Hello,
We are keen to understand how other organisations go about taking card payments for bookings over the phone whilst staying fully PCI compliant. For our organisation, having the option where a customer can speak to an agent to make a booking, and then finalise the booking over the phone by taking payment is essential.
Suggestions we have been given include sending text messages and asking customers to click a link and pay on their smartphone, whilst on the call to a customer assistant. Another suggestion is e-mailing out a link for the customer to pay online. We don’t believe this is a feasible solution for our business in the short term.
We would be very interested to hear of how you have your call centres set up for card payments via phone? We are using Tessitura Merchant Services and Adyen.
Are you saying that taking a credit card number over the phone is not PCI compliant? I was not aware of that.
I believe it's a coming requirement? Specifically I believe its asking for encrypted voice lines. We've found that the phone industry is basically unprepared to provide a decent service for this at the current time.
With Tessitura merchant service you will have to use either an EMV or their secure contactless entry form.
Just following this thread with interest as well. Anecdotally I've heard of a lot of orgs that switched from older phone systems to VOIP for their box offices back in 2020 when everything went remote/hybrid, so I wonder if that will have the benefit of bringing better encryption along, depending on vendor. We switched over to RingCentral so I now need to do some homework on their security practices...
From a cursory Google search, it looks another big PCI aspect arises if you record voice calls (for customer service assessments or any other reason) - sounds like you need a way to pause recording while card info is being relayed, and then deal with the security/purge practices around the recordings themselves...
I don't have a lot of answers but in the same boat with you all!
B/c we record calls, we are currently looking for a solution that will allow us to pause recording while taking the credit card information. Seems like a good Open Space topic - see if anyone out there has a solution that they like (or don't, so we know what to avoid.)