PCI Telephone Payments — When Pause and Resume Just Won’t Cut it.

Blog by Liz Jenkins, DevOps Engineer for Ciptex. Liz joined Ciptex in 2017 as a DevOps Engineer and is committed to supporting, automating, and optimising client solutions to help organisations work more effectively.

PCI Telephone Payments — when pause and resume just won’t cut it

“Calls may be recorded for training and quality purposes” — it’s a phrase we know all too well when calling a company or organisation. Organisations like contact centres accepting card payments over the phone are recording their calls to comply with the Financial Conduct Authority (FCA) obligations that prevent and detect market abuse. This causes difficulty, however, for those who also wish to achieve PCI-DSS compliance.

Many believe “pause and resume” or “stop/start” call recording technology is the silver bullet, but unfortunately, this manual intervention method won’t earn your compliance. In fact, the PCI-DSS guidelines stipulate the automatic removal of sensitive card data from recordings, without the need for human intervention. So, how can this be achieved?

There are several PCI solutions that when implemented, allows organisations to remove their advisors from the scope of PCI-DSS.

Agent-assisted or attended telephony payments is a popular method which allows advisors to collect sensitive payment information without ever seeing or hearing the card details. The advisor remains on the phone and is able to guide the customer through the payment process. With this, mistakes can be easily spotted and rectified, reducing the scope for failed payments.

Unattended telephony payments via an Interactive Voice Response (IVR) offer an automated solution which allows customers to make payments at a time which best suits them. Customers are guided through the payment process by the system, capturing and providing card details to a Payment Services Provider (PSP), within a PCI-DSS accredited environment.

Through the power of RACE and payment technology offered by One payment Cloud, Ciptex provides a Compliance as a Service offering designed with flexibility in mind, and to keep contact centres taking PCI compliant telephone card payments.