Take Sensitive Data in IVR(PCI data - Card number, CVV, Expiry, etc)

Updated 

6 months ago

Sprinklr IVR provides us the ability to take inputs from the customer and cater to their queries when they reach out to brands on voice as a medium. In this article we will learn about how PCI inputs works in IVR

What is PCI compliance?

PCI Compliance refers to adherence to a set of security standards created by the Payment Card Industry Data Security Standard (PCI DSS) Council for companies that accept, process, store or transmit credit card information. Developing these standards aims to protect sensitive cardholder data from theft or compromise.

Why is it important?

Being PCI compliant is essential to protecting customers' sensitive financial information and ensuring that the company can maintain trust with its customers. Further, non-compliance can result in damage to a company's reputation along with hefty fines and penalties

Business use case 

  1. Brand wants to take full card number (PCI Input) in IVR and want to ensure that this value is not accessible in workflows to ensure data safety

  2. Brands want to take input from customers with their DOB (PII input), but brands don’t want that data to be visible to Agents.

PCI compliance is used in a variety of industries and situations where sensitive payment information is collected stored, or transmitted. Some common use cases include

  • Online Retail - E-commerce must comply with PCI standards in order to accept credit card payments online

  • Banking - Banking need to securly collect credit card number in order to authenticate the customer or processing payment

  • Healthcare - Healthcare providers need to securely collect a customer's insurance details, membership id, credit card information etc for services or products provided by them

  • Government - Government agencies that accept credit card payment for services or fines may be required to comply with PCI standards

  • Education - Educational institutions that accept credit card payments for tuition, fees and other charges must comply with PCI standards

It is important to note that any organization that accepts, processes or stored credit card information must comply with the PCI DSS regardless of their size or the number of transactions they process

Solution 

Sprinklr offers a secure input feature that allows brand to protect sensitive customer information. Brands can take two types of sensitive date-

  1. PCI input is used to handle customer information that falls under Payment Card Industry (PCI) compliance requirements. When selected, the input will be retaineed in redis cache for the defined time in secure CDE(card holder enviornment). Access to this server is restricted, ensuring that the customer's sensitive data remains protected. 

  2. PII input is used for personal information that should not be accessible to users handling a customer's case. When selected in the "Gather customer" node in IVR, the input is masked in the UI, similar to PCI input. However, unlike PCI input, the data remains accessible in workflows. However, the user handling the case will not be able to access the data.

Configurations

In the IVR builder, User can configure the type of input in Gather Customer Response node to take input from the caller by enabling sensitive data checkbox. Once Sensitive data check box is marked, then you get two option to select the type of sensitive data i.e., PCI and PII data

Note: Sensitive data check box is accessible only when Number of input digits is more than 1.

When selecting PCI, you can define if the data will be accesible to agent or not- which can be used to show PCI sensitive data to user who is working on that case for the defined time. When you enable this, user working on the case will get option to unlock the data and then the data will be fetched directly from CDE and shown to the agent without coming to any backend database.

Sample Configration-

Note: The variable card_number in the above screenshot, will contain a random ID which will be shared by CDE.

Was this article helpful?

Related Articles

Loading...