0808 168 4400
call us

PCI Compliant IVR Payment System

A hosted Payment Card Industry (PCI)-compliant Interactive Voice Response (IVR) payment service is a cost effective and simple way to ensure your agents are not exposed to customer credit-card information. It also ensures that your organisation complies with the PCI Data Security Standard (DSS).

If your contact centre handles credit and debit-card details, you have a duty to protect your customers from fraud. payMatic-PCI is a hosted payment IVR application which integrates with Hostcomm's predictive dialler and contact-centre services. The service is provided on a pay-as-you-go basis and there are no hardware or software costs to pay.

  • Low monthly cost from only £199 per month
  • Easy to use and agents can be trained quickly
  • High performance, managing multiple, simultaneous card payments
  • Works with most payment gateways using secure API
  • Very secure - meets PCI DSS criteria
  • Call recording security
  • Dedicated, firewalled server eradicating server breaches
  • Unlimited support and training included in the monthly service fee

Watch the video

Secure Card payments

When a card payment is required, the agent presses a hotkey to transfer the customer to the payMatic-PCI payment IVR. At this point, the PCI-compliant IVR system takes over. The customer uses his or her telephone keypad to enter the card details and make the payment. During this time, the agent can see a progress bar, indicating how the payment is progressing. When the payment is complete, the system automatically returns the customer to the agent. This system is very easy for the agents to understand and reduces the average cost per transaction. Most importantly, it ensures the agent is not exposed to the customer’s credit-card details.

Secure Card payments
Compliance when recording calls

Compliance when recording calls

If the call is being recorded, the agent does not have to pause the recording. The call is recorded on the agent’s side only, so during the time a customer is making a payment via the IVR application, no recording takes place. The multi-frequency DTMF tones and key presses are not recorded. The recording continues only when the customer is returned to the agent.

Payment Card Industry Data Security Standard

The PCI DSS is an information security standard for organisations that handle card-holder information for major debit, credit, prepaid, e-purse, ATM, and POS cards. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is done annually - by an external Qualified Security Assessor (QSA) - for organisations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes. The following table lists the official PCI DSS requirements and shows whether our payment IVR meets each standard.

Payment Card Industry Data Security Standard
Control ObjectivesOFFICIAL PCI DSS RequirementspayMatic-PCI
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data Compliant - Firewall installed.
2. Do not use vendor-supplied defaults for system passwords and other security parameters Compliant
Protect Cardholder Data 3. Protect stored cardholder data Compliant - Cardholder data not stored.
4. Encrypt transmission of cardholder data across open, public networks It is not possible to encrypt DTMF tones over the public switched telephone network (PSTN). It is not easy to tap telephone calls but it is possible.
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software on all systems commonly affected by malware Compliant
6. Develop and maintain secure systems and applications Compliant - Cardholder data not stored or visible to any personel.
Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need-to-know Compliant - Cardholder data not stored or visible to any personel.
8. Assign a unique ID to each person with computer access Compliant
9. Restrict physical access to cardholder data Compliant - Cardholder data not stored or visible to any personel.
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data Compliant
11. Regularly test security systems and processes Compliant
Maintain an Information Security Policy 12. Maintain a policy that addresses information security Compliant

Talk to us about our hosted contact centre services all based on VoIP technology.

Contact Hostcomm