- Why would I get telephony from SecureCo instead of directly with the major carriers?
SecureCo’s dual carrier service ensures mission critical infrastructure stays up across multiple carriers, ensuring the customer contact centre remains operational even in the event of a carrier failure or intermittent faults. Our collective wholesale buying power ensures competitive pricing and easy uplift to additional SecureCo services such as Toll Free, Contact Centre Payments and Payments.
- How do you ensure carrier redundancy?
Redundancy is built into all parts of the voice offering, starting with dual carriers via dual paths to our dual data centres.
Each carrier has a primary and secondary path to reach SecureCo data centres, ensuring automatic rerouting of carrier calls.
A customer's IP PBX or SIP Gateway is connected to SecureCo via data centre cross connects, Cloud based networks or layer-2 Ethernet links. This ensures minimal routing complexity, hops and quality degradation, resulting in low latency and jitter while providing high QoS implementations nationally.
Our voice architecture operates in an Active/ Standby and Primary/Secondary model across DC’s. Active/Standby ensures seamless call fail-over even if one voice component fails. Should a data centre or any connectivity to a data centre fail, calls will be dropped and immediately be available and re- routed to secondary sites and continue to function.
- Can we Bring Your Own Carrier?
Yes. We understand that often retail and whole-of-business agreements are in place, which prevent customers changing to SecureCo carriage underpinned by Telstra, Optus, Vocus, AAPT and Symbio. In these cases, we will connect the preferred carrier to our infrastructure and back to the customer environment. This service will not offer dual carriers, but SecureCo is able to offer a DR carrier if required. Bring Your Own (BYO) carrier is mostly used with Contact Centre Payment implementations.
- How would I move carriers?
The simplest method is to take new numbers from SecureCo and move calls to these new numbers. This is especially relevant where these numbers are fronted by Toll-Free services and thus easy to change.
A secondary option is to port DID numbers to SecureCo carriers. Generally, we offer test numbers to test with initially before porting all numbers across.
Last option is to implement a BYO carrier. With this option SecureCo will assist in moving the existing SIP trunks from customer site to SecureCo data centres and implement a managed network back to the customer site.
- How does dual carrier work?
SecureCo’s dual carrier is largely automatic and immediate with calls falling between carrier links on a per call basis and even between carriers where it is fronted by toll-free for inbound calls. For outbound calls, failover to either of the carriers is done automatically.
Active monitoring of the carrier links also allows us to switch to secondary carriers while fixing intermittent faults on the primary carrier.
- Is the call quality affected because it now runs through your platform?
No, calls are not affected by the additional SIP Call hop in path. All calls are routed via our core session border controllers (SBC) and on to the customer network only.
- How much capacity do you have on your SBCs?
Each SBC pair is capable of handling up to 32,000 concurrent channels per data centre.
- Which data centre’s are you located in?
SecureCo utilises diverse data centre locations and is currently in Equinix SY3 and NextDC S1 within the Sydney metropolitan area as well as Melbourne.
- What changes to my PBX need to be made?
SecureCo utilises SIP signalling via private managed network links. Generally, no changes are required. Our preference is to utilise standard numbering (+E.164) and codecs (G711a & u).
- How are you integrating with my phone systems?
Integration is done at a SIP trunk level, providing inbound and outbound SIP calls. SecureCo does not provide direct assistance with CRM or PBX extension implementations.
- Can I choose my carriers?
SecureCo utilises multiple upstream carrier networks and will provide carriers-based load and volume. Generally, we do not offer customers a selection of carriers, but this can be accommodated if required.
- Can you speak to our downstream provider?
For BYO carrier implementations, we will work directly with your preferred carrier to ensure the success of the project. Generally BYO carrier requires additional project management services from SecureCo to ensure the smooth transition and our project management office team will directly engage with the carrier.
- Can we have alternate carriers?
Dual carrier implementations allow you to select the primary carrier based on the DID number. If the carriers are fronted by toll-free numbers, selection will be based on the toll-free setup.Outbound calls automatically route via the primary carrier and fail over to the secondary carrier if needed.
- Do you support fax?
