CardByPhone removes credit and debit card data from being accessible within an organisation during phone transactions. PCI-DSS requirements which govern security when handling card data are taken out of scope. CardByPhone can be integrated with contact centre and order processing systems or as a complete hosted telephony environment.

The service offers attended or unattended IVR card transactions with agent guidance, options that integrate with backend systems for transaction data, options for speech recognition capture of transaction information, coupled with sensitive data being removed from the customer environment.

CardByPhone can be integrated with existing CRM and order processing systems, or stand alone, allowing a rapid deployment for immediate peace of mind.

How it Works

The principle of CardByPhone is that the customer is asked during a call to enter all the sensitive numeric card data on their phone keypad (DTMF tones). These tones are blocked by the system from reaching your agent, or anywhere in your environment. The sensitive data includes the long card number, expiry date and CV2 (CVV) security code.

During the process, the agent and caller remain connected and the agent has visibility of the caller‘s progress, excluding the actual data. Once the information is collected, including the value of the purchase, the transaction is transmitted to the payment provider and the result (success or failure) transmitted to the agent who informs the customer.

PCI Scope and Audit Trail

In a traditional telephony environment, the entire phone system becomes within scope. For VoIP systems, this includes the IP Network over which the calls are connected, often including the Internet. When calls are recorded, recording must be suspended during card transactions and this must be achieved by integration with the card payment system - it is not sufficient to manually suspend calls.

CardByPhone overcomes this by removing the environment from scope. Call Recordings can be made within the PhonePresence hosted environment and will automatically exclude the card data. However there will be a full recording of the transaction, together with a data audit trail.

CardByPhone allows organisations to simultaneously take advantage of Cloud based telephony, ensure that they comply with PCI compliance and minimise their risk of fraud.

CardByPhone Versions

CardByPhone comes in versions and pricing models that will support the largest contact centre down to small traders wishing to take occasional credit card payments. The main difference is how the retailing agent communicates the transaction details to the customer - typically the amount of the transaction and a reference.

Contact Centre Integrated - Suits Medium or Large Contact Centres

Where an order processing or CRM system is in use, a set of APIs allows integration with CardByPhone. Card payments can be automatically linked to order and invoice records in the same way as within a typical eCommerce environment.

Stand Alone Mobile - Suits Retailers taking Occasional Payments

Retailers with mobile sales people taking occasional orders and payments over the phone can use a mobile version of CardByPhone. This uses keypad or speech recognition to input the transaction details from the retailer side.

Stand Alone Web - Suits Small or Medium Contact Centres

To avoid the pain and cost of integration, transactions can be controlled and monitored from the CardByPhone Agent Console. This will allow the retailer to manually enter transaction references and amounts, and view the progress and eventual status of the payment transaction.

Unattended or Outbound

CardByPhone can also take credit card payments in an 'unattended' mode. The service will interact with the caller by IVR prompts only and may be on a dedicated number or as an option presented to the caller. A typical application is in mobile topups. The unattended mode can also be used combined with automated outbound calling, so that card payments can be automatically processed as part of a debt collection service.

If you need more information or clarification on PCI Compliant Phone Payments then please call the X-on Sales Team.

0333 3320000