CardByPhone is an essential module for customers wishing to take card payments over the phone when using X-on’s PhonePresence Cloud PBX and Contact Centre services. The service offers:
- Attended or unattended IVR card transactions with agent guidance
- Options that integrate with backend systems for transaction data
- Options for speech recognition capture of transaction information
- Sensitive data removed from customer environment
By deploying CardByPhone, your organisation can remove credit and debit card data from being accessible within your organisation. As a result, the onerous PCI-DSS requirements which govern security when handling card data are taken out of scope.
CardByPhone can be integrated with existing CRM and order processing systems, or stand alone, allowing a rapid deployment for immediate peace of mind.
How it Works
The principle of CardByPhone is that the customer is asked during a call to enter all the sensitive numeric card data on their phone keypad (DTMF tones). These tones are blocked by the system from reaching your agent, or anywhere in your environment. The sensitive data includes the long card number, expiry date and CV2 (CVV) security code.
During the process, the agent and caller remain connected and the agent has visibility of the caller’s progress, excluding the actual data. Once the information is collected, including the value of the purchase, the transaction is transmitted to the payment provider and the result (success or failure) transmitted to the agent who informs the customer.
CardByPhone comes in versions and pricing models suitable for Contact Centres to SMEs.
PCI Scope and Audit Trail
In a traditional telephony environment, the entire phone system becomes within scope. For VoIP systems, this includes the IP Network over which the calls are connected, often including the Internet. When calls are recorded, recording must be suspended during card transactions and this must be achieved by integration with the card payment system - it is not sufficient to manually suspend calls.
CardByPhone overcomes this by removing the environment from scope. Call Recordings can be made within the PhonePresence hosted environment and will automatically exclude the card data. However there will be a full recording of the transaction, together with a data audit trail.
CardByPhone allows organisations to simultaneously take advantage of Cloud based telephony, ensure that they comply with PCI compliance and minimise their risk of fraud.
What It Does
- Remove credit card data from your scope to ensure no PCI Compliance requirements
- Supported across a wide range of environments
- Inbound and Outbound calls
- Call recordings available for all calls with card data suppressed
- Unattended mode for completely automated payments on inbound or outbound calls
- Integrates with all common Payment Service Providers, including:
- Client side API for CRM, eCommerce or Order Processing system integration
- Standalone option using web form or speech recognition
- Optional Fraud Indemnification service