CardEasy enables you to de-scope your call center environment and call recordings from PCI DSS, reducing the risk and costs associated with managing card payment transactions in your contact center, as well improving customer trust and average call handling times.
Watch our demo to see how CardEasy works.
How does CardEasy work?
- A caller wishes to pay by card over the phone
- The contact center agent initiates a request for card authorization in mid-conversation with the caller
- The caller is prompted to enter their card number via their telephone keypad
- The audio from the agent to the caller remains open throughout
- Audio from the caller to the agent is cut briefly while the middle six digits of the long card number (PAN) and the CV2 are entered, to ensure that there is no way the agent (nor the call recording) can be exposed to the card number by hearing either the DTMF tones or the caller reading out the numbers
- The complete call can be recorded but the sensitive DTMF tones are masked from the recording as well
- The agent is alerted via their screen when payment has been authorized.
Taking payment using CardEasy
What’s special about CardEasy?
CardEasy enables you to comply fully with PCI DSS as follows:
- Your agents will not be exposed to callers’ sensitive card numbers
- Card numbers will not be stored in your call recordings or captured in screen recordings
- As the sensitive card numbers do not enter your contact center or network, this de-scopes this environment almost completely from PCI DSS regulations and audit requirements
Your agents can talk to the caller throughout to control the call and transaction. CardEasy automatically blocks the audio in the direction of the agent just during capture of the ‘middle six’ digits of the PAN and also the CV2 to prevent your agents and call recording system from overhearing or capturing these sensitive details, even if the customer reads them out whilst entering them using their telephone keypad.
CardEasy also offers you a customer self-service autopay option (IVR) for when no agent assistance is required, such as balances payable.
Note that ‘pause and resume’ solutions for call recording – which cut the call recording at the point at which the agent asks for the card details – will still leave the agent exposed to them. This means that the contact center environment and agents are still ‘in scope’ for PCI DSS regulations and open to the risk of fraud, exacerbated because the critical part of the call is not recorded. Such systems do not therefore offer full PCI DSS protection/de-scoping and can expose your contact center to ongoing security risks.
Deployment and integration
Hosted, on-premise or cloud-based?
CardEasy offers three deployment models:
- Network hosted: Involves routing your call traffic via our CardEasy hosted environment (including number porting (UK only) and SIP tromboning)
- On-premise for ISDN or SIP: Involves CardEasy hardware which is normally located within the customer’s data center. Supports ISDN and/or SIP from any provider globally.
- Cloud: Prevents the need for call traffic to route via the Syntec voice network as well as on-premise hardware. This deployment model is designed for enterprise-scale customers with large quantities of SIP channels, or a wholesale solution.
All CardEasy deployment models use the CardEasy cloud for connections to the various payment services providers (PSPs). The on-premise model supports all ISDN and SIP providers globally. The cloud model will depend on the nature of your SIP environment.
In the case of the on-premise deployment model, CardEasy hardware is located on the customer’s premises installed between the ISDN/SIP lines and the telephone system. All inbound and outbound calls are routed via the CardEasy hardware which acts as a DTMF capture device. Unlike other premise-based DTMF solutions, CardEasy has no requirement for hardware to be attached to agents’ phones or PCs, which can lead to maintenance headaches.
The CardEasy hardware captures the PAN and CV2 entered by the customer using their telephone keypad, with the agent remaining in conversation with the customer throughout. This data is then conveyed to the CardEasy cloud over a secure connection, where it is processed before forwarding to the PSP for authorization, returning the result to the agent (and back office systems if required) in real-time.
CardEasy is provided as a fully managed service by Syntec, a PCI DSS Level 1 service provider, offering you full PCI DSS de-scoping for your call center environment.
Easy integration with PSPs, telephony and back office systems
CardEasy is already integrated with a large number of leading payment services providers (PSPs) and tokenisers (TSPs) (see our partners page for a full list) and can easily be integrated with any other PSP of your choice.
CardEasy will work with any telephony system (on-premise or cloud-based) and Syntec is an Avaya DevConnect technology partner, a Cisco preferred solution partner and a Mitel Solutions Alliance member.
CardEasy is agnostic to phone system make and model. It will work with any ISDN or SIP provider globally and with any payment gateway and/or tokenisation service provider.
Integration options include a virtual terminal launched by your business system (e.g. CRM, reservation/booking/sales system); a SOAP API; an iframe embedded in your web application; hosted payment page integrations; and even a ‘lite-touch’ option to avoid integration at all, used for instance with legacy green screens.
Using CardEasy saves you time and money by taking your call center operations out of scope from PCI DSS controls, whilst removing the need for time consuming oversight and PCI audits. Set up costs are low and ongoing managed service costs are ‘per agent’ or ‘per channel’ depending on your organization’s requirements, so can be linked directly with your channel/agent utilisation.
What our customers say
Benefits of CardEasy
- Customers enter their credit card number and 3 digit security code mid-call with the agent, using their phone keypad (DTMF touchtones)
- Your agents, whether in your contact center, working from home or in an outsourcer, cannot see or hear the card numbers and they are not stored in call recordings
- Payment is taken and confirmed in real time and unlike with ‘pause & resume’ systems, the entire call can be recorded while the agent stays in conversation with the customer
- Works either as a network-hosted solution or a hybrid, premise-based system or in the cloud, depending on how your call traffic is managed
- Tokenisation, card scheme surcharging, BIN look-up and recurring payments are all supported
- The customer self-service CardEasy Autopay version (IVR) also lets you take secure payments out of hours or without the need for an agent
- Partnered with all major payment gateways /service providers and can easily be integrated with your back office and CRM systems
- Speech recognition module available (in different languages) as well as SMS and secure webchat and email payment and bank debit options
What our partners say
Find out more about our integrated Payment Gateway partners.