SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

How to Set Up a PCI-Compliant Payment Workflow for Phone Payments Using Twilio

Objective

Businesses often need to collect payment information from customers over the phone. To protect sensitive cardholder data and comply with PCI DSS (Payment Card Industry Data Security Standard), it’s essential to ensure that card details are never stored in call recordings and are securely processed. Twilio offers solutions to help you build a PCI-compliant workflow for phone payments, including automatic pause/resume of call recordings and secure payment capture.

 

Product

Programmable Voice

 

Environment 

Twilio Console

 

Procedure

Key Features

  • PCI Mode: When enabled, Twilio redacts sensitive payment information from call recordings, ensuring compliance.
  • Automatic Pause/Resume Recording: Call recording is automatically paused when the customer enters card details and resumes after payment is processed.
  • Tokenization: Supports card-on-file use cases for repeat payments.
  • Programmable Voice Integration: Customize prompts and payment flows to fit your business needs.
  • Support for Major Credit Cards: Visa, Mastercard, and more.

 

Typical Workflow

  1. Agent Initiates Payment Flow: During a call, the agent triggers the payment workflow.
  2. Recording Pauses Automatically: When prompted for card details, Twilio pauses the call recording.
  3. Customer Enters Card Details: Input is securely captured via DTMF (keypad) or spoken input.
  4. Recording Resumes: After payment info is collected, recording resumes and the call continues.

 

Implementation Options

 

Compliance Notes

  • Enable PCI Mode: PCI Mode must be enabled in your Twilio Voice settings to ensure compliance.
  • Recording Retention: Recordings in PCI Mode are retained for one year by default.
  • Transcription: Native transcription is not available when PCI Mode is enabled.

 

Example TwiML Snippet

<Pay chargeAmount="99.99" validCardTypes="visa master-card" postalCode="false" maxAttempts="2" />

This snippet prompts the customer for payment, pauses recording during card entry, and resumes after.

 

Twilio provides robust tools to help you securely collect payments over the phone while maintaining PCI compliance. By leveraging Twilio Pay, Studio, and Flex, you can automate the pause/resume of call recordings and ensure sensitive data is never stored. For advanced needs, Twilio Professional Services are available to support your implementation. If you need assistance with implementation or custom development, Twilio Professional Services can help design and deploy a PCI-compliant payment workflow tailored to your business.

 

Additional Information

If you have questions or need further guidance, please reach out to your Twilio representative for personalized assistance.

 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk