Interactive Voice Response (IVR) payments allow customers to make purchases or pay their bills over the phone using their credit or debit cards – without needing to share their payment details with another person. Instead of reading their credit card number and security out loud to a customer service representative, they enter their own payment data on their telephone’s keypad. This can be done on a mobile/cell phone or a landline.
What Are IVR Payments?
IVR payments use an automated phone system to guide customers through a series of pre-recorded prompts. They can use touch-tone menu options (i.e., “dial 2 to make a payment”) or speech recognition (i.e., “say ‘pay bill’ to make a payment”) to move the customer through to the desired action.
Self-Service vs. Agent-Assisted IVR
There are two types of IVR transactions: self-service (unattended) and agent-assisted (attended).
- In a self-service/unattended transaction, the customer follows prompts on the phone to initiate their transaction, enter their payment information, and end the call when the transaction is complete. They do not work with a live representative at any time during the call.
- In an agent-assisted/attended transaction, the customer speaks with a customer service representative who starts the order, then lets the customer know when it is time to input their payment information on their keypad. The agent and customer remain connected throughout the entire transaction. This allows the customer to ask questions at any time.
The Benefits of IVR Payments
Using interactive voice response solutions with your pay-by-phone system offers numerous benefits, such as increased security and reduced customer service costs.
24/7 Payment Processing
Using interactive voice response solutions with your pay-by-phone system offers numerous benefits, such as increased security and reduced customer service costs.
Lower Payment Processing Costs
IVR solutions eliminate the need for a business to have full-time live agents to work the phones at a call center. At only a few cents per transaction, IVR offers a quantifiable way for high-volume merchants to reduce their payment processing costs.
Better Payment Security
IVR payment processing offers increased security for the customer as well as the merchant. Customers can make payments over the phone without having to worry that the customer service representative will overhear or record their card information. At the same time, merchants can process phone payments without having to store sensitive card data on their own business systems. In the event of a breach, there’s no credit card information for the hacker to steal. This makes IVR one of the safest payment methods for phone orders.
Are IVR Transactions Anonymous?
IVR phone payments are not necessarily anonymous for customers, as each payment is linked to a corresponding transaction. On the back end, the business can link the payment and the purchase with the customer’s account. However, credit card data is not stored on a merchant’s servers, and customer service representatives do not have access to the information. This means that while the transaction is not anonymous, it is still secure and offers more privacy than a traditional phone order.
What Merchants Need to Know About IVR, PCI Compliance, and Voice Scope Elimination
Merchants who accept credit card payments – whether they’re using an IVR phone system, an e-commerce gateway, or a physical EMV terminal – must meet the Payment Card Industry Data Security Standard’s (PCI DSS) security and compliance requirements. This ensures that they accept, process, store, and transmit credit card information within a secure environment.
So: what does the PCI DSS have to say about IVR payments?
Interactive Voice Response solutions are considered payment applications, and IVR systems are considered in scope for PCI. (This means that the merchant has to complete an annual questionnaire to prove that anyone or anything that touches credit card data is secure.) However, when used correctly, IVR can actually reduce a merchant’s overall PCI scope. When specific criteria are met, the technologies can take a merchant’s phone system and call center employees out of scope for their own PCI audit. A PCI-certified QIR can provide additional guidance around IVR and voice scope elimination.
Here are some practical steps that merchants can take to meet PCI DSS compliance and security requirements when accepting IVR payments:
- Choose a secure IVR system: Make sure that the IVR system you use is PCI-DSS-compliant, with secure authentication methods in place to protect payment card information. For example, it should not output cardholder data in any logs, and the data should be encrypted when it is transmitted over the phone. (Other recommendations can be found in the PCI Information Supplement: Protecting Telephone-Based Payment Card Data.)
- Train employees on secure payment processing methods: While PCI-compliant IVR software should take most of the guesswork out of compliance, it’s still important to train your employees on the importance of protecting payment card information. Make sure they are securely processing any phone payments that they accept outside of your IVR system – for instance, not writing customers’ card data down on a sheet of paper to input at a later date.
- Run your required vulnerability scans: The PCI DSS requires merchants to scan for vulnerabilities every 90 days, at a minimum, but also any time they make a “significant” change to their environment. In this case, implementing an IVR payment system would be considered a significant change. Make sure you’re keeping up with your scanning requirements – even after you’ve gone live with your new phone payment system – and follow up on any vulnerabilities identified during a scan.
Learn More About Integrated IVR Payments
With several IVR payment systems, all claiming to be the best, how do you know where to start?
Security is an obvious #1 priority, but ease of use is a close second. Finding a solution that integrates with your other business applications can help you reduce manual work and keep your data connected.
If you’re interested in accepting IVR payments – whether you’re already accepting traditional phone payments or not processing MOTO transactions at all – we’re here to help. To learn more, contact us today.