Key IVR Partner with Elavon to Offer Innovative and Secure Payment Processing in the US

Elavon and Key IVR are excited to announce a new partnership, making it easier for US merchants to access a wide range of innovative and secure card payment solutions. With a seamless integration between the Key IVR platform and Elavon gateway, businesses and consumers alike are protected to the highest level of payment security, PCI-DSS Compliance Level 1.

Elavon is one of the nation’s largest processors and is consistently rated among the top five global payment providers. They offer simple, cost effective payment processing solutions backed by reliable, helpful customer service. Elavon assists businesses by expanding payment choices and channels, and speeding up cash flow with some of the quickest funding in the industry.

Key IVR have over 15 years of experience providing secure cloud payment solutions to organisations across the globe. With an ever-expanding portfolio of solutions to meet a number of commercial needs, businesses across the globe have the ability to process payments over the phone, using an automated IVR, on the web, via SMS or on a mobile app.

By joining forces, both organisations are excited to see the fantastic contribution an extensive suite of payment solutions will bring to the US market.

Dianne Smith, Head of Partner Relationships at Key IVR said:

“From the very start of our relationship, we have always had a great dynamic. Communication and efficiency from all members of the team is always prompt and reliable, giving us the confidence that future opportunities will run just as smoothly”.

This new US partnership follows a long-standing relationship with Elavon’s UK division. This has recently secured the opportunity to implement a multi-channel solution into a prominent UK based business in the Hospitality and Leisure industry. The service will allow customers to pay for their stay over the phone, in a secure manner, de-scoping the entire organisation and network environment to ensure sensitive cardholder data (CHD) never reaches their systems.

If you’d like to find out more about Elavon and their innovative payment processing solutions, visit www.elavon.com

Key IVR Expands Globally Alongside Long-standing Partner, Cardstream

Cardstream is a long-standing partner of Key IVR, who have been working hard to expand into new markets across different countries. Working together, both parties aim to offer secure payment services to businesses across the UK, US and Canada through recently acquired opportunities, simple integration and efficient solutions.

With over 20 years of experience within the payment industry, its rapid adaptation within this fast-paced market has allowed Cardstream to stay competitive. By working with Key IVR, Cardstream is able to expand on its service offering, by incorporating an omni-channel payment platform that is PCI compliant to the highest standard.

Dianne Smith, Head of Partner Relationships at Key IVR said:

“Cardstream was instrumental in implementing a payment solution to one of our largest clients in the UK. Its Open Payment ecosystem allowed for rapid processing of payments with Key IVR’s secure, PCI compliant services. Cardstream met all of our requirements perfectly and we’re looking forward to future endeavors across the globe.”

Key IVR’s partner team work very closely with Cardstream consultants to provide them with the necessary tools and training needed to assist clients through their payment challenges. Whether it be card payment services for over the phone, using an automated IVR, on the web, via SMS or on a mobile app, the partnership allows organizations to benefit from quick onboarding and competitive transaction rates.

Adam Sharpe, CEO of Cardstream said:

“We’re dedicated to working with Partners that help Cardstream with its continuous growth and success, complementing our existing services. Our Open Payment Network has been an essential part of many projects, allowing for fast integration to Key IVR’s omni-channel platform and, subsequently, many satisfied clients”.

If you’d like to find out more about Cardstream and its innovative Open Payment Network, visit the website:  https://cardstream.com/

Voyager Networks Partners with Key IVR to Offer Secure Payments to High Profile UK Brands

We are delighted to introduce you to our newest partner, Voyager Networks, an IT Solutions business delivering a range of innovative services to its many clients across a wide variety of public and private organizations.

Key IVR and Voyager Networks will be working together to offer clients tailored and secure technology systems that help improve their operations.

Voyager Networks deliver high quality solutions and services which are based around three different interrelated technologies including Enterprise Networks, Collaborative Communications and Security. Their innovative approach to focus on improving their clients’ current operations, rather than replace existing systems and services, is what allows them to stand out in the market.

Key IVR have over 10 years of experience providing secure cloud payment solutions to organizations and contact centers across the globe, protecting hundreds of businesses and their customers. With a diverse portfolio of solutions that allow organizations to process payments over the phone, using an automated IVR, on the web, via SMS or on a mobile app, Key IVR have something to suit a number of business needs.

Peter Howells, Business Development Director at Voyager Networks, comments:

“We are seeing an increasing demand for safe, secure and cost-effective payment systems from our clients. After a detailed review of the market we selected Key IVR as our partner of choice because of the quality and range of its software solutions coupled with an excellent approach to customer service. Adding Key IVR to our portfolio complements our collaboration and contact centre solutions and enables us to extend our capabilities to our clients”.

Key IVR and Voyager Networks intend to broaden their client base by offering secure payments across a variety of sectors. The partnership has already brought forward the opportunity to implement an Agent Assisted Solution into a high-profile household organization in the UK. This service will allow contact center agents to take payments over the phone in a secure manner, de-scoping the entire office and network environment to ensure sensitive payment data never reaches their systems.

Abi Richardson, Partner Relationship Manager at Key IVR, said:

“The evolution of malicious cyberattacks and the risk of data breaches is playing a prominent role in today’s technology. It’s vital that organisations are securing their operations to process, store and transmit payments in a safe and secure manner, avoiding any permanent damage to their reputation. Voyager Networks have been a fantastic addition to our growing partner base, offering up a technical expertise on a wide range of services, including payment security. We intend to work together to continue our mission of making payments safer, secure and convenient for end users”.

To find out more about Voyager and the range of expertly crafted IT solutions they offer, visit their website: https://www.voyager.net.uk/

Key IVR Integrates with Serenova’s CxEngage, to Secure Payment Collection Within the Contact Centre

Key IVR provides secure cloud payment solutions to organizations and contact centers across the globe, protecting hundreds of businesses and their customers. Working with Serenova, a leading contact center-as-a-service (CCaaS) and workforce optimization (WFO) provider, we aim to make integrating secure payments into the call center, a simpler and more adaptable process.

Key IVR’s Agent Assisted Payment solution will function within Serenova’s CxEngage platform, enabling Serenova to offer their customers a PCI-DSS compliant service to process payments. By ensuring contact center agents are never exposed to sensitive cardholder data, even the most complex contact centers can use a fully-integrated solution designed to process payments to the highest level of security.

Steve Richardson Frankton, Enterprise Sales Manager at Key IVR, said:

“For many organisations, the contact centre is a central point of interaction with their customers, processing a high proportion of sensitive information every day. Keeping that data secure and away from the risk of a potential breach needs to become a priority, as more and more businesses face damaging repercussions as a result of not having the right measures in place. The integrated solution from Serenova and Key IVR adds an easy-to-use, PCI-DSS compliant payment channel to a market-leading contact centre platform.”

With the rise of data breaches, the evolving complexity of cyber-attacks and the possibility of rogue agents has meant securing your contact center, and the entire organization’s data, has become a crucial business requirement. As the central hub of an organization’s customer interactions and data collection, the contact center is often seen as an area at the highest risk for data security. Mistakes made by contact center agents, or the improper storage of sensitive data can leave it vulnerable to a breach and ultimately, to costly and damaging repercussions on the brand.

John Lynch, CEO at Serenova, said:

“One of the fastest ways for an organisation to lose loyalty to its brand is through a data breach of customer information. By integrating Key IVR’s secure payment capabilities with our cloud contact centre capabilities, organisations can now have the peace of mind that comes with providing the highest level of security to their customers when processing any type of payment. Our integration also empowers agents with the tools necessary to deliver real, tangible benefits to the customer.”

Working together, Key IVR and Serenova aim to steer away from the negative connotations associated with achieving PCI-DSS compliance within the contact center, as it can be seen as a complicated and resource intensive undertaking. This cloud-based solution will make the organization and customer payment journey a much simpler process from implementation to usage.

To find out more about Serenova’s cloud contact center software, visit the CxEngage product page here

About Serenova

Serenova has transformed the customer experience. Over a decade ago, the company realized technology didn’t exist that could deliver immediate, consistent, and exceptional service. So, it created a true cloud contact center solution that could. The result is the ability to unify everything from customer engagement to quality management to analytics. This single source of truth provides global brands insights about customer information and experiences as they pivot between channels such as SMS, voice, or Facebook messenger.

Whether it’s technology, healthcare, or retail, brands from all industries come to Serenova for its global coverage and deep integrations into the business systems used every day. Why is this important? It creates the opportunity to keep pace with customers by quickly scaling up across the enterprise or out geographically. Recognized by analysts such as Gartner, Serenova is committed to building on an 18-year legacy leading the way in cloud-based contact center innovations. Learn more at www.lifesize.com. For live updates, follow @SerenovaShine.

Top 10 Facts About PCI Compliance

The Payment Card Industry Data Security Standard (PCI-DSS or PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Launched on December 15, 2004, it was formed to manage the ongoing evolution of the Payment Card Industry (PCI).

