allpay Limited awarded place on new Payment Services Framework, de-scoping local authorities and wider public sector from PCI DSS compliance

UK payments specialist allpay Limited has been awarded a place on a new Payment Services Framework (PSF) led by Shropshire Council, enabling any UK local authority to offer a wide range of PCI DSS-compliant debit and credit card payment solutions while de-scoping their own compliance requirements.

The services provided via the framework – which spans several lots across cash, debit/credit card and direct debit acceptance – will be accessible to other local authorities and the wider public sector as part of a four-year agreement, reducing the estimated £20,000 cost of tendering for such services.

The Framework is being managed by card processing consultancy, the Card Processing Advisory Service (CPRAS) – whose Freedom of Information requests to local authorities last year revealed that more than 65% are not fully PCI compliant and, as a result, are paying significantly high rates with merchant acquirers because of the risk.

As a result, the rigorous procurement to appoint suppliers to the framework saw suppliers evaluated against hundreds of criteria in a competitive due diligence process lasting several months. Under the framework, local authorities and the wider public sector, including universities, Central Government and the private sector, will be able to call off allpay Limited’s services directly and offer the below payment channels to allow their customers to pay bills.

• Post Office and PayPoint payments
• Online, Automated Phone, Virtual Terminal (including DTMF masking), Mobile App, SMS and Chip and Pin payments
• Direct Debits

allpay Limited already provides payment solutions to 160 local authorities and has worked with Shropshire Council since 2007, providing its citizens with access to the PayPoint and Post Office networks for the payment of council bills.

Back in February, allpay Limited retained its PCI DSS compliance, following an annual external audit, and is now a Level 1 Payments Service Provider (PSP).

Nick Peplow, bill payments director at allpay Limited, said, “The new PSF procured by Shropshire Council provides a clear route for a local authority to achieve PCI compliance while significantly reducing their costs and saving further time and resources from avoiding a costly tender exercise. With PCI DSS compliance becoming more complex and onerous for local authorities to manage, this framework provides a way for them to ensure compliance in the most cost-effective way.”

Julia Edwards, Finance Transaction Manager with Shropshire Council, added: “Of course, like every other council in the UK, we need to make financial savings wherever we can. When it comes to accepting debit and credit card payments though, the most important consideration is that we have the most secure and robust system possible. We are delighted that, with CPRAS managing this Framework, we can access not only the great savings that it offers, but also a state of the art payment processing service which can remove virtually all our compliance and security obligations.”

Andrew Flavell, CPRAS Framework Director, said: “When we began designing this Framework, we could not have hoped for a better outcome. For any council that is not PCI DSS compliant, the Framework package provided by allpay offers a range of products allowing them to achieve compliance with minimal overheads. For those that are already compliant, the Framework service package dramatically cuts the burden of maintaining compliance. And in either case, we can achieve this whilst making cost savings of, on average, 30%.”