The process is summarized in six simple steps:
- The agent, using any browser, accesses, for example, to the payment panel of PAYbyCALLEnter the payment details (at least the amount and its reference), select and click on the send button. A transaction progress tab will then appear.
- The agent transfers to the assigned extension in the Call Center switchboard or ACD, which redirects the call to the PaybyCall IVR via secure SIP.
- The customer enters his data via telephone keypad or voice to the customized IVR system in the customer’s language. Data is captured in a PCI-DSS certified environment.
- PaybyCall performs the payment request to the gateway (Redsys, CECA, etc) in a secure way and responds to the customer if the transaction has been successful or if there has been an error. At the same time, the agent displays on his screen the progress of the payment and errors, if any.
- The gateway response to the request (OK/KO) is sent to the point(s) defined for accounting management and sends a receipt to the customer via SMS if necessary.
- Once the operation is completed, the call can be made:
- Return to the agent to continue the necessary steps.
- Hang up and end the communication with a configurable locution or farewell.
- Return to an agent pool.
The process is simple. The call leaves the switchboard or ACD transferring the customer to the previously defined charging extension and card data is requested.
The call is sent over secure SIP protocol (1) using TLS/SRTP V.1.2 or higher, as required by PCI-DSS regulations, which is common in today’s system connections.
At the end of the call, the call returns to the same agent or to another point defined in the installation.
(1) If your voice system does not support TLS.1.2 or higher, it is possible to connect via classic VPN using port 5060, making the TLS1.2 protocol unnecessary.
As standard, card data is captured via the keypad, by DTMF tones (for which it must be possible to send such tones), or also, on request, by voice recognition in the language selected by the agent.
Most call centers require call recording for statistical and service quality management purposes. The risk factor for access to payment data is that someone could use the recordings to extract card data. To overcome the fact that telephone keypad tones travel through the voice channel, it is necessary to prevent these tones from being recorded by the voice system. There are two procedures for this:
- When transferring to the payment IVR, the recording process stops and restarts once the card owner is served by the agent.
- That the connection with the call center operator is made using the DTMF RFC2833 protocol (DTMF out-of-band), so that the recording will only contain the audio of the call but never the card data.
The requirements are threefold, and depend exclusively on the communications configuration, not on the environment or the tool or software used for call handling:
- Agents must be able to access the PaybyCall control panel from their computer via the Internet.
- The connection between your PBX and your telecommunications provider (for incoming/outgoing calls) must comply with the DTMF RFC2833 (out-of-band DTMF) standard. If this is not possible, you should stop recording when transferring to payment.
- The voice system (ACD or PBX) must reach the domain to our VoIP servers in a secure (encrypted) way through the Internet or through VPN, for this purpose:
- Port 5061 is used with SIP TLS 1.2 or higher (2).
- RTP/SRTP UDP protocols with ports from 10000 to 35000.
- A valid SSL certificate for end-to-end encryption
(2) If your voice system does not support TLS.1.2 or higher, it is possible to connect via classic VPN using port 5060, making the TLS1.2 protocol unnecessary.
Yes. PaybyCall is currently integrated with numerous gateways and we are continually expanding. Simply set up your credentials in our system and you can immediately enjoy telephone payments without requesting another POS or changing banks.
The gateways with which we are integrated and their geographic scope are as follows:
- Redsys. Only Spanish banks, in Spain.
- CecaBank (CECA). Only Spanish banks, in Spain.
- WorldLine/Ingénico Direct. Any bank, worldwide.
- Stripe. Any bank, worldwide.
- AddonPayments. Any bank, worldwide.
- Lyra. South America (In process of integration)
- MyMoid. Any bank, worldwide.
- PaynoPain. Any bank, worldwide.
Simply configure in our system the credentials of your POS used in your online store, download and install the PaybyCall mobile application. From that moment on, you will be able to use your cell phone to charge your products and services in person and with the assurance that the card owner will confirm the payment through double authentication, guaranteeing payment and avoiding chargebacks due to card theft or fraud.