Here are the answers to some of the most asked questions surrounding PCI DSS:

1. There are different levels of compliance

Organisations fit into different levels of compliance depending on the number of credit card transactions they handle per year, these include:

    • Level 1: A merchant processing over 6 million transactions per year
    • Level 2: A merchant processing between 1 – 6 million transactions per year
    • Level 3: A merchant processing between 20,000 and 1 million transactions per year
    • Level 4: A merchant processing less than 20,000 transactions per year
       

2. Non-compliance could have significant ramifications on your organisation

If organisations aren’t taking relevant precautions to appropriately collect, process, store and re-use sensitive data, they will be at a much higher risk of a data breach. This can result in considerably high fines that can be extremely damaging to your business, especially after the implementation of the General Data Protection Regulation (GDPR). Other outcomes can include: increased transaction fees, prevention from accepting card payments, large forensic investigation fees for looking into the cause of a breach, bad publicity, a damaged reputation and expensive compensation fees to customers. Becoming PCI compliant, or more effectively, trusting a PCI level 1 third party payment services provider is a long-term solution to increasing the security of your business and network infrastructure.

 

3. All PCI compliant organisations need to prove they are following guidelines

There are different requirements depending on the merchant level your organisation falls into. However, all businesses will be asked to complete an Attestation of Compliance and conduct a quarterly network scan by an Approved Scanning Vendor (ASV). Level 1 merchants will also be required to conduct a Report on Compliance (ROC) which is an annual on-site assessment completed by an independent Qualified Security Assessor (QSA). Those falling into other merchant levels must submit an annual Self-Assessment Questionnaire (SAQ).

 

4. An Attestation of Compliance needs to be signed

Whoever is in charge of compliance within your organisation, may this be the Chief Financial Officer or Head of Compliance, is required to complete an Attestation of Compliance form. There are different versions of the form dependant on the scope of your business, but it essentially certifies that all the relevant PCI requirements have been met.

 

5. If you’re a Level 1 organisation, only a QSA can verify that you are PCI DSS compliant

Qualified Security Assessors (QSA) are independent security organisations that have completed the appropriate training from the PCI Security Standards Council, with the ability to validate an entity’s adherence to PCI DSS. You can find an up-to-date list of qualified QSA’s on PCI Security Standards Council official website.

 

6. The PCI DSS has specific SAQ’s for different types of organisations

Self-Assessment Questionnaires (SAQ’s) are completed by the business itself. They are a list of relevant questions that determine the security of your organisation when taking payments and are all different depending on the type of business and the methods they process transactions. Although, for level 1 merchants and service providers this will work differently, as they will need an independent QSA to assess and validate their compliance.

 

7. Just because your software is PA-DSS certified, doesn’t mean you’re fully compliant

Payment Card Application – Data Security Standard (PA-DSS) certified software has already undergone the relevant checks to ensure it is PCI compliant. Although using this software assists with PCI DSS, it does not mean that organisations are absolved of their overall responsibility of ensuring their networks are safe and secure. Services are not included in the PA-DSS list, it is only software applications or products.

 

8. There are simpler ways of becoming PCI compliant

By using a level 1 third-party PCI DSS payments solution provider, you can take a lot of the pressure away from your organisation when it comes to applying the appropriate levels of security. It’s often a very demanding and costly venture to become PCI compliant on your own, so by working with an already established PCI DSS compliant business to outsource and descope your payment services, you can remove your organisation’s network and environment away from the scope of PCI DSS.

In some examples, you could be starting with 233 detailed requirements from a Self-Assessment Questionnaire (SAQ). By outsourcing and descoping your payment channels this can reduce your SAQ to 13 ‘yes’ or ‘no’ questions.

 

9. Outsourcing your payment systems to PCI compliant provider doesn’t mean you’re not responsible for data security

The quarterly network scan and annual Attestation of Compliance still needs to be completed as the organisation itself is ultimately responsible for the overall security and safety of any data they capture, process, store or transmit. It’s essential to choose a level 1 payment service provider that will offer the best service possible with the right experience and credentials, in order to avoid any possible problems.

 

10. PCI compliance isn’t going away

Cybercrime is almost unavoidable with most organisations choosing to move their operations and offer front-end payment services online. Hackers are continuously on the look-out for new ways to steal personal data, so by following the requirements of the PCI-DSS it can drastically limit their chances of success. PCI compliance isn’t going away, so it’s essential to ensure you know how to appropriately meet the guidelines.

