the RingEX Agents interact with Callers via a Web Panel, which includes pertinent information, such as Agent ID, transaction reference, transaction amount and description and MID indicator. Additional features include the ability to employ stored tokens (provided Customer’s PSP allows use of tokens) to identify repeat Callers, and a custom Web Panel logo.
If implemented, the Secure Payment Software detects and either blocks or obscures Cardholder Payment Data as it is entered, prior to call center agents receiving the audio. Key tones triggered by a cardholder entering their payment information are detected and modified to prevent an agent from identifying which keys have been pressed. Up-to-date information regarding the Secure Payment Software is available at: https://www.eckoh.com/secure-payment-services/telephone-payments.
The Secure Payment Software includes the following features:
1. Obscuring dual tone multi-frequency (“DTMF”);
2. Integration to Customer’s payment gateway;
3. Callguard Speech Capture (which describes the feature enabling a Caller to provide Cardholder Payment Data securely via speech (rather than inputting via a keypad));
4. Integration to Customer’s payment gateway to validate:
(i) card scheme;
(ii) card number LUHN; and
(iii) BIN (including the new 8 digit BIN ranges).
Customer and Authorised Service Recipients shall obtain all necessary consents for the capture of DTMF or other audio necessary for the provision of the Secure Payment Software.
2. CALL ROUTING
Inbound and outbound calls may be configured by Customer to route through a secure platform provided by the Vendor to process the Cardholder Payment Data outside of the RingCentral platform. Any configuration of the inbound and outbound call routing through the secure platform shall be set forth in the applicable Statement of Work.
3. CUSTOMER OBLIGATIONS
3.1 Customer shall not take any of the following actions with respect to the Secure Payment Software: (a) reverse engineer, decompile, disassemble, re-engineer or otherwise create, attempt to create, or permit, allow or assist others to create, the source code or the structural framework for part or all of the Secure Payment Software or otherwise disrupt the features, functionality, integrity, or performance of the Secure Payment Software (including any mechanism used to restrict or control the functionality of the Secure Payment Software); (b) cause or permit any use, display, loan, publication, transfer of possession, sublicensing or other dissemination of the Secure Payment Software, in whole or in part, including as a service bureau, to or by any third party without RingCentral’s prior written consent; (c) cause or permit any change to be made to the Secure Payment Software without RingCentral’s prior written consent; (d) bypass or breach any security device or protection used for or contained in the Secure Payment Software; or (e) use the Secure Payment Software for purposes of benchmarking or conducting competitive analysis of the Secure Payment Software or developing, using or providing competing software products or services. Customer shall promptly notify RingCentral if it becomes aware of or reasonably suspects any security breach, including any loss, theft, or unauthorized disclosure or use of the Secure Payment Software.
3.2 Customer shall not: (a) use the Secure Payment Software to store or transmit any content that may be infringing, defamatory, threatening, harmful, or otherwise tortious or unlawful, including any content that may violate Intellectual Property Rights, privacy, rights of publicity, or other laws, or send spam or other unsolicited messages in violation of applicable law; (b) upload to, or transmit from, the Secure Payment Software any data, file, software or link that contains or redirects to a virus, trojan horse, worm, or other harmful component; (c) attempt to gain unauthorized access to the Secure Payment Software, or related software or networks, or to defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any software protection or monitoring mechanisms of the Secure Payment Software; or (d) use, or otherwise access in connection with Customer’s use, the Secure Payment Software in any manner that is not in accordance with applicable Law.
3.3 The Customer shall ensure that any equipment used in connection with the provision of the Secure Payment Software complies with any legal or regulatory requirements and is approved for such use by RingCentral or meets the specifications as notified by RingCentral from time to time.
3.4 The Customer shall provide such assistance as is necessary in connection with the provision of the Secure Payment Software.
4. ADDITIONAL TERMS AND LIMITATIONS
4.1 Pricing and Charges. Prices for the Secure Payment Software subscriptions are set forth in the applicable Order Form. Additional charges may be incurred by the Customer for the activation or utilization of additional features or services, for which Customer shall be solely liable.
4.2 Proportional call distribution, whereby calls are distributed across multiple Customer destination numbers, is not supported.
4.3 The Secure Payment Software is not supported for use with automated diallers, including power, predictive, or progressive diallers, in connection with RingEX Services. The Secure Payment Software may be supported for use with automated diallers in connection with RingCentral Contact Center Services for an additional cost, and subject to the availability and compatibility requirements of the automated dialler.
4.4 Customer is solely responsible for enabling the tokenization with their PSP and configuring the Web Panel to provide all payment processing parameters and information required by the PSP. Customer is also responsible for the deletion or updating of all tokenized Cardholder Payment Data stored with the Secure Payment Software vendor.
4.5 The Web Panel is provided to the Customer as a URL; Customer is solely responsible for activating the Web Panel into the payment process and causing the call centre agent to access the Web Panel.
4.6 The transmission of payment processing parameters to PSPs using HTTPS is subject to the availability and compatibility requirements of the respective PSP and its APIs. Customers must identify any payment processing parameters that are required to be sent to a PSP using HTTPS. Validation of payment processing parameters that are made via dynamic look-up requests to a client web service or to a database are not supported.
4.7 Payment Reconciliation. Transaction records can be either exported as a file or sent to the Customer at the end of each call. Where transactions are exported as a file, Customer will be responsible for providing the SSH keys and IP addresses necessary to transmit the files via the Secure Payment Software vendor’s sFTP server, as well as deleting any export files residing at the sFTP server. Where transaction records are sent at the end of each call, the transaction record will be sent in a supported encoded format; it shall be Customer’s responsibility to reformat the transaction record for any other purpose.
4.8 Customer Care. RingCentral will provide second-tier remote support as set forth in the Agreement. Any support cases that require escalation to the Vendor shall be subject to the Vendor’s response times set forth in Appendix A and excluded from any response time commitments for second tier support made by RingCentral.
4.9 Service Availability. Appendix B – Secure Card Payment Software Service Availability includes the service availability levels RingCentral commits to deliver for the Secure Card Payment Software.
5. DEFINITIONS
Terms used herein but not otherwise defined have the meanings ascribed to them in the Agreement. For purposes of this Service Attachment, the following terms have the meanings set forth below:
“Caller” means the end user that is providing Cardholder Payment Data to a call centre agent.
“Cardholder Payment Data” means the payment card details, including card number, expiry date, and security code.
“PCI-DSS” means Payment Card Industry Data Security Standards.
"PSP” means payment service provider.
“Vendor” means Eckoh UK Limited.
"Web Panel” means the user interface that is used by the call centre agent to join the Software to a phone call with a Caller, and capture and send Cardholder Payment Data and payment processing parameters to a PSP.
- Name of person reporting fault
- Your company name
- Your contact phone number and email address
- Service or application affected
- Access number
- Description of the fault
| Error Severity | Target Fix Time | Activity | Resolution Method |
|---|---|---|---|
| Serious (24/7 Support) | 4 hours | continuous effort | patch/work around |
| Service Affecting | 8 Business Hours | continuous during Business Hours | patch/work around |
| Minor | 3 months | as required | as needed |
“Minor” faults affect less than 1% of calls utilizing the Secure Payment Software or affect more calls utilizing the Secure Payment Software but do not cause the absence of any significant function of the service – that is, affected calls can still progress to obtain the relevant information in the normal way.
| Service | Service Level (KPI) | Performance Measured |
|---|---|---|
| CallGuard Hosted | 99.95% | As defined above |
| Eckoh PCI DSS Platform | 99.99% | As defined above |
| Eckoh Voice Platform | 99.99% | As defined above |