Fraud is on the rise. No other industry knows this better than the credit card industry. Payment card companies have a significant interest in protecting their customers’ data, as fraud has produced global damage of $5.55b in 2012 (according to http://www.statisticbrain.com/credit-card-fraud-statistics/). In the US, credit cards are a predominant means of making payments, and in the ever-growing world of online shopping increasingly the only available method. CNP (card-not-present) payments, however, are most vulnerable to fraud.
In online transactions, it is primarily SSL encryption that secures a payment and the submission of credit card data between a client (the browser) and the payment gateway servers. The same method can be used in mobile Web apps as well as native apps. This makes for some pretty good privacy… But another dominant channel for payment transactions is the good old phone. Call centers typically take good measures to prevent agents from taking notes while listening to credit card information. But rising security concerns as well as tightening industry requirements call for different solutions.
Enter IVR. Interactive Voice Response does not only help automating tedious and simple tasks within a call center, thus reducing costs while lowering wait times for callers. It is also a more discrete channel of information sharing. Studies have shown that people actually prefer to handle sensitive information with a machine rather than a human (e.g., see http://call-center-solutions.tmcnet.com/articles/72920-survey-reveals-increasing-consumer-acceptance-ivr-systems.htm). IVR is the perfect technology to accommodate that preference AND offer a cheaper and more secure environment for collecting payments over the phone.
In 2004, the major credit card companies formed the Payment Card Industry Security Standards Council and released the first version of the PCI-DSS (PCI Data Security Standard). At version 2.0 since October 2010, any organization that processes or stores PII (personally identifiable information) in the context of debit, credit, prepaid or other payment cards must comply with the PCI-DSS, either by a Qualified Security Assessor (QSA), or through a Self-Assessment Questionnaire (SAQ), depending on the amount of transactions processed.
Voxeo runs one of the largest standards-based IVR networks in the world, with a global presence through data centers and support centers in the US, EMEA, and APAC regions. It is fully certified for Level 1 PCI-DSS and powers IVR applications and voice portals for some of the world’s largest financial institutions. By relying on standards such as VoiceXML, CCXML, and SIP, and offering their solutions both in the cloud and on-premise, Voxeo can offer a highly flexible payment solution portfolio encompassing the following scenarios:
1) CSR Transfer
An agent can process an order, and when it comes to collecting credit card information, can transfer the call to Voxeo, having the Voxeo IVR securely collect the payment information, transmit that over secured lines to a payment gateway, then transfer the caller back to the agent, submitting information to the agent about success or failure of the transaction if required.
2) IVR Sub-Dialog
The same will work for an existing, non-PCI-compliant IVR system or voice portal, that wishes to securely offer payment transactions. An existing IVR application can transfer the call to Voxeo and back, as described above.
3) Standalone IVR
Voxeo is a RESPORG and can therefore provision toll-free numbers for standalone applications that take payments. These can be extended to full-fledged self-service portals if desired.
Interested? Get in touch with us today to find out how to make use of these highly secured ways of taking payments. Email us.
Read more about our capabilities here:
- Announcement of Voxeo Security Suite: http://voxeo.com/press-releases/voxeo-combats-contact-center-and-consumer-fraud-with-new-security-suite/
- Press release of fraud protection for financial solutions: http://voxeo.com/press-releases/voxeo-helps-fight-financial-data-fraud-by-extending-highest-level-of-protection-to-customer-self-service-applications-hosted-in-its-multiple-worldwide-data-centers/
- Announcement of PCI-DSS Compliance: http://voxeo.com/press-releases/voxeo-achieves-compliance-to-payment-card-industry-data-security-standards-version-2-0/
- General compliance information: http://voxeo.com/compliance/
Follow me on Twitter:
- Free Webinar, June 22: Taking Customer Service to the Cloud, Featuring Ovum Analyst Daniel Hong
- Americans Not Taking Advantage Of Their Smartphones – Yet
- Voxeo and TradeHarbor partner to provide voice biometrics and fight identity theft
- Guest Post – CSIdentity Voice Verified: Why We’re Speaking Up!
- Data Privacy Day 2011 – Celebrating the Privacy We Need Year-Round