Contact Key IVR for PCI compliant solutions that protect your customers’ sensitive payment data and descope your organisation’s network. Call 01302 513 000 or email sales@keyivr.com to discuss your requirements.

Is Pause and Resume Really Protecting Your Customers’ Data?

Organisations that accept card payments over the phone are recording calls for training and monitoring purposes, an obligation the Financial Conduct Authority (FCA) put in place to prevent, detect and deter market abuse. This becomes difficult for those wanting to achieve the Payment Card Industry Data Security Standard (PCI-DSS) which states that no sensitive card data can be recorded.

“But, I’m already PCI compliant, I use pause and resume call recording so my customers’ card details aren’t stored anywhere”

Many organisations believe “pause and resume” or “stop/start” call recording technology is a solution. The agent pauses the call recording at the point where the customer reads out their card details and resumes the recording afterward. The end result is a recording with the payment portion and sensitive information removed.

 

Pause and Resume Through Manual Intervention isn’t Compliant

The PCI-DSS guidelines stipulate that sensitive card data is removed from call recordings automatically, without the need for an agent or other members of staff to intervene.

 

Your Staff Are Responsible for Pausing the Recording

If an agent is able to pause the recording, it allows them to say something to the customer off-record. This isn’t compliant and can cause serious customer service issues. Additionally, the agent could forget to pause the recording before taking payment, putting the particular customer at risk and defeating the point of having a solution in place.

 

Card Details Can Still Be Heard by an Agent

Even with call recording paused, agents can still hear sensitive card details. They could potentially write them down and use or share them for malicious purposes, or simply leave them exposed on their desk for others to see.

 

Information Can Be Missed

Similarly to agents speaking off-record, a customer can mention something important that isn’t captured in a call recording for future use. Especially relevant if the transaction has just taken place and the agent forgets to resume recording.

 

Cost and Time of Maintaining

In order to follow the FCA rules related to call recording, the audio files would need to be maintained and monitored regularly to ensure it is only the sensitive card data that agents are excluding from the call. A timely and costly process for any organisation.

 

The Correct, Complete and Compliant Solution

With an Agent Assisted Payments Solution from Key IVR, the customer still uses their keypad to enter payment details but Twin Clamp Technology DMTF suppression is applied to the keypad presses, ensuring no sensitive information enters the Contact Centre payment system and isn’t present on the call-recording, allowing them to record the entire call.

It’s still easy for a customer to make a payment when on the phone with an agent. At the point of taking payment an agent simply asks a customer to enter their card details onto their phone keypad, the agent stays on the phone to communicate to the customer and assist them with the payment process via a live webpage. Improving customer experience and increasing payment conversion without the need to rely on an agent to pause the call, removing the risk of human error.

Talk to Key IVR and let us help you reduce serious security risks within your Contact Centre with our PCI-DSS compliant solutions. We work in partnership and integrate with a wide range of payment providers and suppliers with the aim to design a solution that meets your individual business requirements.

 

Find out more about our services:

Alternatively, please contact us on 01302 513 000 or email sales@keyivr.com to discuss your requirements.

Key IVR Secures a Multi-Year Partnership with UK Charity, Marie Curie


Key IVR are pleased to announce a new partnership with Marie Curie, the UK’s leading charity for people living with any terminal illness and their families. The charity helps people make the most of the time they have together by delivering expert hands-on care, emotional support, research and guidance.

Key IVR will work with Marie Curie to ensure credit and debit card donations made over the phone are processed securely, thanks to a new Agent Assisted Payments Service. The DTMF suppressed payments solution will channel contact centre calls through a robust PCI-DSS Level 1 version 4.0 compliant platform.

Sophie Chan, Key IVR Account Manager said:

“Marie Curie has a long history of being an invaluable source of support for many people, and their trust in our service is a testament to Key IVR being an industry leader that continues to set the benchmark for secure and intelligent payment systems.”

Marie Curie will benefit from the secure payments platform, taking donations on the phone from their supporters in a convenient and compliant manner. The staff accepting the payments will be able to stay in full conversation with the supporter throughout the donation to ensure payment is successful and to thank the caller for their generous donation.

As the card details are entered via the phone keypad, the service hides the sensitive information on the staff member’s screen and as there are no card details spoken out loud calls can be recorded with minimum security risk. To ensure a smooth transition to the new system, Key IVR Account Managers will be delivering on-site training and face-to-face consultation with all staff.

Key IVR looks forward to working closely with Marie Curie and supporting them in the tireless work they do in providing excellent care to those in need.

Find out more about Marie Curie.
Find out more about Agent Assisted Payments.