1. SERVICE OVERVIEW
The Secure Card Payment Solution is an add-on service to RingCentral Contact Centre, RingCX, and RingEX Services and provides additional protection for Cardholder Payment Data entered via voice or on a keypad during calls. Agents interact with Callers via a Web Panel, either via an API integration or a PCI Pal configured web page to the Customer’s billing system.
If implemented, the Secure Card Payment Solution blocks or obscures Cardholder Payment Data as it is entered, without center agents receiving the audio. Key tones triggered by a cardholder entering their payment information are detected and modified to prevent an agent from identifying which keys have been pressed. Up-to-date information regarding the Secure Card Payment Solution is available at: https://www.pcipal.com/technology/.
2. THE SECURE CARD PAYMENT SOLUTION FEATURES
The Secure Card Payment Solution will consist of one or more of the following features to be integrated with the Customer’s preferred payment gateway (as defined in the Customer’s Order Form):
1. Agent Assist Integrated Web Application: presents the Secure Card Payment Solution interface to the agent inside or redirecting from the RingCentral application.
2. Agent Assist Non-Integrated Web Application: presents the Secure Card Payment Solution interface to the agent via a URL link to the Secure Card Payment Solution’s hosted web page.
3. Secure Card Payment Solution IVR: an agentless collection system that presents the cardholder with audible prompts to guide the cardholder through the collection process. The cardholder responds to prompts using DTMF on the telephone keypad.
Additional Add-on Features
1. PCI Pal Digital: A URL created by PCI Pal is sent to the Cardholder by the Customer allowing the Cardholder to input their card details directly as an ECOM transaction, optionally monitored by the Agent in the PCI Pal Agent Assist interface.
2. PCI Pal Speech: The IVR or Agent Assist Flow can use speech recognition to collect information from the Cardholder.
Customers shall obtain all necessary consents for the capture of DTMF or other audio necessary for the provision of the Secure Card Payment Solution.
3. AVAILABLE LICENSES
Recurring (Monthly) License Fees
| Platform Access Fee | Access to PCI Pal Platform; Required for initial orders |
| Agent Assist Voice/DTMF Payments | Agents taking payments via DTMF; Voice Channel |
| Agent Assist Digital | Agents taking payments via secure payment link sent over any customer provided digital channel |
| Agent Assist Omnichannel | Agents taking payments via voice and digital channels (customer provided) |
| IVR Secure Payments | Secure payment IVR (up to 2,000 transaction attempts per month and monitoring of up to 10 SIP channels) |
| IVR Channel Monitoring | Per additional channel beyond 10 included with IVR Secure Payment license |
| IVR Transaction Attempts | Per transaction attempt beyond 2000 included with IVR Secure Payment license |
| PCI Pal Payment Gateway Integration | Integration to payment gateway or payment service provider |
| Cloud Provision Fee | Per Regional (Country) Instance |
| Project Management | Dedicated Project Manager providing single point of contact and weekly calls |
| Professional Services | For additional development or project management |
4. PAYMENT GATEWAY
The PCI Pal solution will interface with one or more Payment Gateways as identified by the Customer in the Order Form. Customer must provide details of each of their payment gateways along with the relevant API documentation and version numbers. For any non-standard or new Payment Gateway integration (not on the PCI Pal – Supported Payment Gateways list), PCI Pal must obtain an Attestation of Compliance (AOC) from the Payment Gateway provider and subject the provider to a review by the PCI Pal Project and Data Protection Team. Some Payment Gateways may require additional licensing (from the Payment Service Provider) to support the PCI Pal solution.
If a Payment Gateway is unspecified in the Order Form, the project will not begin until the Payment Gateway is confirmed by the Customer.
5. PCI PAL END USER LICENSE AGREEMENT AND DPA
Customers shall comply with the PCI Pal End User License Agreement and DPA located at https://legal.pcipal.com/eula.html.
6. ADDITIONAL TERMS AND LIMITATIONS
6.1. Pricing and Charges. Prices for the Secure Card Payment Solution subscriptions are per user and set forth in the applicable Order Form. Additional PCI Pal charges may be incurred by the Customer for the activation or utilization of additional features or services, for which Customer shall be solely liable.
6.2. Customer Responsibility. Customer is solely responsible for enabling the PSP or use with the PCI Pal Solution.
6.3. Payment Reconciliation. Transaction records can be either retrieved via API or sent to the Customer at the end of each payment session
6.4. Professional Services. “Professional Services” shall mean any onsite and/or remote implementation services, extended enterprise services including technical support, and consulting provided by RingCentral in relation to the Products pursuant to the support level defined a statement of work. Customers must purchase implementation separately through a RingCentral Professional Services SOW, to be performed by RingCentral Professional Services.