Yes, but as with all SIP-based fax, it is supported on a best effort basis across our SIP carrier networks. There is no support for transcoding faxes.
- How does toll free help with redundancy?
Utilising SecureCo’s dual carriers, toll-free services can be set up to go to the first carrier DIDs and fail over to the secondary carrier DIDs for all inbound calls. This ensures inbound calls to the customer are always completed across either carrier.
- Do you support Simplex and Complex configurations?
Yes, we do. Simplex configurations are generally for primary, secondary number routing, while complex configurations offer more detailed routing based on items such as post code, time of day, IVR, etc.
- Does SecureCo provide a priority assistance service?
No, we do not offer this at this stage.
Enterprise Voice for Cloud
- What contact centre/PBX systems do you support?
Our customers use a variety of the leading contact centre platforms in the world, including Teams, Genesys Cloud, Nice inContact, Cisco and Avaya.
- Can you recommend a new contact centre/partner to work with?
Yes, we partner with some of the world’s leading contact centre vendors, system integrators and consultants and we would be delighted to work with you to ensure that your customer experience roadmap meets your expectations.
- Can I transfer between Microsoft Teams and my Contact Centre?
Yes, call transfers are possible via our carrier infrastructure.
- Do you have any CRM or Contact Centre integrations?
We offer our APIs to allow CRM and contact centre WFM to utilise our products and services, rather than directly integrating to various systems. The REST-based APIs provide all the required interactions and details.
- What is the porting process and how long can it typically take?
Porting from one carrier to another is usually a seven/nine- week process with various stages, depending on the carriers. We will assist in the process and smooth over as many of the components as we can using our experience in the process. Porting generally takes place during office hours, but it can be arranged for after hours for DID numbers. There may be additional charges.
- Do you support both DID and toll-free number porting?
Yes, we do.
- Does SecureCo implement number porting randomly/without notice or is it managed?
We only offer managed number porting arranged by our PMO or service desk team.
- Can I port toll-free services after hours?
No, you can not. Unfortunately, porting of toll-free services is only conducted during business hours by our carriers. Our experienced team can work with you to ensure that the porting process during business hours is as seamless as possible so that there is no interruption to your customers or your users.
Contact centre payments
- How does SecureCo’s Contact Centre Payment platform work?
We utilise DTMF masking technology by sitting in path between our carrier providers and the customer PBX to ensure end-to-end compliance.
- How much does it cost?
Overall costs depend on the selected solution. Costs are broken down into quantity licensing of the voice channels, number of PCI Agents taking payments. Usage makes up the remainder of the monthly costs with voice minutes and number of payment transactions executed. Implementation costs are broken down into product delivery costs to implement the solution and optional project management services, where we provide a turn-key implementation of our solutions.
- How long will it take to deliver a project?
From our experience of implementing similar services, the usual project duration envelope is three months. Integration of carrier and payment provider services making up the bulk of the duration.
- Where do the credit card details go once they have entered SecureCo’s CCP platform?
Credit card data (PAN/CVC) are transiently held in the Contact Centre Payment (CCP) solution until payment has been executed with the payment gateway. After which it is completely and securely erased. We do not hold or store any credit card data with our CCP solution.
- Do you keep record/ store data of any transactions?
All transactions are logged for audit and troubleshooting purposes, but no PAN or CVC data is ever logged. Only returned card tokens are stored as part of the logs.
- Doesn’t (Pause & Resume / Encrypted Network / Clean Room) take me out of scope?
These solutions still require compensating controls to be put in place, which are time consuming and complex as well as only providing a SAQ-D certification. Our CCP solution provides SAQ-A, which means no credit card data is present at all, significantly minimising the need for these compensating controls and reducing ongoing cost each year.
- Can I use the CCP platform in conjunction with IVR / IVA / Speech Analytics?
Yes, card details are only masked when taking payments, which means all current IVR menus will function as before. Since DTMF digits are masked during payment, call recording and speech analytics solutions are now also out of PCI scope and do not require any redaction.
- How will this impact my agent performance and productivity? e.g. AHT, CX, etc.
