Solutions that allow bill payment to occur online, via text, or through a mobile device rather than by mail or in person have become increasingly popular among consumers in recent years. Not all consumers are interested in and/or comfortable with these alternative payment methods—but there are other options merchants can offer. That option is payment by telephone, using either an interactive voice response (IVR) system that guides consumers through a series of voice prompts and instructions to handle payments or a call center staffed by customer service representatives. Contrary to what some merchants—and many consumers—may assume, telephone payment systems offer air-tight security for customers, whichever payment method (e.g., credit card, debit card, or electronic check) they choose to complete their transaction.
IVR Systems Security
Several factors contribute to the security of IVR systems from reputable payment solutions providers. Notably, these systems comply with the Payment Card Industry Data Security Standard (PCI DSS). Developed and enforced by the PCI-DSS Standards Council, the PCI-DSS is a series of measures merchants, payment processors, and credit card service providers must exercise in order to preserve the security of consumers’ credit card information and prevent fraud.
However, this is just the tip of the iceberg. Further security of IVR systems is afforded by DTMF masking technology. DTMF is the discordant two-tone signal or sound, that is generated when a user presses a button on a telephone’s touch keypad—for example, to enter the digits in a credit card number and expiration date. DTMF masking technology either replaces the two-tone signal or sound or converts the two tones into a single flat tone. This ensures that the tones cannot be decrypted by anyone within or outside the merchant’s organization.
Secure Sockets Layer (SSL) encryption of sensitive customer data to render it unreadable by the human eye provides an additional element of security. So, too, do secure audits by entities such as McAfee, TrustWave, and First Data and credit card/address verification provide additional elements of security. In the case of E-Complish, a Fraud Detection Suite integrates with the DirectPay IVR system, giving businesses access to additional customizable security features.
Call Center Security
Meanwhile, call center systems used by live agents are made more secure in large part by masking technology. In this scenario, the technology is invoked when consumers begin to share payment information in the form of credit card, debit card, or checking account numbers (and, where applicable, expiration dates and card verification values, or CVVs). It prevents call center agents from hearing customers recite the information, while also allowing them to participate in other aspects of conversations with these individuals—for example, the answering of questions.
As is the case with IVR systems, call center systems from reputable payment solutions providers to comply with the PCI DSS and leverage SSL protocol to deliver 128-bit data encryption. Regular on-site security audits by McAfee, TrustWave, and First Data push the security envelope as well.