Secure Telephone Payments

The telephone is the oldest and still the most widely used “customer not present” payment collection channel in the financial, utility and local government sectors. Delivering secure telephone payments using automated IVR and Visual IVR telephone payment solutions is a vital part of a modern payment collection services.

Despite the investment made by all organisations and enterprises in online transaction processing systems, people still pick up the phone and expect to be able to pay a bill over a traditional voice channel.

In an era where providing excellent customer service is a key business differentiator and, failure to do so is communicated instantly and widely through social media, organisations and enterprises are challenged with providing their customers with secure, effective, efficient and well integrated means by which they can make card payments over the telephone.

Customers expect to be able to make a secure card payment over the telephone in the following situations:

  • As a 24×7 self-service option
  • During the course of a conversation with an customer service agent
  • An increasing number of customers expect to have a convenient and secure smart-phone card payment application available to them and accessible from their device

These three different payment scenarios can, with some planning and design, be addressed in a PCI-DSS compliant environment with a solution that uses “almost” all the same core software and hardware infrastructure in place for online web payments
Self-Service Payments

It is not possible or feasible for organisations to provide 24×7 access to agents. As a result, having a well designed automated telephone payment (ATP) self-service solution complements a live agent service during business hours and provides a 24×7 card payment capability at a fraction of the cost of having staff available during off-peak hours.

Even during normal business hours, an ATP service allows agents to concentrate on higher value conversations, that are more difficult, or impossible, to automate, and at the same time, eliminates agent contact with sensitive card holder data – an important PCI-DSS consideration.

From the payers perspective, payments can be made at their convenience from any phone, any where at any time and the only device required is a phone.

Regular users of an automated telephone service benefit from personalisation of their call flow experience making their interaction experience more efficient and convenient. And the use of advanced speech recognition, instead of the traditional touch-tone technology, brings the entire process of self-service payment to a new level.

Finally, for the enterprise, as part of an arrears collection strategy, a self-service automated solution, integrated with an outbound SMS or voice-based notification service, improves the efficiency of the bill reminder and arrears collection business processes.
Agent Assisted Payments

Sometimes it is not an option for callers to use a self-service solution in order to make a payment. This situation arises for a variety of reasons, for example,

  1. The original intention of the caller was not to make a payment and the need to make a payment developed as part of the interaction with the agent.
  2. The organisation wants to use every contact opportunity with their customers to promote other products and services that may be of interest to their existing customer base and are reluctant to deploy an automated self-service solution during business hours.
  3. Self-Service solutions may, on occasion be unable to process a payment and organisations will insist on having an agent-based service in place as a backup for callers who encounter difficulty using the self-service solution.

However, taking a payment in a call brings the contact centre operations into scope for PCI-DSS compliance.

A cloud-based agent-assisted payment solution, using the same technology deployed in the self-service environment allows callers to make a card payment in a call, while keeping all sensitive card data completely isolated from the agent and call centre operations.

The payment process is a simple co-operative process between the caller and the agent. The agent provides the required business data into the payment transaction and the caller provides the card data required to complete the payment. As the payment takes place in the cloud, sensitive card data never enters the data systems or call recording systems in the call centre. The agent is always connected to the caller and can follow the progress of the payment in real-time. Once the payment transaction is completed, the caller and the agent are free to resume their conversation.
Smart Phone Payments

With the surge in the deployment of 4G and the increased data bandwidth that it provides, smart-phones are becoming the device of choice, surpassing both laptops and desktop computers, for many people when it comes to accessing the internet for information or carrying out online transactions.

Providing a solution that allows customers to avail of this channel is a vital part of any customer service strategy, especially if it can be provided on top of existing infrastructure used to support telephone self-service card payments, agent-assisted telephone card payments or other online web payments.

Because a payment application requires significant integration with existing back-end business systems for Identification and Verification (ID&V), as well as, integration with payment service providers(PSP), re-using all this infrastructure to quickly deliver a smart-phone card payment solution is good business practise as well as good customer service.

Deployment Options

The deployment of secure, cost-effective and PCI-DSS compliant telephone payments as an on-premise or cloud based solution will depend on the organisation. All of the elements, voice-channel self-service, smart-phone based self-service and agent-assisted telephone payments can be deployed either on-premise or as cloud-based hosted services. The cloud based solution has the advantage that PCI-DSS compliance for telephone payments is out-of-scope for the organisation, however, external or VPN based web-service access to back-end systems for ID&V and post-payment updates is necessary. An on-premise based solution will have the advantage of no external infrastructure dependencies, however, it does bring PCI-DSS into scope for telephone payments.
Conclusion

Handling telephone payments, whether they are, traditional voice channel calls, smart-phone self-service requests or calls to customer service agents are an important part of an organisations customer service offering. Because of the nature of the data involved, these transactions need to be handled in a secure manner complying with the industry standards laid down by the Payment Card Industry. To provide a comprehensive customer service solution in this area that is cost-effective, secure and minimises risk to card holder data, organisations need to address all the contact scenarios that involve telephone payments, maximise the use of shared infrastructure and limit the scope of this infrastructure so that PCI-DSS compliance can be minimised or eliminated.
About SyberNet Ltd.

SyberNet specialises in the design, delivery and operational support of automated telephone self-service solutions, using speech recognition and touch-tone interfaces, in the utility, financial, education and government sectors.

Leave a Reply

Your email address will not be published. Required fields are marked *