Maintaining PCI DSS Compliance with Stripe and CTM
A lot of our users have been talking about data security lately. A large part of this is based on major events in the news; it seems like almost every week, another company reveals their users may have had sensitive information – like their credit card numbers – exposed to hackers. How can we ensure we’re not the next one? Well, the next best thing to securing data… is simply not collecting it to begin with.
That brings us to our integration with Stripe. When we first released this integration, we intended for it to be used by agency customers as a means of billing their subclients. However, the more we learned about Stripe and saw it in action, the more we wondered: how else could we utilize this powerful tool?
Many of our customers run businesses, and need to take payments over the phone – and, of course, anyone accepting credit card payments must be PCI (Payment Card Industry) compliant. Stripe maintains the highest standard of PCI DSS (Payment Card Industry Data Security Standard) compliance, so if a business owner simply uses Stripe to process payments, they don’t need to bother navigating the complex and expensive process of attaining PCI DSS compliance for themselves. We’re always trying to make it easier for our business-owning customers to succeed, so deepening our integration with Stripe seemed like a no-brainer.
After some hard work in our developer lab, we’ve recently made our dreams a reality! In this week’s Ask an Expert, we sat down with developer Jeremy Curcio to discuss the ecommerce software Stripe, and learn more about how it’s being utilized by our customers.
Jeremy, you’ve been working hard on this integration for the past few weeks. How does Stripe work on our platform now?
Well, it’s pretty cool! The new features in our Stripe integration are really useful for just about any customer who takes payments during phone calls. With the new integration tools, agents have a very simple way to take credit card information over the phone while automatically maintaining PCI DSS compliance. When a caller asks to make a payment, the agent can click on the credit card icon in their CallTrackingMetrics call log. Doing so will generate a pop-up that contains payment information fields, which – if the agent has enhanced caller ID enabled – may actually already be filled with the caller’s name and address. Now, as soon as that credit card icon is clicked, our software will instantly cease recording and transcribing the call. So, the credit card information spoken over the phone is entered by the agent and processed – but never actually collected by CallTrackingMetrics. The only record of that information is the Stripe payment ID, which our agent can refer back to if they need it later on.
Another pretty cool part of that process is the conversion score. While the payment information wasn’t recorded, the amount of the payment was. In fact, that call will have been marked as a conversion, and will have the dollar amount of that conversion recorded and ready to be generated into a revenue report!
Why was it so important for us to be able to automatically pause call recording and transcriptions?
Well, not only is PCI DSS compliance really important, but a lot of other regulations cover information security – like HIPAA, and GDPR. So many businesses are learning that they can’t just be casual about their collection of data anymore. And let’s be honest, taking credit cards over the phone while recording calls is a huge liability… anyone skilled enough to find that data could use it for nefarious purposes. By making these security measure automatic, we’re making it much easier to just focus on running your business.
Jeremy, what’s your favorite part of this Stripe update?
I love that the power of our Stripe integration is now accessible to just about every customer. This feature set that was once restricted to agency level users with sub accounts is now a really useful tool for anyone who takes payments over the phone.
Learn more about Stripe and how our software integrates with it.