The NSW Department of Customer Service will soon begin implementation of a cloud-hosted, PCI-DSS compliant phone payment system.
In a recently-published contract notice, Cloudwave is identified as winning the $10 million deal.
The department approached the market last year because its legacy environment needed strengthening “to achieve full PCI DSS [payment card industry data security standard] compliance”.
The organisation wanted a solution that would let call centre agents process payments without customers having to “verbally provide credit details over the phone”.
The other key requirement for PCI DSS compliance was that the phone system mask the dual-tone multi-frequency (DMTF) tones sent by the customer’s phone to execute a transaction.
Unmasked, the DMTF tones left customers open to interception attacks, Service NSW’s tender states.
Masking the tone “eliminates man-in-the-middle (MitM) attacks and ensures that credit card information is never transmitted to an agent or traverses the internet”, the tender notes.
A Department of Customer Service spokesperson said Cloudwave will provide “Twilio carrier services such as SMS notifications and a PCI-DSS solution to the Virtual Contact Centre (VCC).”
Hosted on the Genesys Cloud platform, the VCC is a NSW government digital asset offered as a service to public sector organisations.
“Twilio Session Initiation Protocol (SIP) as a service allows users to initiate, terminate and modify sessions on a secure network”, the spokesperson added.
“This service replaced traditional SIP channels where a call comes into a contact centre call queue, and will now enable more flexibility to meet the demands of contact centres across the NSW government.
“The VCC currently supports contact centre operations in Service NSW, Better Regulation Division, SIRA, Revenue NSW, icare, Transport for NSW and parts of local government.”
The spokesperson said the PCI-DSS solution integrates with the Department of Customer Service’s customer payment platform, and “strengthens and enhances” phone payment processes “for both customers and DCS”.
The spokesperson added: “The Twilio model incorporates multi-carriers to ensure service availability and resilience in times of peak demands.”
Cloudwave’s contract runs to August 2025.
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
