Ivrnet Telepay

clientuploads/Products/credit_card_lock.jpgCredit Card Fraud Risks Eliminated with Ivrnet Telepay

Ivrnet Inc. has created a service to help combat the risk of Credit Card data breaches. It also decreases costs and responsibility of securing this data, gaining greater Customer Service Agent efficiencies while continuing to offer the convenience and immediacy of taking Credit Card payments over the phone.

In Canada, 2011 financial losses to Canadians for card not present (telephone, e-commerce and mail) fraudulent transactions totaled $259 Million with the average dollar loss per transaction $644 [1]. Moreover, the one year rate of growth of these losses over 2010 losses was a stunning 47%.

Removing sensitive Credit Card data from your infrastructure using Ivrnet Telepay eliminates your organization’s risk of fraud associated with telephone Credit Card information by moving it out of scope from the Payment Card Industry Data Security Standards (PCI- DSS [2]). If your customers do not read out their payment information over the phone, your Agents cannot hear it, cannot write it down and cannot pass it on to anyone else. If Agents don’t enter sensitive payment information into their desktop, this too takes both the desktop and the network out of scope for PCI DSS.

PCI-DSS has 222 compliance requirements for processing, transmitting or storing Credit Card information. Implementing these controls require significant investment in the development of new policies, tools and manual procedures, and also to document them for evidence purposes. Each control and its environment incur its own cost and the cost of a security audit. As a result, organizations are finding it more cost-effective to eliminate Credit Card information wherever possible. For example, the Government of Alberta has mandated the de-scoping of Credit Card data, where possible, as an effective method of improving efficiency, lowering costs, mitigating risks and safeguarding its reputation on behalf of Albertans. Ivrnet is proud to partner with the Government of Alberta employing Ivrnet Telepay.

Why Comply with PCI Security Standards?

Compliance with PCI-DSS can bring major benefits to organizations of all sizes while failure to comply can have serious and long-term negative consequences [3].
  • Compliance with the PCI-DSS means that your systems are secure, and Customers can trust you with their sensitive Credit Card information.
  • Compliance improves your reputation with acquirers and payment brands - the partners you need in order to do business.
  • Compliance is an ongoing process, not a one-time event. It helps prevent security breaches and theft of Credit Card data, not just today, but also in the future.
  • Compliance also has indirect benefits, such as having a basis for a corporate security strategy and identifying ways to improve the efficiency of your IT infrastructure.
  • Not being compliant can be disastrous. Account data breaches can lead to catastrophic loss of sales, relationships, reputation and depressed share price.
  • Possible negative consequences also include lawsuits, insurance claims, cancelled accounts, Credit Card issuer fines and government fines.

Telephone-based Credit Card transactions present two opportunities for fraudsters [4]. They are a source from which to harvest sensitive data and a target where these stolen cards can be used. Both of these risks are increasing as criminals target telephone-based systems as the weak link in the payment chain: While chip and pin protect brick-and-mortar establishments and online transactions can be secured using 3D Secure (e.g., Verify by Visa and MasterCard Securecode), phone payments remain vulnerable. The very fact that an Agent has access to sensitive Credit Card data by hearing it spoken by the Customer in order to enter it into their CRM or ERP system (which then also stores this data), puts you at risk from fraud. This risk is extended if Customer Service Calls are being recorded (e.g., for quality assurance).

These fraud risks should not be underestimated. PCI-DSS standards are meant to assess, prevent and manage these risks at the cost and responsibility of organizations.

Examples of fraud can be found in any industry sector [5]. In a case that caught public attention, a Customer Service Agent was convicted of stealing Credit Card data and plundered thousands from their Credit Card accounts [6].  Another case involves Call Centre employees selling information from thousands of Credit Card and bank accounts for small amounts of money [7]. In another occurrence In October 2011, a merchant’s server was hacked and infected with a virus which was undetected for 2 ½ months during which sensitive data was emailed to the hacker as it was processed, enabling duplicate Credit Cards to be produced [8].

The most secure method of taking payments over the phone is simply not to manually enter, store or manage sensitive data at all.  The best way to comply with PCI Data Security Standard is to remove the payment element from the call entirely. Ivrnet Telepay obtains real-time authorizations quickly, and securely using a simple automated service, transmitting via traditional telephone lines over the Publically Switched Telephone Network (PSTN).

