Introducing PCI-Compliant Agent Assisted Payments on Twilio Voice

Time to read: 4 minutes

August 31, 2020
Written by
Nayana Srivastava
Twilion

Blog header.png

Businesses have been using Twilio <Pay> on Twilio’s PCI Compliant Voice Platform to securely collect payment information from callers through a self-service IVR experience. With a single line of code, <Pay> removes the burden of building and maintaining PCI-compliant infrastructure while also powering the capture of payments over the phone in a PCI-compliant manner. <Pay> also securely transmits this information for processing through integrations with leading payment gateways.

However, there are customers that need live guidance when providing their payment information over the phone to businesses. Twilio wants to enable you to do so simply and securely in your contact center. Today, we are excited to announce the General Availability of Agent Assisted <Pay> on Twilio’s PCI Compliant Voice Platform. Agent Assisted <Pay> enables PCI-Compliant contact center payment use cases. Developers can build payment flows that allow agents to securely capture caller payment information during a voice conversation using the Agent Assisted <Pay> API. With Agent Assisted <Pay>, agents can securely collect payment information from callers, while remaining in conversation with them. As a result, your business can provide personalized and guided experiences to your customers when collecting their payment information over the phone.

The launch of this product means businesses can now use Twilio to collect caller payments both through self service IVR using <Pay> and in the contact center with live agents using Agent Assisted <Pay>, all without the hassle of building and maintaining your own PCI compliant payment infrastructure.

Twilio <Pay> and PCI Compliance

<Pay>, both IVR and agent assisted, allows you to capture end customer credit card or bank information in a PCI-compliant fashion, and then passes that information along to your payment provider of choice through Twilio’s <Pay> Connectors for processing. Depending on your <Pay> connector you can accept credit card and ACH debit payments and choose to charge or tokenize the collected payment information.

The Twilio Programmable Voice Platform is PCI DSS compliant. This means any business using <Pay> or Agent Assisted <Pay> can collect on the phone payments with the confidence of knowing Twilio is being held to the highest compliance standard and taking every necessary precaution to protect your customers’ payment information. Twilio offers a PCI mode for projects with built-in DTMF redaction to keep sensitive data secure.

Enabling PCI mode under Voice Settings

Agent Assisted Payments in your Contact Center

Twilio offers a simple API for developers to build payment flows that start, update, and complete payment sessions. When leveraging the Agent Assisted <Pay> feature within their contact center (including Flex), agents control the payment flow and guide callers by requesting payment information one at a time (e.g., payment card number, expiration date, security code). Agents can continue to converse with callers but will not hear their DTMF, ensuring the security of the payment information.

How Agent Assisted <Pay> works

Agent Assisted <Pay> is powered by APIs that developers can program to enable agents to start, update, and complete or cancel a payment session. These APIs can be triggered by agents through a user interface that businesses build within their contact center software (e.g., a plugin within Twilio Flex)

The diagram below shows an example of how Agent Assisted <Pay> can work in your contact center. A customer calls your business and is connected to an agent. Once the caller is ready to make a payment, the agent initiates a <Pay> session.

The agent asks the caller for required pieces of payment information one at a time, which the caller enters using DTMF. This information is collected by <Pay>. As the caller enters each piece of payment data, <Pay> posts the caller’s progress to your app for the agent to follow along. The agent has control of the payment flow, and asks for payment information in the order they see best for the caller. The agent can even re-ask for information as needed, like in the case of a caller entering an incorrect digit, by calling the API again. When the caller is inputting their payment information, the agent will not be able to hear the DTMF or see the sensitive data input by the caller.

Once the agent has all the information they need, they complete the <Pay> session and Twilio sends the collected information securely to your selected connector for processing.

Interaction between caller, agent, <Pay>, and <Pay> Connectors

Here is a sample User Interface, built in Flex, on top of the Agent Assisted <Pay> APIs to depict the agent experience when using Agent Assisted <Pay>.

Starting a <Pay> Session

Starting a Pay session UI

Updating a <Pay> Session

Updating a Pay Session UI

Completing a <Pay> Session

Complete payments.gif

Getting Started with Agent Assisted <Pay>

Twilio provides a powerful API for developers to build, control, and customize the Agent Assisted <Pay> experience.

Starting a <Pay> session

javascript
// Create a payment session on active call
client.calls("CAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").payments.create({
    idempotencyKey: "request-1",
    statusCallback: "https://example.ngrok.io/payment-status"
}).then((payment) => console.log(payment.sid));

Capturing payment information one at a time

javascript
// Start the capture of the credit card number 
client.calls("CAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").payments("PKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").update({ 
    capture: "payment-card-number"
    idempotencyKey: "request-4",
    statusCallback: "https://example.ngrok.io/payment-status"
}).then((payment) => console.log(payment.callSid));

Completing a Pay session

javascript
// Complete the session 
client.calls("CAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").payments("PKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").update({ 
    status: "complete"
    idempotencyKey: "request-7",
    statusCallback: "https://example.ngrok.io/payment-complete-status",
}):

For more information, please see the Agent Assisted Pay docs.

Pricing

Both Twilio <Pay> and Agent Assisted <Pay> are features of the Programmable Voice Platform and are included with your use of Programmable Voice. You will only pay for the minutes associated with your Programmable Voice usage.

<Gather> and PCI Recordings

<Pay> can also be used by businesses that are PCI DSS compliant. If you are PCI DSS compliant yourself, we have additional solutions for you too. PCI compliant businesses can enable PCI mode and use the <Gather> API to capture payment data. This data is not logged within Twilio systems and transmitted directly to you allowing you to send this data to your payment processor through your custom built integration. Many businesses need to record their interactions in order to monitor quality. With PCI recordings, you can encrypt recordings of your payment interactions to maintain PCI compliance.

We can’t wait to see what you build!

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.