CCP positively contributes to a better customer experience, since the customer remains on the call with the agent while taking payments. Average handling time is generally reduced, since the agent can enter additional information while the customer is entering their card data. Our data suggests a 2-8 seconds reduction is possible.
- Do you clear or settle?
No, we do not offer merchant facilities. We only facilitate the capture of cards in a PCI DSS compliant manner.
- What is your current TX volume?
Our API facilitates the capture and execution of the payment to the upstream PSP gateways, so volumes are dependent on the number of transactions executed.
- Do you offer a solution for physically disabled people?
Currently no, although we could explore bespoke solutions on a case-by-case basis.
- Do you support overseas credit cards?
Yes, we do. We support all major credit card providers
- Can agents use SecureCo when working from home?
Absolutely! This is one of the key strengths of our solution since no credit card information is ever passed to the agent. Agents can log in from home and continue to take payments safely and securely. All our solutions ensure no credit card details are spoken, heard, or seen.
- Can any voice channel take payments?
Yes, all channels can be “protected”, which means that any channel will be able to take a payment if required. The maximum number of payments is based on the number of Agents
- What is DTMF masking?
DTMF masking involves masking the unique audible tones with flat tones so that people who hear the DTMF data cannot decipher the credit card numbers.
- What does “secure mode” mean?
It is a period during the call, where DTMF tones from the customer side of the call are masked to the agent and SecureCo for the capturing of the digits used for payment directly to the PSP gateway, on behalf of the Merchant.
- What is DTMF bleed?
DTMF bleed is the term used to describe residual DTMF tone artifacts left in the voice stream. Generally, this is not audible and only detectable via media analysers, so most carriers do not remove it. We remove DTMF bleed to ensure no residual DTMF information remains in the voice stream.
- Do I need to detokenize and re-tokenize the credit cards once I start using your contact centre payment solution?
The short answer is no. There is no need to detokenize and tokenize the existing tokens. Our scope in the contact centre payment solution is to capture the credit card details and submit the transactions to your payment gateway on your behalf. One of these transactions can be to create tokens. In this case we will capture the credit card, create the token and share the payment gateway’s card token back with you. You can then use that token for recurring payment directly by executing the transaction using the card token with your payment gateway.
IVR & IVA payments
- What are an IVR and IVA payment?
An Integrated Voice Response (IVR) or Intelligent Virtual Agent payment solution is an on-demand 24/7 Payment service that assists the customer to capture cardholder credit card details in a PCI DSS compliant manner, outside the merchant facilities.
- What are the benefits of SecureCo’s IVR & IVA solution over others?
IVA and IVR payments solution empowers merchants to add a solution that customers can use to make payments 24/7 without speaking with an agent.
- What are your digital engagement channels?
We offer a simple API to capture a future ecommerce in a short- or deep-linked URL. This URL can then be passed to a customer via digital channels such as webchat, SMS, WhatsApp, email, AI, Chatbots, websites and QR codes. Since the HPP is hosted by SecureCo, the payment is done outside the Merchant PCI DSS scope.
- Can SecureCo integrate with my existing webchat provider?
Yes we can. When a customer needs to make a payment, the agent supplies all relevant information of the payment and receives back a short URL. The URL is then shared using any digital channel, ready to capture the customer credit card when used.
- Does SecureCo need to integrate with my payment gateway for me to use their omni channel solution?
Yes, we need to integrate with your PSP gateway to enable you to use our omnichannel solution. We provide API level integration with all the major PSP gateways in AU and NZ. Utilising our payment connectors or our payment gateway proxy, we can provide proxy payments directly to the PSP gateway.
- Who are the gateways you interact with?
We provide API level integration with all the major PSP gateways in AU and NZ. Utilising SecureCo’s payment connectors or our Payment Gateway Proxy, we are able to provide proxy payments directly to the PSP gateway.
- Can SecureCo connect to our payment gateway?
Yes, we offer payment gateway integration via API to all major PSP gateways.
SLA and support
- What is your Service Level Target?
For all services, unless mentioned otherwise, our uptime SLA is 99.99%. For single carriage, toll free and global carrier services, our SLA is 99.95%
- What is the lead time to be fully operational? Is there an SLA for this?
