PCI Compliant IVR Payments – How Can IVR Help You With Your PCI Compliance

If your business is accepting credit cards as a form of payment for good and services over the telephone either collected by live agents or using an automated IVR you MUST be PCI Compliant.

The way businesses take payments with credit cards is undergoing significant and continuous change as a result of the Payment Card Industry (PCI) security requirements, and the efforts of PCI Security Standard Council to secure credit card holder information. What used to be accepted practices are being changed with much more restrictive measures to ensure that credit cardholder information is protected. This industry transformation is impacting how businesses take and process payments over the telephone.

When your customer is calling you to pay for products and services over the telephone, you are responsible for securing your customer’s credit card information while you are collecting and transmitting this highly sensitive information. You must ensure that all credit card collection and transmission points, your staff, telephone systems, software solutions, network segments and data storage solutions comply with the PCI security standards; this includes any wired, wireless, private and public networks. Security starts at the point where payment card information is collected whether given to an employee of your business over the telephone, a live contact center agent over the telephone or entered into an Interactive Voice Response system (IVR).

When you have live agents interacting with your customers, the people, systems and processes that accept and process payment cards, must comply with PCI standards. Any person or system that touches or stores in text or voice, credit card data is subject to PCI. This includes: PBX/VoIP phone systems, ACD’s, IVR’s, Call recording solutions, PC’s, Servers, customer relationship management (CRM) software, customer tracking solutions.

At the top of your watch list:

  • Ensure that all systems including your PBX (VoiP), PCs, Switching equipment, Network servers, routers, CRM software are fully PCI compliant
  • Ensure that all your employees who will handle credit card payments adhere to an information security policy which is PCI compliant.
  • Ensure that transmission of cardholder data across your networks and on to public networks is encrypted.
  • DO NOT store Sensitive Authentication Data after authorization (CVV / CVC code)
  • Try not to store credit card numbers, if you need to store it, make sure all stored credit card data (card number) is rendered unreadable (encrypted).
  • Ensure you have an appropriate data retention policy in place and followed. All disposal of stored card data should be done in a secured manner.

And the list goes on.

The cost of managing payment security is becoming of greater concern to organizations, as the measures to protect credit card holder information and adherence to payment card Industry security requirements are becoming stricter. To help manage the costs of payment security, organizations have two options, (a) managing payment security in-house by retrofitting their Organization or (b) Outsourcing payment related components that can minimize their risk. Understanding the impact of a payment security approach to overall payment security management costs requires an analysis of infrastructure and technology costs, as well as the cost of personnel. Choosing the the right approach is paramount.

One such solution that can help organizations manage their costs of PCI Compliance effectively is implementing a secure IVR Payment solution by a PCI Compliant service provider. This approach removed the handling of sensitive credit card information away from live agents.

At Datatel, we help business solve this problem, by delivering an IVR Payments solution on the cloud which removes the handling of all credit card information by sales, service delivery and customer service agents. Datatel’s CryptolVR is the most robust, cost-effective and easy to deploy IVR Payment platform on the Cloud to process Credit Card and eCheque payments 24/7, in a PCI compliant environment.

Datatel has been providing IVR Payment Solutions on the Cloud to Hundreds of Businesses, Healthcare Providers, Governments, and Non-For-Profit Organizations for over 10 years.

Whether you are receiving payments for Bills, fees, Contributions, and more, Datatel has an IVR Payments Solution for your business. Implementation is quick and simple with industry-specific templates.

Before choosing any solution to address PCI compliance we highly recommend contacting your merchant service provider who will be able to guide you with resource and expert assistance to meet your specific PCI compliance requirements.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance