IVR payment processing for PCI DSS compliance

In my last blog, I looked at pause and resume recording, a method of protecting call recording archives from sensitive card data.

An alternative solution is to remove the card data from agent interactions altogether, by using an automated Interactive Voice Response (IVR) payment system. There are both advantages and disadvantages to this approach.

A payment IVR guides customers through the payment process, prompting them to enter details such as the primary account number (PAN) and card validation code using their telephone keypad.

This may occur as a self-contained interaction. Alternatively, the caller is directed to a payment IVR after speaking to an agent.

The advantages

Taking customer payments through an IVR offers contact centers some significant benefits:

• Fully automating payments prevents agent exposure to card data, removing the need for expensive training, and eliminating a significant source of fraud.
  
• The number of systems that card data must pass through is reduced, cutting the work that must be carried out to achieve compliance.
  
• IVR payment processing lowers call handling costs - why pay customer service representatives to do the job a computer could do?
  
• Customers may feel safer entering their card data into an IVR than providing them to an agent.
  
• A fully featured system can, in theory, support a wider range of languages than an agent pool.

The disadvantages

The pitfalls of a poorly designed IVR hardly need description - we’ve all experienced the frustration of never-ending menus and ambiguous voice prompts.

In the case of a payment processing IVR, a badly designed system can lead to confusion, incorrect data entry, and untimately abandoned transactions, with customers unlikely to return.

A well designed (and tested) system alleviates these problems, but still raises a number of concerns, when compared to a live agent interaction:

• An IVR is impersonal. Many people feel an instant dislike towards recorded messages.
  
• It is tricky to set a suitable pace for the IVR prompts. Too fast, and some callers will become confused. Too slow, and others will become frustrated. The result is a compromise, which will never satisfy everyone, all the time.
  
• Although agent error is removed from the equation, customers may still input incorrect details.
  
• Most importantly, the agent is not present to encourage and support callers through the process. No IVR will be able to deal with the hundred idiosyncratic questions that might make the difference between the customer completing - or abandoning - a transaction. The communication skills that contact centers carefully select agents for cannot be removed from the process without a negative effect on the number of successful transactions.

Is IVR payment processing the answer for compliance?

IVR payment processing can go some way to reducing a contact center’s compliance burden. However, many IVR payment processing solutions still leave parts of the contact center infrastructure exposed to customer card data, meaning that compliance measures must be put in place.

An IVR solution does have negative implications for the customer experience and call outcomes, but, these may be balanced by the cost savings achieved by this type of solution. Ultimately, the decision between live agent or IVR payment processing is an individual one, determined by the requirements of each organization and brand.

A service used by confident, keen customers (think concert tickets) presents an ideal case for IVR payment processing. Conversely, a service dealing with less motivated or tech-savvy individuals may require the continuous presence of a customer service adviser to meet sales targets.