Solve the Challenges of PCI DSS Compliance in the Cloud Era.
Take your staff, processes and infrastructure out of PCI scope instantly. The sensible, simplified alternative to costly ongoing PCI accreditation, letting your customers make secure credit card phone payments using keypad tones (DTMF), all whilst the customer and agent remain in conversation throughout the whole payment process. At no time is any card holder data is passed through to your call centre agents, call recording service or other infrastructure. The scope of your PCI compliance, and technical challenges, has now dramatically reduced, resulting in significant annual cost savings, when compared to your current expenditure.
Our suite of secure payment solutions, which supports both inbound and outbound calls, is designed to dramatically simplify the Payment Card Industry Data Security Standard compliance requirements of your contact centre. Saving you time, effort and costly ongoing expense.
Do I need to be PCI compliant?
Any business that processes credit card payments must be PCI compliant. Without PCI compliance your merchant provider may cancel your credit card merchant service at any time, in which case, you will no longer be able to collect money by credit cards from your customers.
What is PCI compliance?
The Payment Card Industry Data Security Standard – PCI DSS (is commonly referred to as PCI), is a set of security standards designed to ensure that any business that accepts, processes, stores, or transmits credit card information maintains a secure environment. This standard was developed by the PCI Security Standards Council which was founded in 2006 by Visa, MasterCard, Amex, Discover and JCB.
Does PCI still apply to me if I only accept credit cards over the phone?
Yes. Any business that stores, processes or transmits payment card holder data using any method including the telephone, must be PCI Compliant.
How would a business obtain PCI compliance?
In summary, the business must implement PCI standards across its people, processes and technology. In many circumstances this will include PCI Council certified Qualified Security Assessors, Approved Scanning Vendors, and sometimes PCI Forensic Investigators. Your PCI compliance status must then be reported to your acquiring financial institutions or payment card brand. Becoming compliant can be a costly, time consuming and a very complex effort. Large companies can spend many hundreds of thousands of dollars annually to meet the mandated requirements.
The requirements and standards can be found at https://www.pcisecuritystandards.org/
Payments over the phone
With strong growth in on-line shopping one would expect phone payments to decrease, however this is not the experience of many retailers.
During an online purchase, shoppers often want to talk with the retailer over the phone to confirm details about the product or delivery.
It’s in the retailer’s (and shopper’s) interest to conclude the sale, process the payment and ship the goods – driving growth in phone payments.
Customers phoning contact centres for disputes, refunds or exchange of goods are also driving phone payments for many businesses.
Contact Centre PCI Compliance
Contact centre environments generally consist of CRM, admin systems, a call recording system and a telephone system.
Increasingly these telephone systems are “VoIP” based, and uses the same internal network as the rest of the systems running the business, thereby bringing the entire contact centre environment into scope of PCI compliance.
For many businesses, making their environment PCI compliant is a highly complex and very expensive, if at all possible. The call recording system alone poses a problem, as PCI requires that the CVV (the 3 digit card security code) must never be stored.
The challenge is that the people and the technical environment are all exposed to card holder data, thereby are all in scope of PCI compliance.
13Text PCI Agent Comply
To resolve all of these issues, we have created PCI Agent Comply.
PCI Agent Comply collects the card holder data and processes the payment without exposing your call centre agents / people or environment to any cardholder data.
The key to this is that the call centre agent remains in full voice conversation with the customer throughout the payment process, thereby providing the highest level of customer service and experience, and can continue in conversation thereafter to process the rest of the sale such as delivery instructions for the goods sold.
How It Works
When a card transaction is required, the agent enters the payment details such as invoice number and amount into the 13Text Agent Comply web console interface, then, asks the caller to enter their card details using their telephone keypad.
Agent Comply captures the keypad tones (DTMF) and masks those tones from being passed through to your call centre agents. No cardholder data (CHD) is passed through to your call centre agents, call recording service or other infrastructure.
Your customer and call centre agent have continuous voice conversation throughout the process. The scope and cost of your PCI compliance, technical challenges, are now dramatically reduced.
We support both inbound and outbound calls.
Simplify Your PCI Compliance Today… Free Call Us Now
13Text PCI Agent Comply – Automated
Our 24 x 7 fully automated PCI compliant IVR phone payment service.
Collects payment of invoices, rates, donations and subscriptions by credit card over the phone and deposits the money into your bank account.
Customers can call the service direct 24×7 and make payments without needing to wait for business hours to speak with a call centre agent. Includes options for call centre agent to converse with the caller to verify details or complete a process and then drop out of the call so they are free to take other calls, while the IVR phone payment service processes the transaction. Callers can be passed back to a call centre agent at any time.
We can provide your own dedicated 13, 1300, 1800 or local telephone number to make it easy for your customers to use. You can also port your own numbers into our network if required.
Our API provides options to communicate with your environment to pass information such as payment reference numbers, amounts and results.
This dramatically simplifies the scope of PCI compliance for you, instantly.