Making contact centre payments compliant and effective

What Is A Payment IVR?

Payment IVR

One of the tasks that many customers require of a contact centres is the ability to be able to make payments. This could be, for example, where the a person receives a call from an agent offering a product and the recipient decides that they want to purchase it. Another scenario may be that a customer engages with the contact centre to pay an invoice or set up a service upgrade.

In either case they will almost always want to pay for the service there and then.  If they can’t do this, either, you lose the sale completely in the case of a new enquiry or frustrate an existing client, making them more likely to want to find a different supplier.

Payment security

The main issue for making payments over the phone is security. In the past, there was little choice other than to give your card information over the phone. In fact, if you want to pay for a takeaway you are likely to have to read your card details over the phone. This means that there is a risk that card details can be misused. In order to minimise the risk of client’s card data being misused or misappropriated the vendor needs to comply with PCI DSS (Payment Card Industry Data Security Standards). Any company must meet the minimum standards for card data security. 

And for larger organisations that transact much larger number of payments, the standards become increasingly more onerous. And for contact centres, the fact that calls are often recorded leading to card details or keypad (DTMF) tones being recorded as well as the potential for back end systems to retain card details within a database. This means that there is much more potential for payment details to find their way into the wrong hands at scale.

What is PCI DSS Compliance?

If you accept credit or debit cards as a form of payment, then PCI compliance applies to you. The storage of card data is risky, so if you don’t store card data, then becoming secure and compliant may be easier. Find the PCI DSS Standard document here.

In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the Payment Card Industry Security Standards Council (PCI SSC) – American Express, Discover, JCB, MasterCard, and Visa International.

Most merchants that need to store credit card data are doing it for recurring billing. The best way to store credit card data for recurring billing is by utilizing a third party credit card vault and tokenization provider. By utilizing a vault, the card data is removed from your possession and you are given back a “token” that can be used for the purpose of recurring billing. By using a third party, you move the risk of storing card data to someone who specializes in doing that and has all of the security controls in place to keep the card data safe.

Types Payment IVR

There are several types of payment IVR. Each of these types of Payment IVR have uses, however, certain IVRs have much better customer experience than others.

Automated Payment IVR

This is an automated environment whereby the caller is directed through the contact centre system to a payment application.  The customer can pay for services through speech recognition and keypad tones. There is no human intervention.

Post Call Payment IVR

In this situation, the customer engages with an agent. At as result of this conversation, the customer needs (or wishes to) make a payment. The agent then directs the customer into a payment environment. The agent is now no longer involved in the call and is free to answer other customers. The customer completes the payment process and ends the call. This is sometimes called "fire and forget".

The issue with this is process is that the customer may choose not to complete the payment process or perhaps they get stuck and are unable to proceed. It is unlikely that the customer will return to the contact centre and probably will not be able to speak to the original agent.  This type of process has significant downsides especially if considerable effort needs to be made to contact and talk to the customer e.g. debt collection.

Agent Assisted Payment Process

In this situation the Agent remains on the call with the customer. However, during the payment process, the customer is sent into a secure payment system where they will enter their card details via their phone keypad. The Agent remains on the call and is able to monitor its progress through the payment process. The Agent can also break into the call, if it looks like the customer is in difficulty. Also, the customer is able to return to the agent as necessary.

But importantly, these touchtones are masked and therefore not audible to the agent or call/screen recordings and this data no longer enters your contact centre environment. This not only de-scopes your contact centre from PCI DSS compliance and reduces your annual audit, it also prevents this data from being stored or potentially misused.

In-call payments

This is another agent assisted process. But instead of the Agent passing the customer to a secure payment system, the Agent selects a web form. The customer is instructed to enter the card number using the keypad. These numbers are collected on the web form but the digits are obscured so that the Agent is unable to see them. During the payment process, the call recording is also muted so that the key tones are not recorded. The call continues throughout the progress of the payment. The call recording resumes once the payment is completed.

Choosing a payment IVR

Taking payments is a major issue for contact centres. Naturally, it is essential that they provide a secure service which complies with the law and customer requirements. However, it is also important that the system that the contact centre uses to process payments offers a good customer experience and maximises the number of payment completions. For many clients the Agent Assisted IVR offers a balance between user experience, security and cost.

Payment IVR Type User Experience Payment CompletionCost
Automated IVRLowLowLow
Post Call IVRMediumLow/ MediumLow
Agent Assisted IVRHighHighMedium
In Call IVRHighHighHigh

The Hostcomm's Agent Assisted IVR is a great solution for all businesses, especially Small and Medium Businesses. It offers the high standard of security with excellent customer experience. 

Learn about Payment IVRs

Learn more about how you can use our PCI DSS Certified Agent Assisted IVR with Hostcomm's cost-effective agent assisted payment solution.

Connected by VOIP Communications

Trusted by

Pharm N Case StudyLogo New V Case StudyFirst Data Logo 2018 N Case StudyHelp Lin N Case StudyShelter Logo N Case StudyHome Logic Icynene Case StudyOrbit Logo Purple 2 Case StudyInspire Logo 2 Case Study


PCI DSS Certified, TPS Telephone Preference Service, ICOCSA Supplier Member, Cyber Essentials