IVR Payments By Phone
Secure credit card & ACH payments;
What you need to know
Learn how IVR Payments by Phone can help transform your customer journeys and strengthen your bottom line.
Interactive Voice Response Payments
IVR payments over the phone, in its most basic form, enable callers to make payments to companies using the touch-tone input of their phone’s number pad to provide their payment information. The payment component is typically accomplished by a secure software solution that communicates the payment information to the company’s payment gateway or other payment processors. The IVR, or Interactive Voice Response technology is the enabling layer that manages:
- Interpreting the touch-tone or voice input
- Communicates the input to the payment software solution
- Informs the caller of any exceptions such as incorrect information
- Accepts confirmation of a completed transaction from the payment software
- Allows the caller to have additional service options once the payment is complete
In many cases, such as with our Compass Payments Suite, the IVR and payments software are combined into a seamless package. This packaging of the IVR logic and payments system provides for easier integration into other platforms such as electronic billing and payments.
Many Phone Payments Are Not Secure
The hard reality is that, unless a company is utilizing an automated IVR to accept cardholder payment information, it’s very difficult to maintain appropriate security standards.
The Payment Card Industry Data Security Standards (PCI DSS) applies to any entity that processes or transmits cardholder information. While the standards define multiple levels of merchants and service providers, the requirements are the same for all merchants and service providers across all industry sectors. Noncompliance can result in significant fines, loss of the ability to accept credit cards, and ultimately a loss of business.
To simplify this, any time a customer voices their cardholder data to an agent on the phone, the risk of exposure and PCI DSS noncompliance exists. Is the cardholder data visible on the agent’s screen? Did the agent repeat the information within ear-shot of others? Is the agent operating in a sterile cubicle with no means to record the customer’s information? Was the call recorded, along with the customer’s cardholder information?
While there are many tools available to improve the compliance of the live agent payment process and redact call recordings, it’s still not as secure as removing the agent from the process.
The Difference Between Compliance and Certified
As you consider options for a fully automated IVR payment by phone system or any other solution for PCI DSS risk mitigation, you should be mindful of the potential misuse of the terminology. As is the case with anything in the security world, context is everything!
PCI DSS Compliance
Just because a company claims PCI compliance doesn’t guarantee they’re a source for risk mitigation. We’ve often seen cases where vendors will say they’re compliant when in reality, they’ve never subjected to an audit. “Compliance” can typically mean they’re following the controls and requirements best practices, and believe they’ll pass an audit, but have never actually subjected themselves to such an audit.
PCI DSS Certification
While the nuance might seem inconsequential to the casual reader, certification trumps compliance. Vendors who are certified have not just adopted the standards and controls, they submit to regular audits by a trained Qualified Security Assessor (QSA). As a result, these companies will gladly share their AOC (Attestation of Compliance) and AOSC (Attestation of Scan Compliance) certifications, which certify that they have passed an audit of PCI DSS standards and controls. So when comparing vendors, be sure to ask for their attestations, and avoid those who claim not to need them.
IVR Payments Customer Experience
Once you’ve “checked all the boxes” of your future vendor having all the necessary PCI DSS certifications and core capabilities, the next consideration is the experience of your callers. After all, nothing will prevent the adoption of your new payments by phone capability more than poor user experience.
To make sure you maximize the automation benefits of your IVR payment capability, here are a few things your vendor should be able to deliver for you:
- Realtime integration into your customer data
- Custom call-flows for your specific product or service
- Option to use your brand’s voice talent for prompts
- Lookups for account balances and payments due
- Lookups for available credit (for credit card issuers)
- Credit card, debit card and ACH payments
- Ability to make partial payments
- Ability to make multiple payments on more than one account
- An option for integrated or split convenience fees
- Text receipts of completed transactions
- Realtime updating of customer account upon transaction completion
- Option to transfer to live agent after completion or when errors occur
And finally, make sure you make your customers aware of your new service. Our blog post on driving adoption outlines all the best practices to get the most advantage from your new IVR payments capabilities.
Additional Reading From Our Blog
Every industry has its own set of specific jargon and acronyms. PCI compliance and overall credit card security is certainly no stranger to specialized terminology, abbreviations, and acronyms.
When you get to the point where you’re going to need an audit of your security processes and controls, this post will help you as you decide which auditor to select.
Compliance with industry-standard payment-card security standards is declining amongst service providers and merchants. According to Verizon’s latest Payment Security Report, barely more than one-third of companies…
This billing platform was looking to help their customers reduce their PCI compliance risk by shifting phone payments from their CSR’s to an automated IVR payment solution
IVR Payments For Your Customers
If you think it might be time to either evaluate us as your IVR payments provider, contact us to set an appointment. We’d love to learn more about your issues, your customer’s expectations, your customer’s journeys, and how we help you surpass your business goals.