There are various products that all have different lead times from 24 hours up to three months for full CCP and carrier implementations.
We do not offer an SLA on implementation, rather using our PMO services to ensure the delivery of the solution.
- Do you have 24/7 support?
Yes, we have a 24/7 service desk. A self-service portal is available for ticketing.
- Do you have monitoring and portal capabilities?
24-hour monitoring is standard with automated alerting.
PCI – DSS
- What is PCI DSS?
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.
- What is the difference between SAQ-A and SAQ-D?
SAQ-A and D refer to different levels of PCI DSS compliance. SAQ-A certified means the entire network architecture is so that no cc data enters the contact centre, and the cardholder data functions can be outsourced to a third party i.e. SecureCo.
SAQ-D means a company is still compliant however will need to fill out a Self-assessment Questionnaire (400+ questions) to get their PCI DSS certification.
- What is a Self-assessment Questionnaire?
A Self-assessment Questionnaire (SAQ) is used by entities to document self-assessment results from their annual PCI DSS assessment. Depending on how entities take credit card payments will determine which SAQ will need to be completed. In some cases, self-certification of an SAQ is not enough and an Attestation of Compliance (AOC) will have to be completed alongside it.
- What is the difference between PCI certification and PCI compliance?
The key difference here is how PCI compliance is verified. PCI certification is proof of compliance as it relates to the verification process by the Qualified Security Assessor (QSA). PCI compliance involves the development and daily maintenance of cardholder data protection policies and procedures, so essentially it is a claim rather than proof, but it should be taken just as seriously.
- Are you compliant with GDPR?
This is not directly applicable to SecureCo, being an Australian entity as GDPR is a European regulation. There is no regulatory body, nor approved certification around GDPR that would be applicable to uso. However, we can confirm that SecureCo is prepared to accept GDPR-aligned contractual obligations
- What is an Attestation of Compliance?
The Attestation of Compliance (AOC) is a form for merchants and service providers to prove (attest) to the results of their PCI DSS assessment. It is completed by the entities QSA along with the appropriate SAQ or Report on Compliance (ROC) and sent on to the entities’ merchant bank. They then send it to the appropriate card brand (e.g. Visa, Mastercard etc.) In short, any entity that accepts, processes, stores or transmits cardholder data directly or on behalf of another entity must have an AOC as it proves PCI compliance.
- What is a Report on Compliance?
An ROC documents the result of an entity’s PCI DSS assessment. These are only required if an entity is a Level 1 Merchant (has more than six million annual transactions with Visa and/or Mastercard.) Unlike an SAQ , they must be completed by a third-party QSA after a PCI DSS audit.
- Do you share your ROC?
No, we will provide you with our AOC. The ROC contains too much sensitive information regarding our security and processes to be shared.
- Do you adhere to PII and the Australian Privacy Act?
Yes, we adhere to the Australian privacy standards. We support your obligations under the Australian Privacy Act written into our contracts.
- We are already SAQ-D due to other payment channels; would being SAQ-A be of any benefit?
Yes, it would be. While you would still be issued a SAQ-D PCI Certificate, SecureCo can take full responsibility for 300 or so controls that relate to your contact centre. This reduces audit time, and cost.
- How exactly does an SAQ-A solution benefit an organisation that needs SAQ-D? When that SAQ-A solution is audited, by providing the SecureCo AOC to your auditor, it demonstrates that we take responsibility for all but 20 or so controls regarding that solution. This can result in weeks of reduced internal effort in maintaining compliance for, as well as preparing for an audit of those solutions we provide. All the controls that we take responsibility for will be skipped during your own audit.
- Our agents can hear credit card information, does this mean we are not PCI compliant?
No, however what happens after that may mean you are not PCI compliant. If that card number is written down, entered into a computer, unless all those connected systems are scoped, audited and certified, you may not be PCI compliant. By removing the agent from scope that does need to even be considered.
- How does SecureCo assist with SAQ-A?
We provide a PCI AOC, which demonstrates that the solution is completely outsourced. We also have guidance documents you can use to support your organisation and your QSA to even further help reduce the impact and cost of your PCI audit.