Last week we deployed a major PCI compliance upgrade for one of clients. The solution allows them to take secure telephone payments using a hosted service which means that no sensitive card data is handled by their customer service operators or comes anywhere near their systems.

The project involved:

• Changes to their Magento Enterprise Edition web storefront to call the hosted service when a payment is required
• Setting up the 3rd party DTMF based virtual terminal to use the client’s Payment Service Provider
• Making sure the necessary fraud checking data was being supplied to the PSP

Proverb2 advised on the solution, project managed the development & config work and also managed system & acceptance testing.

This technique is becoming more popular with online retailers as, once implemented, it means their staff and systems can be regarded as out of scope for PCI compliance.

The solution used in this project is CardEasy from Syntec