eazycollectdirectdebits

Call Us Now

Client Login
Client Services: 01242 269790
Sales: 01242 650052

Request Brochure Get Online Quote

Enterprise and Corporate Direct Debit Services for Your Business

Get Your Complete Direct Debit Guide Today

Invalid Input
Invalid Input

The Perfect Direct Debit Service for any business, non-profit or organisation is right here

8 Ways To Take Direct Debits

The UK's Only Direct Debit Provider Enabling You To Take Direct Debits Via Any Sales Channel On Any Device
Further Details
Online via Secure Portal
Website Forms
Over the Telephone
Mobile App
Using a Tablet
Your Systems via API or File Upload
File Upload
Traditional Paper Forms
image
Direct Debits with

Xero

Automate Your Invoicing, Payment Collection and Reconciliation with our Xero Link.
Request the Guide
image
Direct debits via

API

Connect our Direct Debit Management System to your own Billing, CRM or ERP system via API
Get the API Specification
image
Set up Direct Debits with a

Mobile App

An array of configurable presets and block variations to individualize content
Read More
Paperless Direct Debits

Paperless Direct Debits

Quickly and securely offer Paperless Direct Debits for your business or organisation with our hosted web solutions.

  • Easy online sign-up process to boost your sales
  • Seamless branding using our BACS compliant templates
  • Streamline Your Telesales - set up Direct Debits over the phone without paperwork
  • Built-in bank validation to reduce errors and fraud
  • Administration overhead slashed
  • Automated DD Advance Notice letters emailed
Accept Direct Debit Payments

Accept Direct Debit Payments

Eazy Collect’s Direct Debit solutions are all functionality-rich, easy-to-use automated systems hosted on a secure web platform for 24/7 access.

  • Instant Direct Debit facility with low-cost set up
  • Office-based system or online paperless solutions
  • Get paid on time and reduce your admin costs
  • Our pricing is transparent with no hidden fees
  • Offer your customers more ways to pay and increase sales
  • Sensitive customer data is protected

Home

Information Security Policy

Information Security Policy (Updated 25.05.2017)

1. Policy Overview

1.1 Policy Name
Electronic Information Security Policy (ISP)

1.2 Purpose
As a regulated payment service provider, Eazy Collect Services Limited (Eazy Collect) regards information security as critical to its own and its Clients’ business integrity and therefore has procedures in place to protect and monitor data security.
This document outlines the procedures in place to maintain data security at all times on our network and within our business.

1.3 Scope
This document defines how Eazy Collect secures electronic information and data.

  • Legislation and Policies to which our services are bound
  • Security of information held in electronic form on our storage devices
  • Allocation of Information Security Officer (ISO) and Data Protection Officer (DPA)
  • Location of Eazy Collect’s Electronic Information Assets
  • Authorised personnel and access control
  • Backup procedures
  • Information Security review procedure
  • Action in the event of a breach of the policy or data disclosure
  • End-user responsibilities
  • Contacts for further information

2. Legislation and Policy

2.1 Legislation
Eazy Collect has a responsibility to abide by and adhere to all current UK and EU legislation as well as a variety of regulatory requirements. These include:

Computer Misuse Act 1990
The Copyright Designs and Patents Act 1988
Data Protection Act 1998
Obscene Publications Act 1959
Telecommunications Act 1984 and Communications Act 2003

2.2 Regulatory
BACS Approved Bureau
Financial Conduct Authority
Anti-Money Laundering Legislation

2.3 International Law
Where service or data is being provided outside of the UK, the data or act of transmission must not contravene any international laws or treaties.

3. Monitoring, Review and Reporting

3.1 Allocation of Information Security Officer (ISO) and Data Protection Officer (DPO)
Eazy Collect has allocated Matt Harris (IT Manager) as the Information Security Officer (ISO) and Andy Stalsberg (Director) as the Data Protection Officer (DPO).
The ISO is responsible for overseeing all aspects of Information Security at Eazy Collect.

3.2 Reporting of Incidents Procedure
Any incidents relating to Information Security are to be recorded by the Information Security Officer (ISO). In the unlikely event of information owned by another party or customer has been exposed due to a fault, the affected party will be notified as soon as possible.
In the event a customer has exposed information considered confidential or has created a security problem, the customer should notify Eazy Collect as soon as possible so that action can be taken.

3.3 Review of Information Security Policy
This ISP document will be reviewed by the ISO every 12 months or less if a legislation or industry events require.

4. Backup of Data
The servers have daily snapshots automatically stored plus there is real-time storage of transaction logs. This ensures the system can be restored to any point in time on any one of three data centres.

5. Location of Data and Security Measures

5.1 Location
All data available for access via the Internet is stored in our secure data centre facility. The service is based in Dublin Ireland and is mirrored in three data centres which are on separate power and telecoms networks. If one becomes unavailable, the service switches to one of the other two to maintain availability. We also hold a separate copy of the data in Frankfurt and this can be deployed and running in one hour.

5.2 Data Centre Physical Security

  • ISO27001 Approved Data Centre
  • Key card access to facility and individual data centre halls
  • 24‐hour manned security with perimeter fence, electrically controlled gates and CCTV
  • Fully Redundant power with backup UPS for all systems and diesel generators for continued operating during power outage. 
  • Automatic Smoke & Fire Detection and Suppression Systems 
  • On‐site technical support staff and network monitoring

5.3 Our Network Security

  • All aspects of the network are monitored 24x7 and engineers are automatically notified of any problems
  • We employ a third party security vendor to independently test our security/vulnerability. This comprises daily delta testing, quarterly vulnerability testing and annual penetration testing.
  • Hardware firewalls protect the connections between the public Internet and our local network within the data centre 
  • All traffic must pass through the hardware firewalls and be filtered before it even gets to the servers and data storage 
  • Hardware firewalls allow filtering of specific types of data, services, ports and source/destination IP addresses so that only specific communications are allowed 
  • Additional Automated processes protect the network from intrusion or attack
  • Data in the network is held within a Virtual Private Cloud; databases are in a separate subnet which are not publicly accessible and we can only access it via a Virtual Private Network. Data between machines is encrypted using a 128bit cipher.

6. Access to Data

6.1 Authorised Personnel
The Client is responsible for managing access control to the Eazy Collect DD management system. An account administrator will be allocated at the point of order who will have full access to data and the management of users / access control. Eazy Collect’s staff members are only allocated access to data where specifically necessary for their duty. Some of this access is to perform administration tasks and does not require viewing of data, unless requested by the customer or authorised party. In the case where a member of Eazy Collect staff has access to data, a non-disclosure agreement (NDA) will be in place for that staff member. All staff members with any access to data are made aware of the critical importance of data security to Eazy Collect and its customers.

6.2 End User Responsibilities
All users of services provided by Eazy Collect are responsible for ensuring their end-user computers and networks are of a secure and functional state to access our systems.
Use of our services and access to data is bound by UK law (and International Law where data is being accessed or transmitted outside the UK), as per section 2.
Therefore the following (not an exhaustive list) precautions should be made by Customers and end-users.

  • Computers accessing our network should be free of viruses, malware or any malicious software
  • Your network should be secure from external attack or instruction
  • Use only secure passwords to prevent unauthorised access
  • Do not access confidential data from shared computers
  • Do not provide anonymous access to your data
  • Comply with the legislation and policies outlined in section 2.1
Direct Debit Management System
The perfect alternative to traditional direct debit software suppliers. There's no software to install, maintain or keep secure, yet you can link your internal systems in exactly the same way.
 
Find Out Why This Is A Better Alternative