Announcing General Availability of <Pay>: PCI Compliant Payments over the Phone

Time to read: 4 minutes

May 23, 2019
Written by
Jessica Palay
Twilion

Copy of Product Template - Pay.png

Last year at SIGNAL we launched <Pay> with Stripe as our first <Pay> Connector partner.  Today, we are excited to share with you that <Pay> is generally available. <Pay> enables businesses to accept Payment Card Industry Data Security Standard (PCI DSS) compliant payments over the phone without the hassle of building and maintaining their own PCI compliant payment infrastructure.

We are also announcing a new <Pay> Connector integration with Base Commerce, as part of the general availability release. We will have additional <Pay> Connector partners coming soon.

In this post, we will explain why we built <Pay>, how <Pay> works, and how <Pay> can help your business.

Why <Pay>

<Pay> allows you to accept PCI compliant payments over the phone with a single line of code.

Before <Pay>, businesses needed to build their own PCI compliant payment systems with custom voice payment prompts, build a system for validation, and integrate with a third party for payment processing. After building, you would be subjected to yearly auditing for compliance.

<Pay> removes the need to jump through these hoops, allowing you to focus on building a secure voice payment experience that enables your customers to pay over the phone, anytime of day.

You can use <Pay> with Twilio’s full suite of Programmable Voice APIs and integrate with your existing systems to create your own specific customer voice interfaces. With <Pay>, businesses can build self-service payment processing and augment contact center payment workflows.

Inbox Health, an early adopter of <Pay>, is committed to improving the patient billing process; making the experience more transparent and personalized for providers and patients. They have found that embedding <Pay> in their Twilio-powered IVR has helped them drive efficiency and save on costs.

Before <Pay>, Inbox Health would have been required to “invest a lot more in PCI compliance than we otherwise had to,” says CEO Blake Walker.  “<Pay> allows patients to pay their medical bills over the phone when it works for them. In fact, 53% of patients are able to pay over the phone without needing to speak to an agent at all.”

How <Pay> Works

There are two main components to <Pay>:

  1. The TwiML verb <Pay>, which securely captures and validates your customer’s payment information
  2. <Pay> Connectors, which either immediately charge the credit card or create a reusable token to create a charge at a later time

<Pay> in Action

You can see from the diagram below an example of how this flow works: A customer calls your business and selects “Make a Payment.” <Pay> prompts the customer to enter their information, then the customer enters their payment information, which is collected by Twilio, and then sent to the payment gateway for processing.  <Pay> sends the confirmation code from the payment gateway and securely posts it to your app. At no point does your business touch your customer's payment information, enabling you to collect payments while relying on Twilio and your payment gateway for PCI compliance.

This diagram shows how a PCI compliant payment flow works with Twilio <Pay>

<Pay> Connectors

<Pay> Connectors are built and maintained by Twilio, enabling you to select the payment platform of your choice. <Pay> Connectors tokenize or charge the credit card and process payments on your behalf.

As of today, we’ve added Base Commerce as our second <Pay> Connector. Base Commerce is a leading provider of integrated payment solutions designed for commercial software applications, web based systems, POS and mobile app based systems for merchants of all shapes and sizes.

We will continue to add more payment platforms over time.  Have an existing relationship with a payment platform who you’d like to see us partner with? Submit your requests for additional <Pay> Connectors here.

Why use <Pay>?

With <Pay> you can build your own self-service payment processing and contact center payment processing, without having to maintain all the infrastructure and compliance certifications yourself. Additionally, you can leverage <Pay> to limit your PCI scope to save on cost and overhead, deploy your solution in days, not months, and adapt your payment flow as needed.

Limit your PCI scope to save on cost and overhead

Building proprietary over the phone, PCI compliant payment solutions requires significant investment for businesses in terms of scope and cost. Twilio is PCI DSS Level 1 compliant, meaning that we are held to the highest compliance standard and take every necessary precaution to protect your customer’s payment information. With <Pay>, you can start accepting PCI compliant over the phone payments without having to build and maintain your own PCI compliant voice infrastructure from scratch.

Deploy in days not months

Use Twilio's Studio <Pay> widget with a <Pay> Connector to build proof of concept within minutes. <Pay> comes as an out of the box experience that is fully customizable. For example, customize your prompts with Amazon Polly Text-To-Speech, to get access to 25 languages in over 50 voices for voice prompts, or use <Play> and playback a custom audio recording. You can build or augment an existing voice flow to start accepting payments in less time than with a legacy provider. 

Adapt your payment flow as needed

Twilio <Pay> is programmable like the rest of the Twilio Programmable Voice Platform. This provides you with the flexibility you need to adapt and change your payment experience according to the needs of your customers and business. <Pay> supports features such as:

  • PCI Mode for Projects with built-in DTMF
  • Automatic pause / resume recording functionality to maintain compliance
  • Built-in validation and retries to capture required data
  • Tokenization support for card-on-file use cases
  • Support for creating charges on your behalf
  • Support for all major credit cards
  • Integrate with new <Pay> Connectors securely with minimal code change within Twilio’s Console

There are additional <Pay> features coming soon:

  • ACH / EFT
  • Tokenization w/ pre-authorization

Pricing

For more information on <Pay> pricing, follow our updates on the <Pay> product page.

Getting Started

With a single line of code, <Pay> comes with the necessary default prompts for you to capture all the necessary credit card information. Here’s all it takes:

<?xml version="1.0" encoding="UTF-8"?>
<Response>
   <Pay />
</Response>

See here for more details on how to get started and sample usage.

Enable PCI compliant phone payments simply with <Pay>

<Pay> is now generally available for businesses and developers who want to embed PCI compliant payment flows into their phone systems without the headache of having to build their own PCI compliant voice infrastructure. In combination with Twilio’s suite of Programmable Voice APIs, you can quickly test out your proof of concept before committing. You can also build and and then change your payment flows as it suits the needs of your business. With <Pay>, you can capture PCI compliant payments over the phone with a single line of code.

Interested in learning more? Check out our documentation here. We can’t wait to see what you build!

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.