Overview

This workflow object prompts for entry of sensitive credit card data, then passes that data (and potentially other campaign-specific or contact-specific data) to an external module. 

The external module packages up the required data and sends it to a payment gateway for validation and approval.

Typically, the payment gateway will return a success/failure indication, and, if payment is approved, an authorisation code which is passed back via the external module to the Process Payment object.

1. An example scenario

In order to process a payment for service, the caller is requested to enter, via the keypad on their phone, their credit card number, which is subjected to a Luhn check. When a valid number has been entered, the card expiry date and CVV are requested. These values are parcelled and transmitted to the external payment processing gateway. A result (payment successful/unsuccessful) code is returned and is saved to the database.

 2. Add Workflow Object

  1. Open the Workspace.

  2. Select Workflows from the Resources menu.

  3. Select a workflow from the list displayed (you can also create a new one).

  4. Click the Preview icon next to your selected workflow. A schematic representation of the workflow is displayed.

  5. Click the Add New Object icon  The New Workflow Object dialog opens.

  6. Select Process Payment from the drop-down selection list.

When you include Process Payment in your automated workflow, enter the following details

Field

What you should do

Workflow Object Title

Enter a meaningful name for your new object.

Data Label

Enter the textual label that will be saved in the record of this object's execution in the ivr_activities table.

Maximum Data Entry Retries

Enter the number of times the user will be prompted for data entry, in the event that no data is entered, or the data entered is invalid.

Request CVV

Select whether or not the user will be asked to enter their CVV ("Card Verification Value"). Since this is the most sensitive item of verification data, it should not be requested unless it is absolutely required.

Enable Luhn Check

Most credit card numbers use the last digit as a check digit, which is calculated using the Luhn Check algorithm. This enables an initial, quick check of the validity of a credit card number to be performed.

Enter Card Number Prompt

Select the soundfile that will be played to prompt for entry of the credit card number.

Invalid Card Number Message

Select the soundfile that will be played if the user enters an invalid credit card number.

Enter Expiry Date Prompt

Select the soundfile that will be played to prompt for entry of the credit card's expiry date.

Invalid Expiry Date Message

Select the soundfile that will be played if the user enters an invalid credit card expiry date.

Enter CVV Prompt

Select the soundfile that will be played to prompt for entry of the CVV (not relevant if the "Request CVV" check box is not checked).

Invalid CVV Message

Select the soundfile that will be played if the user enters an invalid CVV (not relevant if the "Request CVV" check box is not checked).

Module Name

Enter the name of the module that contains the function that will be called by this object, as advised by the developer of the module. The module must contain one or more callable functions.

Function Name

Enter the name of the API method as advised by the person who has developed the module.

Request Data

Enter the text string defining the variables/text that will be passed to the external function. Fields must be separated from each other by commas. The following types of variable/text are allowed:

Campaign Data Field Variable

The field is taken from the user-defined camapign contacts or activities data table. 

Syntax: %campaign:fieldname%

IVR Digit Capture Variable

The field is the data label of a digit capture object.

Syntax: %ivr:labelname%

Result of an External Call Function Variable

One of the data fields returned by a previous "Call External Function" object.

Syntax: %result:fieldname%

Activity Table Data Field

One of the system-defined data fields that holds details of the call itself. The full set of data fields that can be accessed are listed at Read Only Activity Data Fields. 

Syntax: %activities:fieldname%

Text

Fixed string

Reply Data

Enter the text string defining the variables that will be passed back by the external function. These variables will be inserted in the appropriate database tables based on their variable types. Variables must be separated from each other by commas. There are 3 allowable types of variable:

Campaign Data Field Variable

The result will be written to the relevant campaign contacts or activities data table.

Syntax: %campaign:fieldname%

IVR Variable

The result will be written to the relevant field in the ivr_activities table.

Syntax: %ivr:fieldname%

Result Variable

The result will be written to the relevant field in the integration_ivrdata_results table.

Syntax: %result:fieldname%

Click Save to keep your new object and to return to the Workflow Builder.


3. What is the Payment Card Industry (PCI) Data Security Standard (DSS)?

PCI DSS is a set of comprehensive requirements for enhancing payment account data security established by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International. It was developed to help the broad adoption of consistent data security measures on a global basis. All merchants that process, store, or transmit payment card information for American Express, Discover, JCB, MasterCard, or Visa are required to be PCI DSS compliant.

How does the Process Payment workflow object assist a contact centre to comply with PCI DSS?

  • The Cloud Contact Centre doesn't store digital call recordings that include sensitive credit card information.

  • Where the agent needs to collect the credit card information, the call is transferred to a workflow that uses the Process Payment object.

  • The CVV value and Expiry date value collected from the contact are never stored in the database.

  • The Card Number value collected from the contact is masked when it is stored in the database, so only the last four digits are present (e.g. xxxx xxxx xxxx 1234)

 

Notes

Description

1

See Payment Card Industry (PCI), Data Security Standard for the full text of PCI DSS, and Maintaining Payment Security for an explanation of how PCI DSS could be applied.