Agent assisted versus self-service IVR payments – what’s the difference?

Contact center management, PCI DSS

Agent assisted versus self-service IVR payments – what’s the difference?

We quite often speak to people who say that they would like an IVR payment solution when actually what they describe is agent assist, or vice versa, so in this blog we’re going to explain the differences between these two options and answer some of the questions that we’re most commonly asked. Our flagship CardEasy solution supports both options. During live conversation with contact center agents customers can pay securely, either using the touch-tone keypad of their phone (known as DTMF masking) or advanced speech recognition. This is known as agent assist mode. Alternatively customers can also pay using a self-service IVR.

What is the core difference between agent assist mode and IVR payments?

CardEasy’s IVR payment solution enables your customers to make secure, PCI compliant card payments by phone whenever they want to, without needing to talk to an agent at all. In IVR mode customers can make payment either using their telephone keypad or by using speech recognition if they prefer. IVR is ideal for taking regular, recurring payments such as the payment of utility bills or subscriptions – relatively straightforward transactions where no agent assistance is needed. CardEasy Agent Assist enables the same secure payment to be taken, either by the customer using the touchtone keypad of their phone or advanced speech recognition, but while the customer is on a call with a live agent.

When a customer is on a call with an agent, are they transferred to IVR at the point at which they make a payment?

No. If you’re using CardEasy in Agent Assist mode the customer and the agent remain connected to each other throughout the entire conversation, including the payment process. The agent verbally prompts the customer to either enter their card numbers using their telephone keypad or read them aloud. The speech path towards the contact center agent is automatically blocked by CardEasy which prevents the agent hearing the touchtones or speech that represent card data.

Other products on the market force the agent to transfer the customer to an IVR at the point where they are required to pay. This is a poor experience for the customer and can often lead to abandoned payments, lost orders and an increased call handling time. With CardEasy this doesn’t happen because the agent and the customer remain connected throughout the call.

Using CardEasy, the paying customer is asked by the contact center agent to either:

(a) Use their telephone keypad to enter their PAN and CV2 with CardEasy capturing the keypad entries via DTMF touchtones.

(b) Speak their PAN and CV2 as they normally would with CardEasy capturing the spoken numbers utilizing Advanced Speech Recognition (ASR).

When capturing card details via DTMF touchtones, CardEasy ensures the security of the card details by automatically blocking the audio towards the agent while the middle six digits of the PAN and the CV2 are captured. This is a unique, patented feature of CardEasy and means that even if a customer reads their PAN or CV2 number aloud whilst entering it using their telephone keypad, it cannot be included in call recordings or heard by agents. The agent can be heard by the customer at all times and is notified of the transaction result in real-time via a CardEasy payment page. When capturing card details via advanced speech recognition, the audio towards the agent is automatically blocked while the customer reads out their PAN and CV2 numbers.

Keeping the customer and the agent connected throughout means that the agent can give instructions to the customer, the customer can ask questions of the agent and any problems with the payment can be dealt with immediately. This is useful if, for example, the customer enters their card details incorrectly or if the payment is declined, or in any other circumstance where the transaction is not completely straightforward.

If the agent remains on the call the whole time, is the contact center fully de-scoped from PCI DSS?

Yes. One of the biggest benefits of the CardEasy Agent Assist solution is that it enables your contact center agents and customers to remain connected throughout the call whilst still enabling you to fully comply with PCI DSS requirements. CardEasy’s DTMF masking and advanced speech recognition technology prevents payment card data from entering your contact center environment in the first place and means that your agents are never exposed to the payment card details, whilst also ensuring that these details aren’t captured in call recordings.

This is much better than so-called ‘pause and resume’ solutions which only prevent the payment card details from being captured in the call recording but leave the agent (and the rest of the contact center environment) in scope for PCI DSS. Using CardEasy Agent Assist also means that it is not necessary for the agent to transfer the customer over to an IVR system in order to make payment, so offering a much better customer experience.

