How to Securely Accept Payments over the Phone using Contact Centre Software

Posted: 26 May 2023

In today’s digital age, where cyber-attacks and data breaches are frequent, organisations face increasing pressure to ensure they protect the customer data collected from handling payments over the phone.

The Payments Card Industry Data Security Standard (PCI DSS) is a global standard that mandates how organisations must take payments over the phone. Failure to comply with this standard can lead to a monthly penalty between $5000 to $100,000.

In this blog, we’ll explore how your organisation can effectively utilise cloud contact centre software to securely accept payments over the phone, satisfying PCI DSS compliance requirements.

The Nature of PCI DSS Compliance

When organisations take payments over the phone, they handle customer data such as the cardholder’s name, expiry date and the Card Validation Value (CVV). Mastercard and Visa worked with the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to establish the Payments Card Industry Data Security Standard (PCI DSS) to safeguard this data from potential fraud or misuse.

Organisations that use contact centre software to take payments over the phone must ensure they satisfy the following six pillars of PCI DSS:

  1. Build and maintain a secure network
  2. Protect cardholder data
  3. Maintain a vulnerability management program
  4. Implement strong access control measures
  5. Regularly monitor and test networks
  6. Maintain an information security policy

How to Utilise Contact Centre Software to Meet PCI Compliance Requirements

It is imperative for organisations that take payments over the phone to protect cardholder data and satisfy the requirements that form PCI DSS. Cloud contact centre software enables organisations to interact with their customers across multiple communication channels, allowing them to accept secure payments. Due to this, organisations must ensure the contact centre software offers a solution that enables PCI-compliant payments to avoid non-compliance.

ipSCAPE’s cloud multi-channel communication platform provides ipSCAPE Pay, a financial institution agnostic payment solution enabling organisations to accept secure payments over the phone while still meeting PCI DSS requirements.

How does ipSCAPE Pay work?

This solution utilises tokenisation throughout the payment process, which involves encrypting sensitive data, i.e. credit card details, and substituting that data with a non-sensitive equivalent, referred to as a ‘token.’ The agent on the call with a customer can see a visual status of what stage the customer is up to in filling out their details. However, the agent cannot view sensitive data or hear audible tones. Encrypting all sensitive data enables any payment taken over the phone to comply with the PCI DSS requirements.

Organisations can select between two options to implement ipSCAPE Pay, which is described below:

  1. Enable customers to use the touch-tone keypad – When notified during a phone call, a customer can use the touch-tone keypad to input their credit card details by pressing the relevant digits. The agent’s voice connection is maintained throughout the payment process and will see asterisks appear in real-time, indicating a customer is inputting their details. This functionality can assist the agent in providing the customer with guidance, enhancing their experience. To facilitate payments over the phone during out-of-business hours, ipSCAPE Pay can be integrated into your IVR, enabling customers to access self-service to make their payments.
  2. Trigger an SMS to the customer – While on a phone call with a customer, an agent can send an SMS to the customer’s phone number, which contains a link to a form for the customer to make a payment. The agent can view the status of where the customer is up to in completing the form, which allows the agent to provide any assistance based upon which step they are up to. Once the form is completed, the agent can verify the customer’s card details by viewing the last four digits of the credit card and identifying the merchant, e.g. your Mastercard ends with the last four digits of 1234.

Ultimately, when utilising either option of ipSCAPE Pay, your organisation will meet PCI compliance requirements.

If you’d like to discover how ipSCAPE can support your organisation to adhere to PCI DSS compliance when accepting payments over the phone, check out our range of compliance tools or get in touch to find out how ipSCAPE’s award-winning software can help your contact centre operate more efficiently and effectively.

ipSCAPE is a feature-rich, scalable cloud communication technology solution with advanced integration capabilities. We help businesses connect with their customers through multi-channel communications, including Voice, Web Chat, Email, SMS, IVR, and other emerging channels.