Genesys Cloud - Main

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------

Hi Michael,

I have set this up before.

This is not something I can really share a flow for. It depends on what payment processor you are using and whether or not you are trying to access their API directly or through your own proxy service. Regardless, you will need to setup data actions to match the API requirements and then call those actions from your flow. I'd recommend using a secure flow. Other than the data actions, the rest of the flow is pretty straight forward. You have to add data inputs for the information required by the API, such as card number, expiration date, CVV, and zip code.

You may want to also look at turning on PCI compliance for your org as well.

Thank you,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC
------------------------------

Original Message:
Sent: 04-06-2020 14:34
From: Michael McQuaid
Subject: Credit Card Payments

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------

Thanks Michael,
While the technical integration is straight forward using the Payment Gateway System APIs to build a payment IVR inside the secure IVR, I wonder how customers security teams view this. Do your security teams stamp such solution as PCI DSS compliant even if turning on PCI compliance is in fact only hiding DTMF and stopping recording only? PCI DSS compliance is more an end2 end certification and am not sure (or wondering if) that security teams agree on stamping this as PCI DSS compliant. I'd be very much interested in the feedback of customers (specifically Security teams) using this feature.
Thanks
Hichem

------------------------------
Hichem Agrebi
Orange SA
------------------------------

Original Message:
Sent: 04-06-2020 19:34
From: Daniel McLeod
Subject: Credit Card Payments

Hi Michael,

I have set this up before.

This is not something I can really share a flow for. It depends on what payment processor you are using and whether or not you are trying to access their API directly or through your own proxy service. Regardless, you will need to setup data actions to match the API requirements and then call those actions from your flow. I'd recommend using a secure flow. Other than the data actions, the rest of the flow is pretty straight forward. You have to add data inputs for the information required by the API, such as card number, expiration date, CVV, and zip code.

You may want to also look at turning on PCI compliance for your org as well.

Thank you,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC

Original Message:
Sent: 04-06-2020 14:34
From: Michael McQuaid
Subject: Credit Card Payments

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------

Hi Hichem,

I can't speak for any customers security teams and I'm not a compliance expert by any means, so I can only offer my opinion and experience in configuring such call flows. If you are communicating directly with the payment processor and not a proxy, use secure flows and turn on PCI CSS for your org, and don't store any of the data elsewhere, then you limit the possibility of any sensitive data being stored. This would depend on you're environment though. If you are using PureCloud Voice, you have no control or visibility of gateways, SBCs, or any other equipment that could potentially store data. If you use on prem edges and your own carriers and equipment, there would be additional configuration required to ensure no data is being collected from the edge out to the PSTN.

Thanks,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC
------------------------------

Original Message:
Sent: 04-07-2020 04:29
From: Hichem Agrebi
Subject: Credit Card Payments

Thanks Michael,
While the technical integration is straight forward using the Payment Gateway System APIs to build a payment IVR inside the secure IVR, I wonder how customers security teams view this. Do your security teams stamp such solution as PCI DSS compliant even if turning on PCI compliance is in fact only hiding DTMF and stopping recording only? PCI DSS compliance is more an end2 end certification and am not sure (or wondering if) that security teams agree on stamping this as PCI DSS compliant. I'd be very much interested in the feedback of customers (specifically Security teams) using this feature.
Thanks
Hichem

------------------------------
Hichem Agrebi
Orange SA

Original Message:
Sent: 04-06-2020 19:34
From: Daniel McLeod
Subject: Credit Card Payments

Hi Michael,

I have set this up before.

This is not something I can really share a flow for. It depends on what payment processor you are using and whether or not you are trying to access their API directly or through your own proxy service. Regardless, you will need to setup data actions to match the API requirements and then call those actions from your flow. I'd recommend using a secure flow. Other than the data actions, the rest of the flow is pretty straight forward. You have to add data inputs for the information required by the API, such as card number, expiration date, CVV, and zip code.

You may want to also look at turning on PCI compliance for your org as well.

Thank you,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC

Original Message:
Sent: 04-06-2020 14:34
From: Michael McQuaid
Subject: Credit Card Payments

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------

Hi Daniel, sorry to jump on this thread, but I'm setting this up now and getting stuck in that the Data Action is set with the card number to be an Integer, but Architect is having a problem with that in that the card number is too long.  What's the correct way of handling that?

Mind if I also ask how you've approached the confirmation of what a customer has entered?  I'm thinking of using collect input but NOT using the validation option, instead having a small loop there to play back the entered variable and then give another collect input - 1=yes 2=no type thing.

------------------------------
Vaun McCarthy
NTT New Zealand Limited
------------------------------

Original Message:
Sent: 04-06-2020 19:34
From: Daniel McLeod
Subject: Credit Card Payments

Hi Michael,

I have set this up before.

This is not something I can really share a flow for. It depends on what payment processor you are using and whether or not you are trying to access their API directly or through your own proxy service. Regardless, you will need to setup data actions to match the API requirements and then call those actions from your flow. I'd recommend using a secure flow. Other than the data actions, the rest of the flow is pretty straight forward. You have to add data inputs for the information required by the API, such as card number, expiration date, CVV, and zip code.

You may want to also look at turning on PCI compliance for your org as well.

Thank you,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC

Original Message:
Sent: 04-06-2020 14:34
From: Michael McQuaid
Subject: Credit Card Payments

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------

Hi Vaun,

A credit card number should NOT be of the type integer. The integer type does not support numbers that large and cannot start with zeros. Just make it a string.

For confirmation, I've done it both ways in general flows. For this particular scenario, it can be a difficult decision as to whether you actually include confirmation, since you would be playing back sensitive information (make sure it's a secure flow and not recorded on any equipment upstream). If you decide to include it, I'm not sure there is any benefit to separating the confirmation out instead of using the built in validation.

Please let me know if you have any follow up questions.

Thanks,

------------------------------
Daniel McLeod
Qsect LLC
------------------------------

Original Message:
Sent: 08-15-2020 04:54
From: Vaun McCarthy
Subject: Credit Card Payments

Hi Daniel, sorry to jump on this thread, but I'm setting this up now and getting stuck in that the Data Action is set with the card number to be an Integer, but Architect is having a problem with that in that the card number is too long.  What's the correct way of handling that?

Mind if I also ask how you've approached the confirmation of what a customer has entered?  I'm thinking of using collect input but NOT using the validation option, instead having a small loop there to play back the entered variable and then give another collect input - 1=yes 2=no type thing.

------------------------------
Vaun McCarthy
NTT New Zealand Limited

Original Message:
Sent: 04-06-2020 19:34
From: Daniel McLeod
Subject: Credit Card Payments

Hi Michael,

I have set this up before.

This is not something I can really share a flow for. It depends on what payment processor you are using and whether or not you are trying to access their API directly or through your own proxy service. Regardless, you will need to setup data actions to match the API requirements and then call those actions from your flow. I'd recommend using a secure flow. Other than the data actions, the rest of the flow is pretty straight forward. You have to add data inputs for the information required by the API, such as card number, expiration date, CVV, and zip code.

You may want to also look at turning on PCI compliance for your org as well.

Thank you,
Daniel McLeod

------------------------------
Daniel McLeod
Qsect LLC

Original Message:
Sent: 04-06-2020 14:34
From: Michael McQuaid
Subject: Credit Card Payments

HAs anyone sucessfully set this up in PureCloud yet? If so, any way you could share your call flow (with sensitive data redacted) We are looking to get this rolled out ASAP, typically I like to figure these things out on my own, but time is of the essence, so any help would be great.  THanks!
#Telephony

------------------------------
Michael McQuaid
AdaptHealth LLC
------------------------------