If the payment is taken via a traditional IVR is this still within scope for PCI DSS, considering that no agent is on the call?

If you’re taking payment via a traditional IVR system (and not using CardEasy) then at some point in the call flow the customer will be asked to read out or enter their payment card details. If the IVR captures that data in any way then it is in scope for PCI DSS, so switching to IVR payment alone is not enough to de-scope your contact center environment from PCI DSS requirements.

If you wish to continue using your existing IVR for payments it can be fronted by CardEasy. Your IVR prompts the customer to enter or read out their payment card details but the data is only captured by CardEasy, not by your IVR. While the customer is speaking or typing their card numbers, CardEasy automatically blocks the speech path towards the IVR so that it does not ‘hear’ the payment card data, thus de-scoping the IVR from PCI DSS completely.

What happens if the customer can’t use their telephone keypad to enter their card details?

There may indeed be circumstances where this is an issue. For example, the customer may be driving or perhaps they have a disability that means they cannot use the telephone keypad. Whatever the reason, CardEasy allows payment card details to be captured by ASR (Advanced Speech Recognition) if the touchtone / DTMF method is not suitable. The agent can switch from DTMF to ASR capture as and when needed.

Using CardEasy ASR, the customer reads out their card number as normal but the audio toward the agent is automatically blocked as they do so. CardEasy captures the customer’s speech and automatically converts it to numbers. In all cases CardEasy Agent Assist provides the contact center agent with real time visibility of the customer’s progress and redaction of card data.

What happens if the customer types in their card number incorrectly?

Once the customer has provided their PAN, CardEasy performs a BIN (bank identification number) look up to check the issuer of the card and a Luhn check to determine whether the PAN is valid. If this check indicates that the PAN is not valid – either because the customer has made a mistake or because it’s invalid – CardEasy alerts the agent in real-time. Crucially, this happens before the agent attempts to process the payment thus alerting them to potential problems in advance and preventing them submitting a payment which will be declined.

If you’re using a fully automated IVR solution CardEasy performs the same BIN lookup and Luhn check. You can also build some logic into the call flow so that if, for example, the PAN capture fails twice then the call is automatically routed to an agent. The agent can then use CardEasy Agent Assist to take the payment.

My business takes lots of regular payments by phone – can we automate this process completely if we want to?

Yes – absolutely. CardEasy is available as a fully automated IVR-based solution. This is ideal for balance payments, donations, subscription services and other regular transactional payments where agent assistance is not required and enables you to take payments 24/7. This is possible either utilizing your existing IVR or the fully hosted CardEasy solution.

Do we need to choose between agent assist or IVR mode?

No. We have many clients who use both. For example, Avon cosmetics offers its representatives the ability to make payments either using an automated IVR system or during a call with a live agent. Where possible, Avon representatives are encouraged to use the IVR system to make payments but if they prefer to make the payment on a call with an agent then they can. This might be because they have a question or something else that they need to discuss with an agent. It can also be because they’re just not comfortable using an IVR system for whatever reason and prefer to deal with a real person. With CardEasy both options are available.

It’s also possible to start with one method and add the other later. Allied Irish Bank is an example of a client who did this, starting with agent assisted payments and adding IVR later.


In summary, whether you opt for agent assisted or IVR payments (or a combination of both) is really down to the needs of your organization and the ways in which your customers typically interact with you. If you’re mostly taking regular payments where customers know what they are doing and rarely have supplementary questions or need any additional help then an IVR payment solution may be the most appropriate for you. If, however, your transactions are more complex and there’s typically more interaction needed between customers and agents then CardEasy Agent Assist may be more suitable. Remember too that it’s perfectly possible to have both, as in the cases of both Avon and Allied Irish Bank mentioned above.

Give us a call or drop us an email to talk more about the best solution for your requirements.

(UK) +44 (0)20 7741 2000
(US) +1 303 500 0492