6.5. Customer Care. RingCentral will provide tier-one remote support as set forth in the Agreement. Any support cases that require escalation to the Vendor shall be subject to the Vendor’s response times set forth in Appendix A or Vendor’s service level agreement and excluded from any response time commitments for second tier support made by RingCentral.
6.6. RingEX Limitations. 1) Proportional call distribution, whereby calls are distributed across multiple Customer destination numbers, is not supported; 2) The Secure Card Payment Solution is not supported for use with automated diallers, including power, predictive, or progressive diallers, in connection with the RingEX Services. The Secure Card Payment Solution may be supported for use with automated diallers in connection with the Contact Center Services for an additional cost, and subject to the availability and compatibility requirements of the automated dialler.
7. DEFINITIONS
Terms used herein but not otherwise defined have the meanings ascribed to them in the Agreement. For purposes of this Service Attachment, the following terms have the meanings set forth below:
“Caller” means the end user that is providing Cardholder Payment Data to a call centre agent.
“Cardholder Payment Data” means the payment card details, including card number, expiry date, and security code.
"PSP” means payment service provider.
“Secure Card Payment Solution” or “Vendor” means PCIpal.
"Web Panel” means the user interface that is used by the call centre agent to join the Software to a phone call with a Caller, and capture and send Cardholder Payment Data and payment processing parameters to a PSP.
System Availability - Platform Uptime
a) PCI Pal will use commercially reasonable efforts to achieve 99.99% platform availability per calendar month (the “Service Commitment”).
b) Subject to any Service Commitment Exclusions (defined below), where the Service Commitment is not achieved, the Customer will be eligible to receive Service Credits.
c) Downtime will be measured in minutes per month and is defined as total loss of Platform functionality, caused by PCI Pal, its subcontractors or vendors and is measured via PCI Pal’s automated monitoring and alerting systems. Uptime statistics may be provided to the Customer on request.
d) Partial loss of service shall be classed as service degradation and not downtime.
e) The Service Commitment does not apply to any unavailability, suspension, or termination of the Platform, or any other Platform performance issues:
i) caused by factors outside of PCI Pal’s direct control, including any force majeure event, telecom carrier or Internet access or related problems beyond PCI Pal’s management;
ii) that result from any actions or inactions by the Customer or any third party;
iii) that result from the Customer equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control), including integrations to Customer software, PSP availability, the Customer’s connectivity to its telephony carrier or contact centre provider;
iv) ancillary functionality that does not directly facilitate the secure processing of payments, including post transaction logic or reporting; or (vii) arising from PCI Pal’s suspension or termination of your right to the Platform in accordance with the Agreement (collectively, the “Service Commitment Exclusions”).
Service Credits
a) Where PCI Pal fails to meet the Service Commitment over the course of a month, PCI Pal will issue the Customer with a Service Credit that may be applied to offset the cost of any future invoices.
b) Service Credits will be calculated as a percentage of the Customer’s monthly licenses cost as indicated below. Where licenses are paid annually this will be the annual cost divided by 12.
i) 99.99% - 100% Uptime - Service Commitment met, no credit due.
ii) 99.50% - 99.98% - Minor downtime, 3% credit due.
iii) 99.00% - 99.49% - Moderate downtime, 6% credit due.
iv) 98.99% or less – Major downtime, 10% credit due.
c) The total value of Service Credits claimed in a single month may not exceed 50% of the Customer’s monthly license cost.
d) c) It is the Customer’s responsibility to claim Service Credits.
e) d) Service Credit claims must be submitted to [email protected] within 14 calendar days of the end of the month in which the alleged breach of the Service Commitment occurred.
f) e) When claiming a Service Credit, the Customer must include the Support Ticket reference provided to them by PCI Pal when raising the incident that caused the alleged breach of the Service Commitment.
g) f) The Service Credit claim will be reviewed and processed, and the Customer will be notified of the outcome of their claim within 14 calendar days.
h) g) Service Credits will be applied against a future PCI Pal invoice unless no future invoices are expected, in which case the Service Credits will be issued as a cash refund
For PCI Pal’s full Service Level Agreement see here:
https://www.pcipal.com/wp-content/uploads/PCI-Pal-SLA-Standard-2023-v1.1-002.pdf