Our flagship CardEasy solution enables customers to pay securely using the touch-tone keypad of their phone, either whilst on a call with an agent (so-called ‘agent assist’ mode) or using a self-service IVR. The technology underpinning both options is DTMF masking. In this blog we’re going to explore these two options in more detail and answer some of the questions that we’re most commonly asked.
When a customer is making a payment in Agent Assist mode are they transferred to IVR at the point at which they make the payment?
No. If you’re using CardEasy in Agent Assist mode the customer and the agent remain connected to each other throughout the entire conversation, including the payment process. The agent simply provides the customer with a verbal instruction when it is time for them to enter their payment card numbers using their telephone keypad. Some other solutions force the agent to transfer the customer to an automated IVR at the point where they are required to pay. This is a poor experience for the customer and can often lead to abandoned payments, lost orders and an increased call handling time. With CardEasy this doesn’t happen because the agent and the customer remain connected throughout the call.
At the point at which the customer is required to make payment, they simply use their telephone keypad to enter their card details, normally a Primary Account Number (PAN) and security code (CV2). CardEasy automatically blocks the audio towards the agent while the middle six digits of the PAN and the CV2 are captured. This is a unique, patented feature of CardEasy and means that even if a customer reads their PAN or CV2 number aloud whilst entering it using their telephone keypad, it is automatically prevented from being included in call recordings or heard by agents. The agent can be heard by the customer at all times and is notified of the transaction result in real-time via a CardEasy payment page.
Keeping the customer and the agent connected throughout means that the agent can give instructions to the customer, the customer can ask questions of the agent and any problems with the payment can be dealt with immediately. This is useful if, for example, the customer enters their card details incorrectly or if the payment is declined, or in any other circumstance where the transaction is not completely straightforward.
If the agent remains on the call the whole time, is the call center fully de-scoped from PCI DSS?
Yes. One of the biggest benefits of the CardEasy solution is that it enables your call center agents and customers to remain connected throughout the call whilst still enabling you to fully comply with PCI DSS requirements. CardEasy’s DTMF masking technology means that the agent is not exposed to the customers sensitive payment card details, whilst also ensuring that these details aren’t captured in call recordings. This is much better than so-called ‘pause and resume’ systems which only prevent the payment card details being captured in the call recording but leave the agent (and the rest of the call center environment) in scope for PCI DSS. Using CardEasy also means that it is not necessary to pass the customer over to an automated IVR system in order to make payment, so offering a much better customer experience.
If the payment is taken via a traditional IVR is this still within scope for PCI DSS, considering that the agent is no longer exposed to the card details?
If you’re taking payment via a traditional IVR system without using CardEasy then at some point in the call flow the customer will be asked to read out or enter their payment card details. If the IVR captures that data then it is in scope for PCI DSS, so switching to IVR payment alone is not enough to de-scope your call center environment from PCI DSS requirements.
CardEasy works in a different way. The IVR prompts the customer to enter their payment card details but the data is captured by CardEasy not by the IVR. While the customer is speaking or typing their card numbers, CardEasy automatically blocks the audio path towards the IVR so that it does not ‘hear’ the payment card data, thus de-scoping the IVR from PCI DSS completely.
What happens if the customer can’t use their telephone keypad to enter their card details?
There may indeed be circumstances where this is an issue. For example, the customer may be driving or perhaps they have a disability that means they cannot use the telephone keypad. Whatever the reason, CardEasy allows payment card details to be captured by ASR (Automatic Speech Recognition) if the DTMF method is not suitable. The agent can switch from DTMF to ASR capture as and when needed.
Using CardEasy ASR, the customer reads out their card number as normal but the audio toward the agent is automatically blocked as they do so. CardEasy captures the customers speech and automatically converts it to numbers, which are displayed to the agent dependent on a redaction policy.
The only difference between ASR and DTMF capture is that the audio is blocked for the full PAN and CV2 capture when using ASR, whereas it is only blocked for the middle six digits of the PAN and CV2 when captured using DTMF.
What happens if the customer types in their card number incorrectly?
Once the customer has entered their PAN, CardEasy performs a BIN (bank identification number) look up to check the issuer of the card and a Luhn check to determine whether the PAN is valid. If this check indicates that the PAN is not valid – either because the customer has made a mistake or because it’s invalid – CardEasy alerts the agent in real-time. Crucially, this happens before the agent attempts to process the payment thus alerting them to potential problems in advance and preventing them submitting a payment which will be declined.
If you’re using a fully automated IVR solution CardEasy performs the same BIN lookup and Luhn check. You can also build some logic into the call flow so that if, for example, the PAN capture fails twice then the call is automatically routed to an agent. The agent can then use CardEasy to take the payment in Agent Assist mode.
My business takes lots of regular payments by phone – can we automate this process completely if we want to?
Yes – absolutely. CardEasy is available as a fully automated IVR-based solution known as AutoPay. This is ideal for balance payments, donations, subscription services and other regular transactional payments where agent assistance is not required and enables you to take payments 24/7. This is possible either utilizing your existing IVR or the fully hosted CardEasy AutoPay solution.
Do we need to choose between agent assist or IVR mode?
No. We have many clients who use both. For example, Avon cosmetics offers its representatives the ability to make payments either using an automated IVR system or during a call with a live agent. Where possible, Avon representatives are encouraged to use the IVR system to make payments but if they prefer to make the payment on a call with an agent then they can. This might be because they have a question or something else that they need to discuss with an agent. It can also be because they’re just not comfortable using an IVR system for whatever reason and prefer to deal with a real person. With CardEasy both options are available.
It’s also possible to start with one method and add the other later. Allied Irish Bank is an example of a client who did this, starting with agent assisted payments and adding IVR later.
In summary, whether you opt for agent assist or IVR (or a combination of both) is really down to the needs of your organization and the ways in which your customers typically interact with you. If you’re mostly taking regular payments where customers know what they are doing and rarely have supplementary questions or need any additional help then the IVR solution may be the most appropriate for you. If, however, your transactions are more complex and there’s typically more interaction needed between customers and agents then agent assist mode may be more suitable. Remember too that it’s perfectly possible to have both, as in the cases of both Avon and Allied Irish Bank mentioned above.
Give us a call or drop us an email to talk more about the best solution for your requirements.
(UK) +44 (0)20 7741 2000
(US) +1 303 500 0492