Project title: Payment Systems 2017
A review of Swale Borough Council’s (SBC) payment processes in March 2017 discovered that SBC was non-compliant on card payments for all service areas. Three channels were examined:
- Ecommerce – web payments
- Automated Telephone Payments (ATP)
- Assisted telephone provided by callers talking to Customer Care Assistants (CCA) in the Customer Service Centre (CSC).
A fourth channel is provided by CCA’s on the desk in the reception areas of SBC’s offices, and follows a similar process to assisted telephone
To become Public Sector Network (PSN) compliant SBChad to stop using these systems from November 1st 2017. To continue to take card payments and be compliant SBC had to install a PSN-compliant version of Abavus – my council services and a PCI DSS compliant version of the Adelante card payments system
To meet their requirements SBC engaged AMDS Consultants Ltd as their systems development project manager as we offered experienced in: delivering payment systems, realising local government channel shift projects, and were registered PCI DSS/ISO27001 auditors.
Project initiation began with establishing the necessary agile project principles and PCI DSS infrastructure requirements then began the payment systems implementation which involved: mapping of existing processes, streamlining and simplifying payment processes before arriving at 37 payments forms to be developed for use across all payment channels.
Intermeshing with these work streams was a requirement to ensure that planned estates modifications necessary to meet the standard had been correctly planned and that new telephone booths were installed in Swale House, Sheppey Gateway and Faversham Cash Office ahead of the activation of the live TonePay automatic telephone payment service.
In parallel with the physical infrastructure changes significant time and energy was expended in defining and planning the testing of the new payment channels, leading to an agile campaign of progressive system correction, follow–up testing and delivery, shaping the payment project to achieve a go-live decision on the TonePay payment service in sufficient time to conduct user tests of the other streams on the live environment in time to satisfy a PCI DSS SAQ (A-EP) ahead of the target date.
Lastly, significant work was done on aligning the various data extraction report routines operating on the existing IT infrastructure. In particular SCAT, Academy, Agresso and Penalty notice reports and transaction processing were aligned with the nightly Adelante transaction processing. All reports are now be based on the same processed transaction data, leading to a significant reduction in the time and effort required to reconcile payments received and made across different council departments.
There were three main issues that arose during the implementation of the project post initiation:
- Delays in addressing the identified issue required we adopt an AGILE project approach whilst also establishing the basic components of a PRINCE2 based project philosophy for the subsequent phases of the digital transformation.
- With less than 6 weeks before the deadline we were finally made aware of a parallel project to introduce “Skype for Business” across the three borough councils of Swale, Maidstone and Tunbridge Wells. The impact was significant requiring a re-planning of the testing schedule to ensure the Automated Telephone Payment system was operational 3 weeks ahead of the agreed deadline for the six primary income sources covering 90% od SBC income.
- In addition to the compressed timescale to meet the implementation deadline there was no dedicated project team to realise the transformation, Consequently, much work was conducted with the customer and stakeholders to establish the project priority and obtain targeted team members who were managed in a matrix environment.
The project was successfully delivered to meet the deadline and a subsequent PCI DSS self-assessment audit was conducted to ensure the new payment systems were PSN compliant. THe following project outcomes were realised:
- The TonePay ATP was fully implemented and replaced the existing ATP using a new 03300 number. The replacement telephone lines to support Skype for Business were made live and both TonePay and Skype are using those lines.
- The overall readiness of the SBC/KCC infrastructure was audited against PCI DSS requirements and signed off.
- The Adelante payment service was successfully implemented.
- The implementation of the new Abavus forms and the Adelante payment service were audited and signed off as PCI DSS compliant.
Subsequent to the conclusion of this programme of work AMDS Consultants Ltd continue to provide project and programme support to SBC to enable the realisation of a new website designed in accordance with the best practice standards laid down by the Government Digital Service.
The lessons learned from the project were recorded and published, the findings are summarised below. Not all lessons fell in the way in which projects and programmes were addressed however, a more structured approach to the project would have been of significant benefit.
- Appoint a dedicated project team who agree objectives and accept ownership
- Early engagement with stakeholders
- Impact of three authorities at different stages of development
- Establish the stages of the project at the outset
- Appoint a programme manager for the transformation across all authorities
- Establish formal communication structures
- Active management of resource availability
- Motivate allocated resources to collaborate
- Establish project disciplines and tools
- Allow for non-productive project time in planning
- Prioritise activity based on business need
- Establish a transformation programme website