Ivrnet Telepay Benefits

Capture Sales Immediately

Today’s society is real-time and instant. Customers want products and services the moment they feel they have all required information to make a decision. Ivrnet Telepay transactions are processed and authorized in real-time while your Customer is on the phone. Given the option between an easily accessible telephone call and the cloud/internet, many Customers prefer to pay for products and services with the convenience of a Customer Service Agent versus the burden and delay of being directed to a self-serve website that can be onerous and time-consuming. Customers often feel that organizations divert to a website for the organization’s benefit and efficiencies forcing the Customer to do all the work of data entry including available options, delivery method, etc. As a result, funneling prospects or Customers to a payment website may result in the loss of immediate sales and also, Customer churn.

Security with Telephone Transactions

Customers understand and appreciate the enhanced security of their sensitive Credit Card information not being accessible to the Customer Service Agent or recording facilities. Ivrnet Telepay retrieves and processes the sensitive Credit Card data notifying both the Customer and the Agent about the result of a transaction.

Maximize Agent Efficiency and Eliminate Customer Concerns

Ivrnet Telepay allows Customer Service Agents to maximize efficiency of time spent on calls. Agents communicate until the Customer has all the information required to make a decision and is ready to pay.  Agents then simply transfer Customers to Ivrnet Telepay as the final step when they are ready to provide their Credit Card information.  For Agent efficiency, Agents do not have to wait for customer credit card data or manually enter payment information.  More importantly, it eliminates the concern and reluctance that Customers have when giving out their sensitive data to an Agent. Once the call transfer is completed, an Agent is free to take calls from other Customers waiting in the call queue. Ivrnet Telepay will save organizations $33.13 per work day per Agent in salary costs. This is based on and Agent with a base salary of $35,000 completing 52 transactions per seven hour shift with an average of 8 minutes per transaction. Telepay transactions take a maximum of 90 seconds to complete. This results in a 23 per cent savings in both costs and efficiency.

Customized Integration

Ivrnet Telepay can be integrated with your existing payment and CRM/ERP system. This results in a better user experience for both the Agent and the Customer as information does not have to be entered into both the existing system and an external payment terminal (e.g., a website provided by a bank, their service providers, or Credit Card issuers).

Proven Software-as-a-Service Provider

At Ivrnet Inc., we are experts in the automation of information collection. You can be confident that our services provide a good user experience and are simple to use, logical and intuitive. We have proven this expertise in numerous projects and products in a variety of industry sectors and are continuously improving our knowledge by analyzing our Customer’s needs and feedback as well as doing active research, for example with the University of Calgary.
One of the products that implement this knowledge is a present service for the Government of Alberta. It is accessed via telephone and enables the tracking and verification of income for Albertans on social assistance.
In our fast-paced immediate world, your Customers will continue to want the convenience of using their Credit Cards to complete transactions over the telephone. The most secure method is simply not to manually enter, store or manage sensitive data at all. Ivrnet TIPS enables you to do so in a simple and integrated manner.

Find out more

If you want to find out more about Ivrnet Telepay, secure payments over the phone or how to integrate a PCI-DSS compliant automated service into your environment, contact us today:

Robert Bruley
Account Executive, Ivrnet Inc.
Tel/Cell/Fax: 403 538 9594
Email: r.bruley@ivrnet.com


[1]    Available at http://www.cba.ca/contents/files/statistics/stat_creditcardfraud_en.pdf
[2]    Available at: https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0
[3]    Available at: https://www.pcisecuritystandards.org/security_standards/why_comply.php
[4]    Contact Centers — A new opportunity for card fraudsters? Page 310. Journal of Customer & Contact Centre Management VOL. 1, NO. 4, PP 309–318 # HENRY STEWART PUBLICATIONS 1758–4256 (2012). Available at: http://henrystewart.metapress.com/app/home/contribution.asp?referrer=parent&backto=issue,2,10;journal,1,4;linkingpublicationresults,1:122145,1
[5]    Available at: http://callcenterinfo.tmcnet.com/Analysis/articles/20732-pci-compliance-what-it-means-the-call-center.htm
[6]    Available at: http://www.thenorthernecho.co.uk/news/4166573.Call_centre_worker_/
[7]    Available at: http://indiatoday.intoday.in/story/gurgaon-call-centres-sell-bank-credit-card-info-claims-sting-by-sting-newspaper/1/146854.html
[8]    PCI-DSS IN THE GOA; The Way Forward: Options and Obligations. A Review of Merchant Services and the Care, Custody and Control of Card Holder Data in the Government of Alberta, Kevin MacMillen, Alberta Finance